iDRAC 8/7 v2.40.40.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Overview........................................................................................................................ 15 Benefits of using iDRAC with Lifecycle Controller............................................................................................................. 15 Key features......................................................................................................................................................................16 New in this release.......
3 Setting up managed system and management station...................................................38 Setting up iDRAC IP address............................................................................................................................................ 38 Setting up iDRAC IP using iDRAC settings utility........................................................................................................ 39 Setting up iDRAC IP using CMC web interface......................................
Importing server profile using RACADM..................................................................................................................... 76 Restore operation sequence....................................................................................................................................... 76 Monitoring iDRAC using other Systems Management tools..............................................................................................76 4 Configuring iDRAC...................
Uploading server certificate........................................................................................................................................94 Viewing server certificate...........................................................................................................................................95 Uploading custom signing certificate..........................................................................................................................
Enabling or disabling remote RACADM using web interface.......................................................................................119 Enabling or disabling remote RACADM using RACADM............................................................................................. 119 Disabling local RACADM.................................................................................................................................................. 119 Enabling IPMI on managed system................
Enabling or disabling alerts using web interface........................................................................................................ 152 Enabling or disabling alerts using RACADM...............................................................................................................153 Enabling or disabling alerts using iDRAC settings utility.............................................................................................153 Filtering alerts ............................
Setting warning threshold for power consumption using web interface.................................................................... 168 Executing power control operations................................................................................................................................168 Executing power control operations using web interface.......................................................................................... 168 Executing power control operations using RACADM..........
Converting a physical disk to RAID or non-RAID mode............................................................................................. 196 Managing virtual disks.................................................................................................................................................... 196 Creating virtual disks.................................................................................................................................................
Previewing virtual console.............................................................................................................................................. 224 Launching virtual console............................................................................................................................................... 224 Launching virtual console using web interface.........................................................................................................
Modifying a partition................................................................................................................................................ 247 Attaching or detaching partitions............................................................................................................................. 248 Deleting existing partitions.......................................................................................................................................
Configuring iDRAC Quick Sync settings using RACADM.......................................................................................... 274 Configuring iDRAC Quick Sync settings using iDRAC settings utility........................................................................ 274 Using mobile device to view iDRAC information..............................................................................................................274 22 Deploying operating systems..................................
Virtual console................................................................................................................................................................293 Virtual media.................................................................................................................................................................. 296 vFlash SD card...........................................................................................................................................
1 Overview The Integrated Dell Remote Access Controller (iDRAC) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server. iDRAC with Lifecycle Controller technology is part of a larger data center solution that helps keep business critical applications and workloads available always.
Key features The key features in iDRAC include: NOTE: Some of the features are available only with iDRAC Enterprise license. For information on the features available for a license, see Managing licenses. Inventory and Monitoring • View managed server health. • Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. • View and export system inventory. • View sensor information such as temperature, voltage, and intrusion.
* Configure controller properties. * Import or auto-import foreign configuration. * Clear foreign configuration. * Reset controller configuration. * Create or change security keys. – PCIe SSD devices: * Inventory and remotely monitor the health of PCIe SSD devices in the server. * Prepare the PCIe SSD to be removed. * Securely erase the data. – Set the backplane mode (unified or split mode). – Blink or unblink component LEDs.
– Manual — Using OS Collector tool. Dell Best Practices regarding iDRAC • iDRACs are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the internet. Doing so could expose the connected system to security and other risks for which Dell is not responsible.
How to use this user's guide The contents of this User's Guide enable you to perform the tasks by using: • iDRAC web interface — Only the task-related information is provided here. For information about the fields and options, see the iDRAC Online Help that you can access from the web interface. • RACADM — The RACADM command or the object that you must use is provided here. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
NOTE: If you have purchased a system with all the licenses pre-installed, then license management is not required. You can perform the following licensing operations using iDRAC, RACADM, WS-MAN, and Lifecycle Controller-Remote Services for one-to-one license management, and Dell License Manager for one-to-many license management: • View — View the current license information.
The Licensing page displays the licenses that are associated to devices, or the licenses that are installed but the device is not present in the system. For more information on importing, exporting, deleting, or replacing a license, see the iDRAC Online Help. Managing licenses using RACADM To manage licenses using RACADM, use the license subcommand. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise Role-based authority Yes Yes Yes Yes Yes Yes Yes Yes Local users Yes Yes Yes Yes Yes Yes Yes Yes SSL encryption Yes Yes Yes Yes Yes Yes Yes Yes IP blocking No No No Yes No Yes No Yes Directory services (AD, LDAP) No No No No No No Yes Yes Two-factor authentication (smart card) No No No N
Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise Power thresholds and alerts (includes headroom) No No No Yes No Yes No Yes Real-time power graphing No No Yes Yes Yes Yes Yes Yes Historical power counters Yes No Yes Yes Yes Yes Yes Yes Power capping No No No No No No Yes Yes Power Center integration No No No No No No No Yes Temperature mon
Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise Out of Band Performance Monitoring No No No No No No No Yes Yes3 Yes Yes Yes Yes Yes Yes Yes Embedded update tools No Yes No Yes No Yes No Yes Sync with repository (scheduled updates) No No No No No No Yes Yes Auto-update No No No No No No No Yes No Yes No Yes No Yes No Yes Embedded No
Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise Embedded diagnostic tools Yes Yes Yes Yes Yes Yes Yes Yes Part Replacement No Yes Yes Yes Yes Yes Yes Yes Server Configuration Backup No No No No No No Yes Yes Server Configuration Restore No No No No No No Yes Yes Easy Restore (system configuration) No Yes No Yes No Yes No Yes Health LED /
Feature Basic iDRAC8 Manage Basic ment (iDRAC 7) iDRAC7 Express iDRAC8 Express iDRAC7 Express for Blades iDRAC8 Express for Blades iDRAC7 Enterprise iDRAC8 Enterprise License management No No Yes No Yes No Yes Yes [1] Requires vFlash SD card media. [2] 500 series and lower rack and tower servers require a hardware card to enable this feature; this hardware is offered at additional cost. [3] Remote agent-free update feature is available only using IPMI. [4] Available only using IPMI.
Interface or Protocol Description • Configure iDRAC static IP settings. For blade servers, the LCD is on the chassis front panel and is shared between all the blades. To reset iDRAC without rebooting the server, press and hold the System Identification button seconds.
Interface or Protocol Description For more information, see the following: • Lifecycle Controller-Remote Services User’s Guide available at dell.com/idracmanuals. • Lifecycle Controller Integration Best Practices Guide available at dell.com/support/manuals. • Lifecycle Controller page on Dell TechCenter — delltechcenter.com/page/Lifecycle+Controller • Lifecycle Controller WS-Management Script Center — delltechcenter.com/page/Scripting+the +Dell+Lifecycle+Controller • MOFs and Profiles — delltechcenter.
Port Number Function 445 Common Internet File System (CIFS) 636 LDAP Over SSL (LDAPS) 2049 Network File System (NFS) 123 Network Time Protocol (NTP) 3269 LDAPS for global catalog (GC) * Configurable port Other documents you may need In addition to this guide, the following documents available on the Dell Support website at dell.com/support/manuals provide additional information about the setup and operation of iDRAC in your system.
• The Getting Started Guide provides an overview of system features, setting up your system, and technical specifications. • The Owner’s Manual provides information about system features and describes how to troubleshoot the system and install or replace system components.
2 Logging in to iDRAC You can log in to iDRAC as an iDRAC user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name is root and the default password is calvin. You can also log in using Single Sign-On or Smart Card. NOTE: • You must have Login to iDRAC privilege to log in to iDRAC. • iDRAC GUI does not support browser buttons such as Back, Forward, or Refresh.
If the domain is not specified in the user name, select the Active Directory domain from the Domain drop-down menu. 5. For an LDAP user, in the Username and Password fields, enter your LDAP user name and password. Domain name is not required for LDAP login. By default, This iDRAC is selected in the drop-down menu. 6. Click Submit. You are logged in to iDRAC with the required user privileges.
Related links Enabling or disabling smart card login Configuring iDRAC smart card login for local users Logging in to iDRAC as an Active Directory user using a smart card Before you log in as an Active Directory user using Smart Card, make sure to: • Upload a Trusted Certificate Authority (CA) certificate (CA-signed Active Directory certificate) to iDRAC. • Configure the DNS server. • Enable Active Directory login. • Enable Smart Card login.
NOTE: If you use IP address instead of FQDN, SSO fails. iDRAC logs you in with appropriate Microsoft Active Directory privileges, using your credentials that were cached in the operating system when you logged in using a valid Active Directory account. Logging in to iDRAC SSO using CMC web interface Using the SSO feature, you can launch iDRAC web interface from CMC web interface. A CMC user has the CMC user privileges when launching iDRAC from CMC.
Accessing iDRAC using SMCLP SMCLP is the default command line prompt when you log in to iDRAC using Telnet or SSH. For more information, see Using SMCLP. Logging in to iDRAC using public key authentication You can log into the iDRAC over SSH without entering a password. You can also send a single RACADM command as a command line argument to the SSH application. The command line options behave similar to remote RACADM since the session ends after the command is completed.
A warning message is also displayed when you log in to iDRAC using SSH, Telnet, remote RACADM, or the Web interface. For Web interface, SSH, and Telnet, a single warning message is displayed for each session. For remote RACADM, the warning message is displayed for each command. NOTE: For information on recommended characters for user names and passwords, see Recommended characters in user names and passwords.
Enabling or disabling default password warning message using web interface To enable or disable the display of the default password warning message after logging in to iDRAC: 1. Go to Overview → iDRAC Settings → User Authentication → Local Users. The Users page is displayed. 2. In the Default Password Warning section, select Enable, and then click Apply to enable the display of the Default Password Warning page when you log in to iDRAC. Else, select Disable.
3 Setting up managed system and management station To perform out-of-band systems management using iDRAC, you must configure iDRAC for remote accessibility, set up the management station and managed system, and configure the supported web browsers. NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations. Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address.
After you configure iDRAC IP address: • Ensure that you change the default user name and password after setting up the iDRAC IP address. • Access iDRAC through any of the following interfaces: – iDRAC Web interface using a supported browser (Internet Explorer, Firefox, Chrome, or Safari) – Secure Shell (SSH) — Requires a client such as PuTTY on Windows. SSH is available by default in most of the Linux systems and hence does not require a client.
• Dedicated — Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC). This interface is not shared with the host operating system and routes the management traffic to a separate physical network, enabling it to be separated from the application traffic. This option implies that iDRAC's dedicated network port routes its traffic separately from the server's LOM or NIC ports.
NOTE: If you enable Auto Negotiation, this option is grayed-out. Common settings If network infrastructure has DNS server, register iDRAC on the DNS. These are the initial settings requirements for advanced features such as Directory services—–Active Directory or LDAP, Single Sign On, and smart card. To register iDRAC: 1. Enable Register DRAC on DNS. 2. Enter the DNS DRAC Name. 3. Select Auto Config Domain Name to automatically acquire domain name from DHCP. Else, provide the DNS Domain Name.
NOTE: On blade servers that are set as Chassis (Dedicated), the VLAN settings are read-only and can be changed only using CMC. If the server is set in shared mode, you can configure VLAN settings in shared mode in iDRAC. 1. Under Enable VLAN ID, select Enabled. 2. In the VLAN ID box, enter a valid number from 1 to 4094. 3. In the Priority box, enter a number from 0 to 7 to set the priority of the VLAN ID. NOTE: After enabling VLAN, the iDRAC IP is not accessible for some time.
To enable provisioning server using iDRAC Settings utility: 1. Turn on the managed system. 2. During POST, press F2, and go to iDRAC Settings → Remote Enablement. The iDRAC Settings Remote Enablement page is displayed. 3. Enable auto-discovery, enter the provisioning server IP address, and click Back. NOTE: Specifying the provisioning server IP is optional. If it is not set, it is discovered using DHCP or DNS settings (step 7). 4. Click Network. The iDRAC Settings Network page is displayed. 5.
2. -config.xml — If a filename is not specified in DHCP option 60, use the system Service Tag to uniquely identify the SCP file for the system. For example, CDVH7R1-config.xml 3. -config.xml — If the option 60 filename is not specified and the -config.xml file is not found, use the system model number as the basis for the SCP file name to use. For example, R520-config.xml. 4. config.
Related links Configuring option 43 on Windows Configuring option 60 on Windows Configuring option 43 and option 60 on Linux Configuring option 43 on Windows To configure option 43 on Windows: 1. On the DHCP server, go to Start → Administration Tools → DHCP to open the DHCP server administration tool. 2. Find the server and expand all items under it. 3. Right-click on Scope Options and select Configure Options. The Scope Options dialog box is displayed. 4.
NOTE: For more information on file naming rules, see Configuring servers and server components using Auto Config. • Sharename (-n) — Indicates the name of the network share. • ShareType (-s) — Indicates the share type. 0 indicates NFS and 2 indicates CIFS. • IPAddress (-i) — Indicates the IP address of the file share. NOTE: Sharename (-n), ShareType (-s), and IPAddress (-i) are required attributes that must be passed. • Username (-u) — Indicates the user name required to access the network share.
NOTE: Sharename (-n), ShareType (-s), and IPAddress (-i) are required attributes that must be passed. • Username (-u) — Indicates the user name required to access the network share. This information is required only for CIFS. • Password (-p) — Indicates the password required to access the network share. This information is required only for CIFS. NOTE: Example for Linux NFS and CIFS share: – NFS: -f system_config.xml -i 192.168.0.130 -n /nfs -s 0 -d 0 -t 500 – CIFS: -f system_config.xml -i 192.168.0.
The network page automatically refreshes. Enabling Auto Config using RACADM To enable Auto Config feature using RACADM, use the iDRAC.NIC.AutoConfig object. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. For more information on the Auto Config feature, see the Zero-Touch Bare Metal Server Provisioning using Dell iDRAC with Lifecycle Controller Auto Config white paper available at the delltechcenter.com/idrac.
When importing server configuration profile, you can uncomment the existing password attribute or the new password hash attribute(s). If both are uncommented an error is generated and the password is not set. A commented attribute is not applied during an import. Generating hash password without SNMPv3 and IPMI authentication To generate hash password without SNMPv3 and IPMI authentication: 1. For iDRAC user accounts, you must salt the password using SHA256.
Setting up managed system If you need to run local RACADM or enable Last Crash Screen capture, install the following from the Dell Systems Management Tools and Documentation DVD: • Local RACADM • Server Administrator For more information about Server Administrator, see Dell OpenManage Server Administrator User’s Guide available at dell.com/ support/manuals.
The details are saved. Optimizing system performance and power consumption The power required to cool a server can contribute a significant amount to the overall system power. Thermal control is the active management of system cooling through fan speed and system power management to make sure that the system is reliable while minimizing system power consumption, airflow, and system acoustic output.
– Max Fan Speed — Drives fan speeds to full speed. – Off — Fan speed offset is set to off. This is the default value. When set to off, the percentage does not display. The default fan speed is applied with no offset. Conversely, the maximum setting will result in all fans running at maximum speed. The fan speed offset is dynamic and based on the system. The fan speed increase for each offset is displayed next to each option. The fan speed offset increases all fan speeds by the same percentage.
Object Description Usage Example • • • The output is: AirExhaustTemp=70 3 — Indicates 55°C 4 — Indicates 60°C 255 — Indicates 70°C (default) This output indicates that the system is set to limit the air exhaust temperature to 70°C. To set the exhaust temperature limit to 60°C: racadm set system.thermalsetting s.AirExhaustTemp 4 The output is: Object value modified successfully.
Object Description Usage Example High (66% PWM) over the baseline fan speed racadm set system.thermalsetting s FanSpeedOffset 1 FanSpeedLowOffsetVal • • • FanSpeedMaxOffsetVal • • • FanSpeedMediumOffsetV al • • • FanSpeedOffset • • • 54 Getting this variable reads the fan speed offset value in %PWM for Low Fan Speed Offset setting. This value depends on the system. Use FanSpeedOffset object to set this value using index value 0. Values from 0-100 racadm get system.
Object Description Usage To set the fan speed offset to High value (as defined in FanSpeedHighOffsetVal) the FanSpeedLowOffsetVa l, FanSpeedMaxOffsetVa l, FanSpeedHighOffsetV al, and FanSpeedMediumOffse tVal objects (defined earlier) are the values at which the offsets are applied. MFSMaximumLimit Read Maximum limit for MFS Example racadm set system.thermalsetting s.FanSpeedOffset 1 Values from 1 — 100 To display the highest value that can be set using MinimumFanSpeed option: racadm get system.
Object Description Usage Example message ID PCI3018 in the Lifecycle Controller log. Modifying thermal settings using iDRAC settings utility To modify the thermal settings: 1. In the iDRAC Settings utility, go to Thermal. The iDRAC Settings Thermal page is displayed. 2. Specify the following: • Thermal Profile • Maximum Exhaust Temperature Limit • Fan Speed Offset • Minimum Fan Speed For information about the fields, see the Modifying thermal settings using web interface.
Resetting Internet Explorer security settings Ensure that Internet Explorer (IE) settings are set to Microsoft-recommended defaults and customize the settings as described in this section. 1. Open IE as an administrator or using an administrator account. 2. Click Tools Internet Options Security Local Network or Local intranet. 3. Click Custom Level , select Medium-Low, and click Reset. Click OK to confirm.
4. In the Preferences Name column, locate xpinstall.enabled. Make sure that Value is true. If not, double-click xpinstall.enabled to set Value to true. Configuring Firefox to enable Active Directory SSO To configure the browser settings for Firefox: 1. In Firefox address bar, enter about:config. 2. In Filter, enter network.negotiate. 3. Add the domain name to network.negotiate-auth.trusted-uris (using comma separated list.) 4. Add the domain name to network.negotiate-auth.
• 3. Direct HTML5 virtual console in IE using an IPv6 address, modify the IPv6 address as follows: https://[fe80::d267:e5ff:fef4:2fe9]/console to https://fe80--d267-e5fffef4-2fe9.ipv6-literal.net/console To display the Title Bar information in IE, go to Control Panel → Appearance and Personalization → Personalization → Window Classic Configuring the web browser to use Java plug-in Install a Java Runtime Environment (JRE) if you are using Firefox or IE and want to use the Java Viewer.
NOTE: • The varying versions of Internet Explorer share Internet Options. Therefore, after you add the server to the list of trusted sites for one browser the other browser uses the same setting. • Before installing the ActiveX control, Internet Explorer may display a security warning. To complete the ActiveX control installation procedure, accept the ActiveX control when Internet Explorer prompts you with a security warning.
5. Click Close and then click OK. The Java Control Panel window closes. Importing CA certificate to ActiveX trusted certificate store You must use the OpenSSL command line tool to create the certificate Hash using Secure Hash Algorithm (SHA). It is recommended to use OpenSSL tool 1.0.x and later since it uses SHA by default. The CA certificate must be in Base64 encoded PEM format. This is one-time process to import each CA certificate.
• OS Collector CAUTION: The PSU firmware update may take several minutes depending on the system configuration and PSU model. To avoid damaging the PSU, do not interrupt the update process or power on the system during PSU firmware update. You must upload the required firmware to iDRAC. After the upload is complete, the current version of the firmware installed on the device and the version being applied is displayed. If the firmware being uploaded is not valid, an error message is displayed.
NOTE: When multiple firmware updates are applied through out-of-band methods, the updates are ordered in the most efficient possible manner to reduce unnecessary system restart. Table 10.
Related links Updating single device firmware Updating firmware using repository Updating firmware using FTP, TFTP, or HTTP Updating device firmware using RACADM Scheduling automatic firmware updates Updating firmware using CMC web interface Updating firmware using DUP Updating firmware using remote RACADM Updating firmware using Lifecycle Controller Remote Services Updating firmware using iDRAC web interface You can update the device firmware using firmware images available on the local system, from a rep
• A custom repository NOTE: For more information about DRM, see delltechcenter.com/repositorymanager. NOTE: Lifecycle Controller must be enabled and you must have Server Control privilege to update firmware for devices other than iDRAC. To update device firmware using a repository: 1. In the iDRAC web interface, go to Overview → iDRAC Settings → Update and Rollback. The Firmware Update page is displayed. 2. On the Update tab, select Network Share as the File Location. 3.
NOTE: Updates that are unsupported or not applicable to the system or installed hardware are not included in the comparison report. 6. Select the required updates and do one of the following: • For firmware images that do not require a host system reboot, click Install. For example, .d7 firmware file. • For firmware images that require a host system reboot, click Install and Reboot or Install Next Reboot. • To cancel the firmware update, click Cancel.
NOTE: Do not create the next scheduled occurrence of an automatic update job if a job is already Scheduled. It overwrites the current scheduled job. 1. In the iDRAC web interface, go to Overview → iDRAC Settings → Update and Rollback. The Firmware Update page is displayed. 2. Click the Automatic Update tab. 3. Select the Enable Automatic Update option. 4. Select any of the following options to specify if a system reboot is required after the updates are staged: • 5.
Updating firmware using CMC web interface You can update iDRAC firmware for blade servers using the CMC Web interface. To update iDRAC firmware using the CMC Web interface: 1. Log in to CMC Web interface. 2. Go to Server → Overview → . The Server Status page is displayed. 3. Click Launch iDRAC Web interface and perform iDRAC Firmware Update.
Updating firmware using Lifecycle Controller Remote Services For information to update the firmware using Lifecycle Controller–Remote Services, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/idracmanuals. Updating CMC firmware from iDRAC In the PowerEdge FX2/FX2s chassis, you can update the firmware for the Chassis Management Controller and any component that can be updated by CMC and shared by the servers from iDRAC.
You must have Server Control privilege to delete jobs. Viewing and managing staged updates using RACADM To view the staged updates using RACADM, use jobqueue sub-command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Rolling back device firmware You can roll back the firmware for iDRAC or any device that Lifecycle Controller supports, even if the upgrade was previously performed using another interface.
Related links Rollback firmware using iDRAC web interface Rollback firmware using CMC web interface Rollback firmware using RACADM Rollback firmware using Lifecycle Controller Rollback firmware using Lifecycle Controller-Remote Services Rollback firmware using iDRAC web interface To roll back device firmware: 1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Update and Rollback → Rollback. The Rollback page displays the devices for which you can rollback the firmware.
Rollback firmware using Lifecycle Controller For information, see Lifecycle Controller User’s Guide available at dell.com/idracmanuals. Rollback firmware using Lifecycle Controller-Remote Services For information, see Lifecycle Controller Remote Services Quick Start Guide available at dell.com/idracmanuals. Recovering iDRAC iDRAC supports two operating system images to make sure a bootable iDRAC.
– vFlash SD card is inserted, enabled, and initialized. – vFlash SD card has at least 100 MB free space to store the backup file. The backup file contains encrypted user sensitive data, configuration information, and firmware images that you can use for import server profile operation. Backup events are recorded in the Lifecycle Log.
The Backup and Export Server Profile page is displayed. 2. Click the Automatic Backup tab. 3. Select the Enable Automatic Backup option. 4. Select one of the following to save the backup file image: • Network to save the backup file image on a CIFS or NFS share. 5. • vFlash to save the backup file image on the vFlash card. Enter the backup file name and encryption passphrase (optional). 6. If Network is selected as the file location, enter the network settings.
Before performing an import operation, make sure that Lifecycle Controller is enabled. If Lifecycle Controller is disabled, and if you initiate the import operation, the following message is displayed: Lifecycle Controller is not enabled, cannot create Configuration job. When the import is in-progress, if you initiate an import operation again, the following error message is displayed: Restore is already running Import events are recorded in the Lifecycle Log.
• 6. Delete and Replace - Deletes and replaces the RAID level, virtual disk, controller attributes, and hard disk configuration information in the system with the data from the backup image file. Click Import. The import server profile operation is initiated. Importing server profile using RACADM To import the server profile using RACADM, use the systemconfig restore command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
4 Configuring iDRAC iDRAC enables you to configure iDRAC properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC, make sure that the iDRAC network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC, see Managing licenses.
Related links Logging in to iDRAC Modifying network settings Configuring services Configuring front panel display Setting up managed system location Configuring time zone and NTP Setting up iDRAC communication Configuring user accounts and privileges Monitoring and managing power Enabling last crash screen Configuring and using virtual console Managing virtual media Managing vFlash SD card Setting first boot device Enabling or disabling OS to iDRAC Pass-through Configuring iDRAC to send alerts Viewing iDRA
Modifying network settings using web interface To modify the iDRAC network settings: 1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network. The Network page is displayed. 2. Specify the network settings, common settings, IPv4, IPv6, IPMI, and/or VLAN settings as per your requirement and click Apply.
Configure IP filtering using iDRAC web interface You must have Configure privilege to perform these steps. To configure IP filtering: 1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network → Network. The Network page is displayed. 2. Click Advanced Settings. The Network Security page is displayed. 3. Specify the IP filtering settings. For more information about the options, see iDRAC Online Help. 4. Click Apply to save the settings.
Difference between FIPS-mode supported and FIPS-validated Software that has been validated by completing the Cryptographic Module Validation Program is referred to as FIPS-validated. Because of the time it takes to complete FIPS-validation, not all versions of iDRAC are validated. For information about the latest status of FIPS-validation for iDRAC, see the Cryptographic Module Validation Program page on the NIST website.
Configuring services using web interface To configure the services using iDRAC Web interface: 1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → Services. The Services page is displayed. 2. Specify the required information and click Apply. For information about the various settings, see the iDRAC Online Help. NOTE: Do not select the Prevent this page from creating additional dialogs check-box. Selecting this option prevents you from configuring services.
NOTE: To ensure a secure connection, Dell recommends using TLS 1.1 and higher. Configuring TLS using web interface 1. Go to Overview → iDRAC Settings → Network. 2. Click the Services tab and then click Web Server. 3. In the TLS Protocol drop-down, select the TLS version and click Apply. Configuring TLS using RACADM To check the version of TLS configured: racadm get idrac.webserver.tlsprotocol To set the version of TLS: racadm set idrac.webserver.tlsprotocol TLS 1.0 and Higher TLS 1.
The Services page is displayed. 2. In the VNC Server section, enable the VNC server, specify the password, port number, and enable or disable SSL encryption. For information about the fields, see the iDRAC Online Help. 3. Click Apply. The VNC server is configured. Configuring VNC server using RACADM To configure the VNC server, use the set command with the objects in VNCserver. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Configuring LCD setting You can set and display a default string such as iDRAC name, IP, and so on or a user-defined string on the LCD front panel of the managed system. Configuring LCD setting using web interface To configure the server LCD front panel display: 1. In iDRAC Web interface, go to Overview → Hardware → Front Panel. 2.
Configuring system ID LED setting To identify a server, enable or disable System ID LED blinking on the managed system. Configuring system ID LED setting using web interface To configure the System ID LED display: 1. In iDRAC Web interface, go to Overview → Hardware → Front Panel. The Front Panel page is displayed. 2. In System ID LED Settings section, select any of the following options to enable or disable LED blinking: 3.
• PXE • BIOS Setup • Local Floppy/Primary Removable Media • Local CD/DVD • Hard Drive • Virtual Floppy • Virtual CD/DVD/ISO • Local SD Card • vFlash • Lifecycle Controller • BIOS Boot Manager • UEFI Device Path NOTE: • BIOS Setup (F2), Lifecycle Controller (F10), and BIOS Boot Manager (F11) cannot be set as permanent boot device. • The first boot device setting in iDRAC Web Interface overrides the System BIOS boot settings.
NOTE: For information about Server Administrator, see the Dell OpenManage Server Administrator Installation Guide at dell.com/support/manuals. For information about iSM, see Using iDRAC Service Module. 1. From the Dell Systems Management Tools and Documentation DVD or from the Dell Support website, install Server Administrator or iDRAC Service Module (iSM) on the managed system. 2. In the Windows startup and recovery window, make sure that the automatic reboot option is not selected.
• The iDRAC dedicated NIC cable is connected properly. • At least one LOM is active. NOTE: Use the default IP address. Ensure that the IP address of the USB NIC interface is not in the same network subnet as the iDRAC or host OS IP addresses. If this IP address conflicts with an IP address of other interfaces of the host system or the local network, you must change it. NOTE: Do not use 169.254.0.3 and 169.254.0.4 IP addresses.
• RHEL 5.9 (32-bit and 64-bit) • RHEL 6.4 • RHEL 6.7 • vSphere v5.0 U2 ESXi • vSphere v5.1 U3 • vSphere v5.1 U1 ESXi • vSphere v5.5 ESXi • vSphere v5.5 U3 • vSphere 6.0 • vSphere 6.0 U1 • CentOS 6.5 • CentOS 7.0 • Ubuntu 14.04.1 LTS • Ubuntu 12.04.04 LTS • Debian 7.6 (Wheezy) • Debian 8.0 On servers with Windows 2008 SP2 64-bit operating system, the iDRAC Virtual CD USB Device is not discovered automatically (or enabled). You must enable this manually.
• Turn off and turn on the system. On systems with RHEL 5.9 operating system, if the USB NIC was disabled and if you turn off the system or vice-versa, when the system is turned on and if the USB NIC is enabled, the USB NIC device is not active automatically. To make it active, check if any ifcfg-ethX.bak file is available in the /etc/sysconfig/network-script directory for the USB NIC interface. If it is available, rename it to ifcfg-ethX and then use the ifup ethX command.
Enabling or disabling OS to iDRAC Pass-through using RACADM To enable or disable OS to iDRAC Pass-through using RACADM, use the objects in the iDRAC.OS-BMC group. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Enabling or disabling OS to iDRAC Pass-through using iDRAC settings utility To enable or disable OS to iDRAC Pass-through using iDRAC Settings Utility: 1. In the iDRAC Settings utility, go to Communications Permissions.
Login Type Certificate Type How to Obtain SHA-2 certificates are also supported. Local User login SSL Certificate Generate a CSR and get it signed from a trusted CA NOTE: iDRAC ships with a default self-signed SSL server certificate. The iDRAC Web server, Virtual Media, and Virtual Console use this certificate. SHA-2 certificates are also supported.
certificate. If a wildcard CSR is generated outside of iDRAC, you can have a signed single wildcard SSL certificate that you can upload for multiple iDRACs and all the iDRACs are trusted by the supported browsers. While connecting to iDRAC Web interface using a supported browser that supports a wildcard certificate, the iDRAC is trusted by the browser. While launching viewers, the iDRACs are trusted by the viewer clients.
Related links SSL server certificates Uploading server certificate using web interface To upload the SSL server certificate: 1. In the iDRAC Web interface, go to Overview → iDRAC Settings → Network → SSL, select Upload Server Certificate and click Next. The Certificate Upload page is displayed. 2. Under File Path, click Browse and select the certificate on the management station. 3. Click Apply. The SSL server certificate is uploaded to iDRAC. 4.
Uploading custom signing certificate using web interface To upload the custom signing certificate using iDRAC web interface: 1. Go to Overview → iDRAC Settings → Network → SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Upload Custom SSL Certificate Signing Certificate and click Next. The Upload Custom SSL Certificate Signing Certificate page is displayed. 3. Click Browse and select the custom SSL certificate signing certificate file.
3. A pop-up message is displayed asking you to reset iDRAC immediately or at a later time. Click Reset iDRAC or Reset iDRAC Later as required. After iDRAC resets, a new self-signed certificate is generated. Deleting custom SSL certificate signing certificate using RACADM To delete the custom SSL certificate signing certificate using RACADM, use the sslcertdelete subcommand. Then, use the racreset command to reset iDRAC.
• Obtained using racadm get -f .xml -t xml and then edited. For information about the get command, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. The configuration file is first parsed to verify that valid group and object names are present and the basic syntax rules are followed. Errors are flagged with the line number where the error was detected, and a message explains the problem.
5 Viewing iDRAC and managed system information You can view iDRAC and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
• Video card • SD card • Power Supply Units (PSUs) • Fans • Fibre Channel HBAs • USB • NVMe PCIe SSD devices The Firmware Inventory section displays the firmware version for the following components: • BIOS • Lifecycle Controller • iDRAC • OS driver pack • 32-bit diagnostics • System CPLD • PERC controllers • Batteries • Physical disks • Power supply • NIC • Fibre Channel • Backplane • Enclosure • PCIe SSDs NOTE: Software inventory displays only the last 4 bytes of
• Memory — Indicates the health and state of the Dual In-line Memory Modules (DIMMs) present in the managed system. • Intrusion — Provides information about the chassis. • Power Supplies (available only for rack and tower servers) — Provides information about the power supplies and the power supply redundancy status. NOTE: If there is only one power supply in the system, the power supply redundancy is set to Disabled.
View sensor information For Using web interface Removable Flash Media Overview → Hardware → Removable Flash Media Temperature Overview → Server → Power/Thermal → Temperatures Voltage Overview → Server → Power/Thermal → Voltages Using RACADM Monitoring performance index of CPU, memory, and I/O modules In Dell’s 13th generation Dell PowerEdge servers, Intel ME supports Compute Usage Per Second (CUPS) functionality.
• Login privilege is required to monitor performance data. • Configure privilege is required for setting warning thresholds and reset historical peaks. • Login privilege and Enterprise license are required to read historical statics data. Monitoring performance index for of CPU, memory, and I/O modules using web interface To monitor the performance index of CPU, memory, and I/O modules, in the iDRAC web interface, go to Overview → Hardware.
NOTE: You can track the temperature history even for systems that are not fresh air compliant. However, the threshold limits and fresh air related warnings generated are based on fresh air supported limits. The limits are 42ºC for warning and 47ºC for critical. These values correspond to 40ºC and 45ºC fresh air limits with 2ºC margin for accuracy.
3. Click Apply. The values are configured. NOTE: Changes to default thresholds are not reflected in the historical data chart since the chart limits are for fresh air limit values only. Warnings for exceeding the custom thresholds are different from warning associated to exceeding fresh air thresholds.
Viewing FlexAddress mezzanine card fabric connections In blade servers, FlexAddress allows the use of persistent, chassis-assigned World Wide Names and MAC addresses (WWN/MAC) for each managed server port connection. You can view the following information for each installed embedded Ethernet and optional mezzanine card port: • Fabrics to which the cards are connected. • Type of fabric. • Server-assigned, chassis-assigned, or remotely assigned MAC addresses.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
6 Setting up iDRAC communication You can communicate with iDRAC using any of the following modes: • iDRAC Web Interface • Serial connection using DB9 cable (RAC serial or IPMI serial) — For rack and tower servers only • IPMI Serial Over LAN • IPMI Over LAN • Remote RACADM • Local RACADM • Remote Services NOTE: To ensure that Local RACADM import or export commands work properly, ensure that the USB mass-storage host is enabled in the operating system.
Mode of Communication Supported Protocol Supported Commands Pre-requisite OpenWSMAN (Linux) Redfish Various browser plug-ins, CURL (Windows and Linux), Python request, and JSON modules Plug-ins, CURL, Python modules are installed [1] For more information, see the Lifecycle Controller Remote Services User’s Guide available at dell.com/idracmanuals.
NOTE: This is applicable only for iDRAC on rack and tower servers. 1. Turn on or restart the system. 2. Press F2. 3. Go to System BIOS Settings → Serial Communication. 4. Select External Serial Connector to Remote Access device. 5. Click Back, click Finish, and then click Yes. 6. Press Esc to exit System Setup. Enabling RAC serial connection After configuring serial connection in BIOS, enable RAC serial in iDRAC. NOTE: This is applicable only for iDRAC on rack and tower servers.
Enabling serial connection IPMI mode using RACADM To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode. racadm set iDRAC.Serial.Enable 0 racadm set iDRAC.IPMISerial.ConnectionMode n=0 — Terminal Mode n=1 — Basic Mode Enabling serial connection IPMI serial settings using RACADM 1. Change the IPMI serial-connection mode to the appropriate setting using the command. racadm set iDRAC.Serial.Enable 0 2. Set the IPMI Serial baud rate using the command.
5. Click Apply. The terminal mode settings are configured. 6. Make sure that the serial MUX (external serial connector) is set correctly to the remote access device in the BIOS Setup program to configure BIOS for serial connection. Configuring additional settings for IPMI serial terminal mode using RACADM To configure the Terminal Mode settings, use the set command with the objects in the idrac.ipmiserial group.
Configuring BIOS for serial connection NOTE: This is applicable only for iDRAC on rack and tower servers. 1. Turn on or restart the system. 2. Press F2. 3. Go to System BIOS Settings → Serial Communication. 4. Specify the following values: • Serial Communication — On With Console Redirection • Serial Port Address — COM2. NOTE: You can set the serial communication field to On with serial redirection via com1 if serial device2 in the serial port address field is also set to com1.
Configuring iDRAC to use SOL using RACADM To configure IPMI Serial over LAN (SOL): 1. Enable IPMI Serial over LAN using the command. racadm set iDRAC.IPMISol.Enable 1 2. Update the IPMI SOL minimum privilege level using the command. racadm set iDRAC.IPMISol.MinPrivilege Parameter = 2 = 3 = 4 Privilege level User Operator Administrator NOTE: The IPMI SOL minimum privilege level determines the minimum privilege to activate IPMI SOL. For more information, see the IPMI 2.
• IPMItool for using IPMI protocol • Putty/OpenSSH for using SSH or Telnet protocol Related links SOL using IPMI protocol SOL using SSH or Telnet protocol SOL using IPMI protocol The IPMI-based SOL utility and IPMItool uses RMCP+ delivered using UDP datagrams to port 623. The RMCP+ provides improved authentication, data integrity checks, encryption, and the ability to carry multiple types of payloads while using IPMI 2.0. For more information, see http://ipmitool.sourceforge.net/manpage.html.
arriving from the serial port of the managed system. The serial port usually attaches to a shell that emulates an ANSI- or VT100/VT220–terminal. The serial console is automatically redirected to the SSH or Telnet console. Related links Using SOL from PuTTY on Windows Using SOL from OpenSSH or Telnet on Linux Using SOL from PuTTY on Windows NOTE: If required, you can change the default SSH or Telnet time-out at Overview → iDRAC Settings → Network → Services.
The default (and maximum) size of the history buffer is 8192 characters. You can set this number to a smaller value using the command: racadm set iDRAC.Serial.HistorySize 4. Quit the SOL session to close an active SOL session.
Communicating with iDRAC using IPMI over LAN You must configure IPMI over LAN for iDRAC to enable or disable IPMI commands over LAN channels to any external systems. If IPMI over LAN is not configured, then external systems cannot communicate with the iDRAC server using IPMI commands. NOTE: From iDRAC v2.30.30.30 or later, IPMI also supports IPv6 address protocol for Linux-based operating systems. Configuring IPMI over LAN using web interface To configure IPMI over LAN: 1.
Enabling or disabling remote RACADM You can enable or disable remote RACADM using the iDRAC Web interface or RACADM. You can run up to five remote RACADM sessions in parallel. NOTE: Remote RACADM is enabled by default. Enabling or disabling remote RACADM using web interface 1. In iDRAC Web interface, go to Overview → iDRAC Settings → Network → Services. 2. Under Remote RACADM, select the desired option and click Apply. The remote RACADM is enabled or disabled based on the selection.
The following example provides a sample /etc/grub.conf file that shows the changes described in this procedure. # grub.conf generated by anaconda # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition. This means that all # kernel and initrd paths are relative to /, e.g. # root (hd0,0) # kernel /boot/vmlinuz-version ro root=/dev/sdal # initrd /boot/initrd-version.img #boot=/dev/sda default=0 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.
ud::once:/sbin/update ud::once:/sbin/update #Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now #When our UPS tells us power has failed, assume we have a few #minutes of power left. Schedule a shutdown for 2 minutes from now. #This does, of course, assume you have power installed and your #UPS is connected and working correctly. pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" #If power was restored before the shutdown kicked in, cancel it.
Table 15. SSH cryptography schemes Scheme Type Algorithms Asymmetric Cryptography Public key ssh-rsa ecdsa-sha2-nistp256 Symmetric Cryptography Key Exchange curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1 Encryption chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com hmac-sha1 MAC hmac-ripemd160 umac-64@openssh.
• ssh-keygen CLI for clients running Linux. CAUTION: This privilege is normally reserved for users who are members of the Administrator user group on iDRAC. However, users in the ‘Custom’ user group can be assigned this privilege. A user with this privilege can modify any user’s configuration. This includes creation or deletion of any user, SSH Key management for users, and so on. For these reasons, assign this privilege carefully.
The Upload SSH Key(s) page is displayed. 4. Upload the SSH keys in one of the following ways: • Upload the key file. • Copy the contents of the key file into the text box For more information, see iDRAC Online Help. 5. Click Apply. Uploading SSH keys using RACADM To upload the SSH keys, run the following command: NOTE: You cannot upload and copy a key at the same time.
Deleting SSH keys using RACADM To delete the SSH key(s), run the following commands: • Specific key — racadm sshpkauth -i <2 to 16> -d -k <1 to 4> • All keys — racadm sshpkauth -i <2 to 16> -d -k all 125
7 Configuring user accounts and privileges You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC and maintain system security. By default iDRAC is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC.
NOTE: To improve security, it is recommended to use complex passwords that have eight or more characters and include lowercase alphabets, uppercase alphabets, numbers, and special characters. It is also recommended to regularly change the passwords, if possible. Configuring local users You can configure up to 16 local users in iDRAC with specific access permissions. Before you create an iDRAC user, verify if any current users exist.
To enable SNMP v3 authentication for a user, use SNMPv3AuthenticationType, SNMPv3Enable, SNMPv3PrivacyType objects. For more information, see the RACADM Command Line Interface Guide available at dell.com/idracmanuals. If you use the configuration XML file, use the AuthenticationProtocol, ProtocolEnable, and PrivacyProtocol attributes to enable SNMPv3 authentication. Adding iDRAC user using RACADM 1. Set the index and user name. racadm set idrac.users..
Table 18. iDRAC roles Current Generation Prior Generation Privileges Administrator Administrator Login, Configure, Configure Users, Logs, System Control, Access Virtual Console, Access Virtual Media, System Operations, Debug Operator Power User Login, Configure, System Control, Access Virtual Console, Access Virtual Media, System Operations, Debug Read Only Guest User Login None None None Table 19.
Enabling SSL on domain controller When iDRAC authenticates users with an Active Directory domain controller, it starts an SSL session with the domain controller. At this time, the domain controller must publish a certificate signed by the Certificate Authority (CA)—the root certificate of which is also uploaded into iDRAC.
If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC Server certificate to the Active Directory Domain controller. This additional step is not required if the Active Directory does not perform a client authentication during an SSL session’s initialization phase. NOTE: If your system is running Windows 2000, the following steps may vary.
Figure 1. Configuration of iDRAC with active directory standard schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC access is a member of the role group. To give this user access to a specific iDRAC, the role group name and its domain name need to be configured on the specific iDRAC. The role and the privilege level are defined on each iDRAC and not in the Active Directory. You can configure up to five role groups in each iDRAC.
Configuring Standard schema Active Directory To configure iDRAC for an Active Directory login access: 1. On an Active Directory server (domain controller), open the Active Directory Users and Computers Snap-in. 2. Create a group or select an existing group. Add the Active Directory user as a member of the Active Directory group to access iDRAC. 3. Configure the group name, domain name, and the role privileges on iDRAC using the iDRAC web interface or RACADM.
address of racadm set address of racadm set address of racadm set address of racadm set address of • • • • • • • the domain controller> iDRAC.ActiveDirectory.DomainController3 iDRAC.ActiveDirectory.GlobalCatalog1 iDRAC.ActiveDirectory.GlobalCatalog2 iDRAC.ActiveDirectory.
To use the Extended Schema securely, Dell recommends not enabling inheritance on Dell Association objects within the extended schema implementation. Active directory schema extensions The Active Directory data is a distributed database of attributes and classes. The Active Directory schema includes the rules that determine the type of data that can be added or included in the database. The user class is one example of a class that is stored in the database.
You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC Device Object for each iDRAC device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC. The Association Object allows for as many or as few users and/or groups as well as iDRAC Device Objects. However, the Association Object only includes one Privilege Object per Association Object.
Configuring Extended schema Active Directory To configure Active Directory to access iDRAC: 1. Extend the Active Directory schema. 2. Extend the Active Directory Users and Computers Snap-in. 3. Add iDRAC users and their privileges to Active Directory. 4. Configure iDRAC Active Directory properties using iDRAC Web interface or RACADM.
Classes and attributes Table 21. Class definitions for classes added to the active directory schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 22. DelliDRACdevice class OID 1.2.840.113556.1.8000.1280.1.7.1.
OID 1.2.840.113556.1.8000.1280.1.1.1.3 dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 25. dellPrivileges class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 26. dellProduct class OID 1.2.840.113556.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellIsLoginUser 1.2.840.113556.1.8000.1280.1.1.2.3 TRUE TRUE if the user has Login rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsCardConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.4 TRUE if the user has Card Configuration rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsUserConfigAdmin 1.2.840.113556.1.8000.1280.1.1.2.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued dellAssociationMembers 1.2.840.113556.1.8000.1280.1.1.2.14 FALSE List of dellAssociationObjectMembers that belong to this Product. This attribute is the backward link to the dellProductMembers linked attribute. Distinguished Name (LDAPTYPE_DN 1.3.6.1.4.1.1466.115.121.1.
3. Enter a name for the new object. 4. Select Privilege Object and click OK. 5. Right-click the privilege object that you created, and select Properties. 6. Click the Remote Management Privileges tab and assign the privileges for the user or group. Creating association object To create association object: NOTE: iDRAC association object is derived from the group and its scope is set to Domain Local. 1. In the Console Root (MMC) window, right-click a container. 2.
3. Click the Privilege Object tab to add the privilege object to the association that defines the user’s or user group’s privileges when authenticating to an iDRAC device. Only one privilege object can be added to an Association Object. Adding iDRAC devices or iDRAC device groups To add iDRAC devices or iDRAC device groups: 1. Select the Products tab and click Add. 2. Enter iDRAC devices or iDRAC device group name and click OK. 3. In the Properties window, click Apply and click OK. 4.
• You must provide at least one of the three addresses. iDRAC attempts to connect to each of the configured addresses oneby-one until it makes a successful connection. With Extended Schema, these are the FQDN or IP addresses of the domain controllers where this iDRAC device is located. • To disable the certificate validation during SSL handshake, use the following command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 0 In this case, you do not have to upload a CA certificate.
Configuring generic LDAP users iDRAC provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services. To make iDRAC LDAP implementation generic, the commonality between different directory services is utilized to group users and then map the user-group relationship. The directory service specific action is the schema.
Configuring generic LDAP directory service using RACADM To configure the LDAP directory service, use the objects in the iDRAC.LDAP and iDRAC.LDAPRole groups. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Testing LDAP directory service settings You can test the LDAP directory service settings to verify whether your configuration is correct, or to diagnose the problem with a failed LDAP log in.
8 Configuring iDRAC for Single Sign-On or smart card login This section provides information to configure iDRAC for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
3. Select Register iDRAC on DNS. 4. Provide a valid DNS Domain Name. 5. Verify that network DNS configuration matches with the Active Directory DNS information. For more information about the options, see the iDRAC Online Help. Generating Kerberos keytab file To support the SSO and smart card login authentication, iDRAC supports the configuration to enable itself as a kerberized service on a Windows Kerberos network.
Configuring iDRAC SSO login for Active Directory users Before configuring iDRAC for Active Directory SSO login, make sure that you have completed all the prerequisites. You can configure iDRAC for Active Directory SSO when you setup an user account based on Active Directory.
The Users page is displayed. 2. In the User ID column, click a user ID number. The Users Main Menu page is displayed. 3. Under Smart Card Configurations, select Upload User Certificate and click Next. The User Certificate Upload page is displayed. 4. Browse and select the Base64 user certificate, and click Apply. Uploading smart card user certificate using RACADM To upload smart card user certificate, use the usercertupload object.
Related links Enabling or disabling smart card login Obtaining certificates Generating Kerberos keytab file Configuring Active Directory with Standard schema using iDRAC web interface Configuring Active Directory with Standard schema using RACADM Configuring Active Directory with Extended schema using iDRAC web interface Configuring Active Directory with Extended schema using RACADM Enabling or disabling smart card login Before enabling or disabling smart card login for iDRAC, make sure that: • You have c
9 Configuring iDRAC to send alerts You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, Redfish event, or WS events), then an alert is sent to one or more configured destinations.
Enabling or disabling alerts using RACADM Use the following command: racadm set iDRAC.IPMILan.AlertEnable n=0 — Disabled n=1 — Enabled Enabling or disabling alerts using iDRAC settings utility To enable or disable generating alerts or event actions: 1. In the iDRAC Settings utility, go to Alerts. The iDRAC Settings Alerts page is displayed. 2. Under Platform Events, select Enabled to enable alert generation or event action. Else, select Disabled.
Setting event alerts You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be sent to configured destinations. Related links Enabling or disabling alerts Configuring email alert, SNMP trap, or IPMI trap settings Filtering alerts Configuring remote system logging Configuring WS Eventing Configuring Redfish Eventing Setting event alerts using web interface To set an event alert using the web interface: 1.
The Alert Recurrence page is displayed. 2. In the Recurrence column, enter the alert frequency value for the required category, alert, and severity type(s). For more information, see the iDRAC Online help. 3. Click Apply. The alert recurrence settings are saved. Setting alert recurrence events using RACADM To set the alert recurrence event using RACADM, use the eventfilters command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
Related links Configuring IP alert destinations Configuring email alert settings Configuring IP alert destinations You can configure the IPv6 or IPv4 addresses to receive the IPMI alerts or SNMP traps. For information about the iDRAC MIBs required to monitor the servers using SNMP, see the SNMP Reference Guide available at dell.com/support/manuals. Configuring IP alert destinations using web interface To configure alert destination settings using Web interface: 1.
3. Configure the SNMP community name string: racadm set idrac.ipmilan.communityname Parameter 4. 5. Description The SNMP Community Name. To configure SNMP destination: • Set the SNMP trap destination for SNMPv3: racadm set idrac.SNMP.Alert..DestAddr • Set SNMPv3 users for trap destinations: racadm set idrac.SNMP.Alert..SNMPv3Username • Enable SNMPv3 for a user: racadm set idrac.users..
Configuring email alert settings using RACADM 1. 2. To enable email alert: racadm set iDRAC.EmailAlert.Enable.[index] [n] Parameter index Description Email destination index. Allowed values are 1 through 4. n=0 Disables email alerts. n=1 Enables email alerts. To configure email settings: racadm set iDRAC.EmailAlert.Address.[index] [email-address] Parameter index email-address 3. Description Email destination index. Allowed values are 1 through 4.
Configuring WS Eventing The WS Eventing protocol is used for a client service (subscriber) to register interest (subscription) with a server (event source) for receiving messages containing the server events (notifications or event messages). Clients interested in receiving the WS Eventing messages can subscribe with iDRAC and receive Lifecycle Controller job related events.
To monitor chassis events using iDRAC RACADM: racadm get system.chassiscontrol.chassismanagementmonitoring For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Alerts message IDs The following table provides the list of message IDs that are displayed for the alerts. Table 28.
Message ID Description LOG Log event MEM Memory NDR NIC OS Driver NIC NIC Config OSD OS Deployment OSE OS Event PCI PCI Device PDR Physical Disk PR Part Exchange PST BIOS POST PSU Power Supply PSUA PSU Absent PWR Power Usage RAC RAC Event RDU Redundancy RED FW Download RFL IDSDM Media RFLA IDSDM Absent RFM FlexAddress SD RRDU IDSDM Redundancy RSI Remote Service SEC Security Event SEL Sys Event Log SRD Software RAID SSD PCIe SSD STOR Storage SUP FW Updat
Message ID Description SWU Software Change SYS System Info TMP Temperature TST Test Alert UEFI UEFI Event USR User Tracking VDR Virtual Disk VF vFlash SD card VFL vFlash Event VFLA vFlash Absent VLT Voltage VME Virtual Media VRM Virtual Console WRK Work Note 162
10 Managing logs iDRAC provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC Web interface, RACADM, and WS-MAN interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
For more information, see iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Viewing System Event Log using iDRAC settings utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utility, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3.
Viewing Lifecycle log using web interface To view the Lifecycle Logs, click Overview → Server → Logs → Lifecycle Log. The Lifecycle Log page is displayed. For more information about the options, see the iDRAC Online Help. Filtering Lifecycle logs You can filter logs based on category, severity, keyword, or date range. To filter the lifecycle logs: 1. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: 2. • Select the Log Type from the drop-down list.
For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/support/manuals. Adding work notes Each user who logs in to iDRAC can add work notes and this is stored in the lifecycle log as an event. You must have iDRAC logs privilege to add work notes. A maximum of 255 characters are supported for each new work note. NOTE: You cannot delete a work note. To add a work note: 1. In the iDRAC Web interface, go to Overview → Server → Properties → Summary.
11 Monitoring and managing power You can use iDRAC to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: • Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
Setting warning threshold for power consumption You can set the warning threshold value for the power consumption sensor in the rack and tower systems. The warning/critical power threshold for rack and tower systems may change on system power cycle based on PSU capacity and redundancy policy. However, the warning threshold must not exceed the critical threshold even if Power Supply Unit capacity of the redundancy policy is changed.
Executing power control operations using RACADM To perform power actions, use the serveraction command. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Power capping You can view the power threshold limits that covers the range of AC and DC power consumption that a system under heavy workload presents to the datacenter. This is a licensed feature.
Configuring power cap policy using web interface To view and configure the power policies: 1. In iDRAC Web interface, go to Overview → Server → Power/Thermal → Power Configuration → Power Configuration. The Power Configuration page is displayed. The Power Configuration page is displayed. The current power policy limit is displayed under the Currently Active Power Cap Policy section. 2. Select Enable under iDRAC Power Cap Policy. 3.
Power factor is the ratio of real power consumed to the apparent power. When power factor correction is enabled, the server consumes a small amount of power when the host is OFF. By default, power factor correction is enabled when the server is shipped from the factory. Configuring power supply options using web interface To configure the power supply options: 1. In iDRAC Web interface, go to Overview → Server → Power/Thermal → Power Configuration → Power Configuration.
12 Inventorying, monitoring, and configuring network devices You can inventory, monitor, and configure the following network devices: • Network Interface Cards (NICs) • Converged Network Adapters (CNAs) • LAN On Motherboards (LOMs) • Network Daughter Cards (NDCs) • Mezzanine cards (only for blade servers) Before you disable NPAR or an individual partition on CNA devices, ensure that you clear all I/O identity attributes (Example: IP address, virtual addresses, initiator, and storage targets) and p
Monitoring network devices using RACADM To view information about network devices, use the hwinventory and nicstatistics commands. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals. Additional properties may be displayed when using RACADM or WS-MAN in addition to the properties displayed in the iDRAC web interface.
• View and configure the virtual addresses for network and fibre channel devices (for example, NIC, CNA, FC HBA). • Configure the initiator (for iSCSI and FCoE) and storage target settings (for iSCSI, FCoE, and FC). • Specify persistence or clearance of the configured values over a system AC power loss, cold, and warm system resets.
Manufacturer Type • ConnectX-3 Pro 10G Qlogic • • • QME2662 Mezz FC16 QLE2660 PCIe FC16 QLE2662 PCIe FC16 Emulex • • • • • • • • • • • • • • • • • • • LPM16002 Mezz FC16 LPe16000 PCIe FC16 LPe16002 PCIe FC16 LPM16002 Mezz FC16 LPM15002 LPe15000 LPe15002 OCm14104B-UX-D OCm14102B-U4-D OCm14102B-U5-D OCe14102B-UX-D OCm14104B-UX-D OCm14102B-U4-D OCm14102B-U5-D OCe14102B-UX-D OCm14104-UX-D rNDC 10Gb OCm14102-U2-D bNDC 10Gb OCm14102-U3-D Mezz 10Gb OCe14102-UX-D PCIe 10Gb Supported NIC firmware versions f
Flex Address Feature State in CMC Mode set in iDRAC IO Identity Feature State in iDRAC XML Configuration Persistence Policy Clear Persistence Policy — Virtual Address Flex Address enabled Flex Address Mode Disabled VAM not configured Set to Flex Address Set to Flex Address Flex Address disabled Flex Address Mode Enabled VAM configured Configured VAM persists Persistence only — clear is not possible Flex Address disabled Flex Address Mode Enabled VAM not configured Set to hardware MAC addre
Server with VAM Persistence Policy Feature FlexAddress Feature State in CMC IO Identity Feature State in iDRAC Enabled Disabled Enabled Enabled Disabled Disabled Enabled Availability of Remote Agent VA for the Reboot Cycle VA Programming Source Reboot Cycle VA Persistence Behavior FlexAddress from CMC Per FlexAddress spec Yes — New or Persisted Remote Agent Virtual Address Per Remote Agent Policy Setting No FlexAddress from CMC Per FlexAddress spec Yes — New or Persisted Remote Agent V
To disable I/O Identity Optimization, use the command: racadm set idrac.ioidopt.IOIDOptEnable Disabled To view the I/O Identity Optimization setting, use the command: racadm get iDRAC.IOIDOpt Configuring persistence policy settings Using IO identity, you can configure policies specifying the system reset and power cycle behaviors that determine the persistence or clearance of the virtual address, initiator, and storage target settings.
NOTE: If there is a persistence policy in effect and the virtual addresses, initiator, or storage targets are set on a CNAdevice partition, do not reset or clear the values configured for virtual addresses, initiator, and storage targets before changing the VirtualizationMode or the personality of the partition. The action is performed automatically when you disable the persistence policy.
iSCSI Initiator Default Values in IPv4 mode Default Values in IPv6 mode IscsiInitiatorPrimDns 0.0.0.0 :: IscsiInitiatorIpv4PrimDns 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6PrimDns :: :: IscsiInitiatorSecDns 0.0.0.0 :: IscsiInitiatorIpv4SecDns 0.0.0.0 0.0.0.0 IscsiInitiatorIpv6SecDns :: :: IscsiInitiatorName Value Cleared Value Cleared IscsiInitiatorChapId Value Cleared Value Cleared IscsiInitiatorChapPwd Value Cleared Value Cleared IPVer Ipv4 Table 32.
13 Managing storage devices Beginning with iDRAC 2.00.00.00 release, iDRAC expands its agent-free management to include direct configuration of the new PERC9 controllers. It enables you to remotely configure the storage components attached to your system at run-time. These components include RAID and non-RAID controllers and the channels, ports, enclosures, and disks attached to them.
PERC Capability CEM configuration Capable Controller (PERC 9.1 or later) CEM configuration Non-capable Controller (PERC 9.0 and lower) Real-time If there is no existing pending or scheduled jobs for the controller, then configuration is applied. If there are pending or scheduled jobs for that controller, then the jobs have to be cleared or you must wait for the jobs to be completed before applying the configuration at run-time. Run-time or real-time means, a reboot is not required.
system, the operating system implements the RAID levels. For this reason, using software RAID by itself can slow the system performance. You can, however, use software RAID along with hardware RAID volumes to provide better performance and variety in the configuration of RAID volumes. For example, you can mirror a pair of hardware RAID 5 volumes across two RAID controllers to provide RAID controller redundancy. RAID concepts RAID uses particular techniques for writing data to disks.
• Mean Time Between Failure (MTBF) — Using additional disks to maintain data redundancy also increases the chance of disk failure at any given moment. Although this option cannot be avoided in situations where redundant data is a requirement, it does have implications on the workload of the system support staff within your organization. • Volume — Volume refers to a single disk non-RAID virtual disk. You can create volumes using external utilities like the O-ROM .
• Better read and write performance. RAID level 1 (mirroring) RAID 1 is the simplest form of maintaining redundant data. In RAID 1, data is mirrored or duplicated on one or more physical disks. If a physical disk fails, data can be rebuilt using the data from the other side of the mirror. RAID 1 characteristics: • Groups n + n disks as one virtual disk with the capacity of n disks. The controllers currently supported by Storage Management allow the selection of two disks when creating a RAID 1.
RAID 5 characteristics: • Groups n disks as one large virtual disk with a capacity of (n-1) disks. • Redundant information (parity) is alternately stored on all disks. • When a disk fails, the virtual disk still works, but it is operating in a degraded state. The data is reconstructed from the surviving disks. • Better read performance, but slower write performance. • Redundancy for protection of data.
RAID 6 characteristics: • Groups n disks as one large virtual disk with a capacity of (n-2) disks. • Redundant information (parity) is alternately stored on all disks. • The virtual disk remains functional with up to two disk failures. The data is reconstructed from the surviving disks. • Better read performance, but slower write performance. • Increased redundancy for protection of data. • Two disks per span are required for parity. RAID 6 is more expensive in terms of disk space.
RAID level 60 (striping over RAID 6 sets) RAID 60 is striping over more than one span of physical disks that are configured as a RAID 6. For example, a RAID 6 disk group that is implemented with four physical disks and then continues on with a disk group of four more physical disks would be a RAID 60. RAID 60 characteristics: • Groups n*s disks as one large virtual disk with a capacity of s*(n-2) disks, where s is the number of spans and n is the number of disks within each span.
RAID 10 characteristics: • Groups n disks as one large virtual disk with a capacity of (n/2) disks, where n is an even integer. • Mirror images of the data are striped across sets of physical disks. This level provides redundancy through mirroring. • When a disk fails, the virtual disk still works. The data is read from the surviving mirrored disk. • Improved read performance and write performance. • Redundancy for protection of data.
RAID Level Data Availability Read Performance Write Performance Rebuild Performance Minimum Disks Required Suggested Uses RAID 10 Excellent Very Good Fair Good 2N x X Data intensive environments (large records). RAID 50 Good Very Good Fair Fair N + 2 (N = at least 4) Medium sized transactional or data intensive uses. RAID 6 Excellent Sequential reads: Fair, unless using Poor good. writeback cache Transactional reads: Very good N + 2 (N = at least two disks) Critical information.
Supported non-RAID controllers The iDRAC interface supports 12 Gbps SAS HBA external controller, HBA330 internal controller, and supports SATA drives only for HBA330 internal controller. Supported enclosures iDRAC supports MD1200, MD1220, MD1400, and MD1420 enclosures. NOTE: Redundant Array of Inexpensive Disks (RBODS) that are connected to HBA controllers are not supported.
Feature Name PERC 9 Controllers PERC 8 Controllers PCIe SSD H830 H730 P H730 H330 FD33x S FD33x D H810 H710P H710 H310 Delete virtual disks Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Set Patrol Read Mode Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Patrol Read Unconfigured Areas Realtime (only in web interf ace) Realtime (only in web interf ace) Realtime (only i
Feature Name PERC 9 Controllers PERC 8 Controllers PCIe SSD H830 H730 P H730 H330 FD33x S FD33x D H810 H710P H710 H310 Reset controller configuration Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Create or change security keys Realtime Realtime Realtime Realtime Realtime Realtime Staged Staged Staged Staged Not applicabl e Inventory and remotely monitor the health of PCIe SSD devices Not Not applic applic able able No
• Go to Overview → Storage → Summary to view the summary of the storage components and the recently logged events. This page is automatically refreshed every 30 seconds. • Go to Overview → Storage → Topology to view the hierarchical physical containment view of the key storage components. • Go to Overview → Storage → Physical Disks → Properties to view physical disk information. The Physical Disks Properties page is displayed.
system or requiring your intervention. When a hot spare is activated, it rebuilds the data for all redundant virtual disks that were using the failed physical disk. NOTE: From iDRAC v2.30.30.30 or later, you can add global hot spares when virtual disks are not created. You can change the hot spare assignment by unassigning a disk and choosing another disk as needed. You can also assign more than one physical disk as a global hot spare. Global hot spares must be assigned and unassigned manually.
Related links Choosing operation mode using RACADM Converting a physical disk to RAID or non-RAID mode Converting a physical disk to RAID mode enables the disk for all RAID operations. When a disk is in a non-RAID mode, the disk is exposed to the operating system unlike unconfigured good disks and is used in a direct pass-through mode. You can convert the physical disk drives to RAID or non-RAID mode by: • Using iDRAC interfaces such as iDRAC web interface, RACADM, or WS-MAN.
• Assign or unassign dedicated hot spares • Blink and unblink virtual disks NOTE: You can manage and monitor 192 virtual disks if auto-configuration is enabled through PERC controller BIOS, Human Interface Infrastructure (HII), and Dell OpenManage Server Administrator (OMSA).
– Maximum number of spans affects RAID 10, RAID 50, and RAID 60. – Maximum number of stripes affects RAID 0, RAID 5, RAID 50, RAID 6, and RAID 60. – Number of physical disks in a mirror is always 2. This affects RAID 1 and RAID 10. • Cannot create virtual disks on PCIe SSDs. Creating virtual disks using web interface To create virtual disk: 1. In the iDRAC Web interface, go to Overview → Storage → Virtual Disks → Create. The Create Virtual Disk page is displayed. 2.
The write policies specify if the controller sends a write-request completion signal when the data is in the cache or after it has been written to the disk. • Write Through — The controller sends a write-request completion signal only after the data is written to the disk. Write-through caching provides better data security than write-back caching, since the system assumes that the data is available only after it has been safely written to the disk.
Initializing virtual disks Initializing virtual disks erases the all the data on the disk but does not change the virtual disk configuration. You must initialize a virtual disk that is configured before it is used. NOTE: Do not initialize virtual disks when attempting to recreate an existing configuration. You can perform a fast initialization, a full Initialization, or cancel the initialization operation. NOTE: The cancel initialization is a real-time operation.
You must have Login and Server Control privilege to manage the encryption keys. Assigning or unassigning dedicated hot spares A dedicated hot spare is an unused backup disk that is assigned to a virtual disk. When a physical disk in the virtual disk fails, the hot spare is activated to replace the failed physical disk without interrupting the system or requiring your intervention. You must have Login and Server Control privilege to run this operation.
– Enabled – Disabled • Initialize: Fast — Updates the metadata on the physical disks so that all the disk space is available for future write operations. The initialize option can be completed quickly because existing information on the physical disks is not erased, although future write operations overwrites any information that remains on the physical disks. • Initialize: Full — All existing data and file systems are erased. NOTE: The Initialize: Full option is not applicable for PERC H330 controllers.
• Create, change, or delete security keys Related links Configuring controller properties Importing or auto importing foreign configuration Clearing foreign configuration Resetting controller configuration Supported controllers Summary of supported features for storage devices Converting a physical disk to RAID or non-RAID mode Configuring controller properties You can configure the following properties for the controller: • Patrol read mode (auto or manual) • Start or stop patrol read if patrol read
Load balance The Load Balance property provides the ability to automatically use both controller ports or connectors connected to the same enclosure to route I/O requests. This property is available only on SAS controllers. Bgi rate On PERC controllers, background initialization of a redundant virtual disk begins automatically within 0 to 5 minutes after the virtual disk is created.
The Current Value column displays the existing values for each property. You can modify this value by selecting the option from the Action drop-down menu for each property. For information about the fields, see the iDRAC Online Help. 4. From the Apply Operation Mode drop-down menu, select when you want to apply the settings. 5. Click Apply. Based on the selected operation mode, the settings are applied. Configuring controller properties using RACADM • To set Patrol Read Mode: racadm set storage.
physical disk was set as a dedicated hot spare on the previous controller, but the virtual disk to which the hot spare was assigned is no longer present in the foreign configuration, then the physical disk is imported as a global hot spare. If any foreign configurations locked using Local Key manager (LKM) are Detected, then import foreign configuration operation is not possible in iDRAC in this release. You must unlock the drives through CTRL-R and then continue to import foreign configuration from iDRAC.
Importing foreign configuration using RACADM To import foreign configuration: racadm storage importconfig: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Clearing foreign configuration After moving a physical disk from one controller to another, you may find that the physical disk contains all or some portion of a virtual disk (foreign configuration).
Based on the selected operation mode, the settings are applied. Resetting controller configuration using RACADM To reset the controller configuration: racadm storage resetconfig: For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals. Switching the controller mode On PERC 9.1 and later controllers, you can change the personality of the controller by switching the mode from RAID to HBA.
Switching the controller mode using the iDRAC web interface To switch the controller mode, perform the following steps: 1. In the iDRAC web interface, click Overview → Storage → Controllers. 2. On the Controllers page, click Setup → Controller Mode. The Current Value column displays the current setting of the controller. 3. From the drop-down menu, select the controller mode you want to switch to, and click Apply. Reboot the system for the change to take effect.
Monitoring predictive failure analysis on drives Storage management supports Self Monitoring Analysis and Reporting Technology (SMART) on physical disks that are SMARTenabled. SMART performs predictive failure analysis on each disk and sends alerts if a disk failure is predicted. The controllers check physical disks for failure predictions and, if found, pass this information to iDRAC. iDRAC immediately logs an alert.
PCIe SSD cards on Dell’s 13th generation of PowerEdge rack and tower servers and Dell PowerEdge R920 servers. The HHHL SSD card can be directly plugged in to the PCI slot in the servers that do not have PCIe SSD supported backplanes. You can also use these cards on servers with supported backplanes. Using iDRAC interfaces, you can view and configure NVMe PCIe SSDs.
To view all PCIe SSD drives: racadm storage get pdisks To view PCIe extender cards: racadm storage get controllers To view PCIe SSD backplane information: racadm storage get enclosures NOTE: For all the mentioned commands, PERC devices are also displayed. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
NOTE: For PCIe SSD devices, only the Apply Now option is available. This operation is not supported in staged mode. 5. Click Apply. If the job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action is displayed. If the job is created successfully, a message indicating that the job ID is created for the selected controller is displayed. Click Job Queue to view the progress of the job in the Job Queue page.
• • At Next Reboot — Select this option to apply the actions during the next system reboot. This is the default option for PERC 8 controllers. At Scheduled Time — Select this option to apply the actions at a scheduled day and time: – Start Time and End Time — Click the calendar icons and select the days. From the drop-down menus, select the time. The action is applied between the start time and end time.
failover or High Availability (HA) functionality. The expander splits the internal drive array between the two storage controllers. In this mode, virtual disk creation only displays the drives connected to a particular controller. There are no licensing requirements for this feature. This feature is supported only on a few systems. Backplane supports the following modes: • Unified mode —This is the default mode.
4. • Split Mode 4:20 • Split Mode 8:16 • Split Mode 16:8 • Split Mode 20:4 • Information Not Available From the Apply Operation Mode drop-down menu, select Apply Now to apply the actions immediately, and then click Apply. A job ID is created. 5. Go to the Job Queue page and verify that it displays the status as Completed for the job. 6. Power cycle the system for the setting to take effect.
10. After the system completes POST and CSIOR, type the following command to verify the backplanerequestedmode: racadm get storage.enclosure.1.backplanerequestedmode The output is: BackplaneRequestedMode=None 11. Run the following to verify is the backplane mode is set to split mode: racadm get storage.enclosure.1.backplanecurrentmode The output is: BackplaneCurrentMode=SplitMode 12.
NOTE: You cannot set the SGPIO mode using iDRAC Web interface. Setting SGPIO mode using RACADM To configure the SGPIO mode, use the set command with the objects in the SGPIOMode group. If it is set to disabled, it is I2C mode. If enabled, it is set to SGPIO mode. For more information, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/idracmanuals.
NOTE: • 3. The Add to Pending Operations option in not applicable for the Pending Operations page and for PCIe SSDs in the Physical Disks → Setup page. • Only the Apply Now option is available on the Enclosure Setup page. Click Apply. Based on the operation mode selected, the settings are applied. Choosing operation mode using RACADM To select the operation mode, use the jobqueue command. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/idracmanuals.
* Power Cycle System (cold boot) NOTE: For PERC 8 or earlier controllers, Graceful Shutdown is the default option. For PERC 9 controllers, No Reboot (Manually Reboot System) is the default option. If the commit job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action are displayed. 5. 6.
progress of the job in the Job Queue page. If the job is not created, a message indicating that the job creation was not successful is displayed. Also, the message ID and the recommended response action are displayed. – Click Cancel to not create the job and remain on the page to perform more storage configuration operations.
• Overview → Storage → Identify - Displays the Identify Component LEDs page where you can blink or unblink the physical disks, virtual disks, and PCIe SSDs. • Overview → Storage → Physical Disks → Identify– Displays the Identify Physical Disks page where you can blink or unblink the physical disks and PCIe SSDs. • 2. Overview → Storage → Virtual Disks → Identify- Displays the Identify Virtual Disks page where you can blink or unblink the virtual disks.
14 Configuring and using virtual console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: • A maximum of six simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
NOTE: If you have an active Virtual Console session and a lower resolution monitor is connected to the Virtual Console, the server console resolution may reset if the server is selected on the local console. If the system is running a Linux operating system, an X11 console may not be viewable on the local monitor. Press at the iDRAC Virtual Console to switch Linux to a text console.
While launching the Virtual Console using Java plug-in, occasionally you may see a Java compilation error. To resolve this, go to Java control panel → General → Network Settings and select Direct Connection. If the Virtual Console is configured to use ActiveX plug-in, it may not launch the first time. This is because of the slow network connection and the temporary credentials (that Virtual Console uses to connect) timeout is two minutes. The ActiveX client plug-in download time may exceed this time.
Disabling warning messages while launching virtual console or virtual media using Java or ActiveX plug-in You can disable the warning messages while launching the Virtual Console or Virtual Media using Java plug-in. 1. Initially, when you launch Virtual Console or Virtual Media using Java plug-in, the prompt to verify the publisher is displayed. Click Yes. A certificate warning message is displayed indicating that a trusted certificate is not found.
• From iDRAC Home page, click the Launch link available in the Console Preview session • From iDRAC Virtual Console page, click Launch Virtual Console. • From iDRAC login page, type https///console. This method is called as Direct Launch.
– Don’t Maintain Click Apply to apply the selected settings on the server. • Touch Mode — The HTML5 virtual console supports the Touch Mode feature. The following configuration options are displayed as a drop-down list: – Direct – Relative Click Apply to apply the selected settings on the server. • Mouse Acceleration — Select the mouse acceleration based on the operating system.
desktop. For correct mouse synchronization in the iDRAC Virtual Console, this feature must be disabled. To disable Predictable Pointer Acceleration, in the mouse section of the /etc/X11/xorg.conf file, add: Option "AccelerationScheme" "lightweight". If synchronization problems continue, do the following additional change in the /.gconf/desktop/gnome/peripherals/ mouse/%gconf.xml file: Change the values for motion_threshold and motion_acceleration to -1.
– Browser Forward Key – Browser Refresh key – Browser Stop Key – Browser Search Key – Browser Favorites key – Browser Start and Home key – Volume mute key – Volume down key – Volume up key – Next track key – Previous track key – Stop Media key – Play/Pause media key – Start mail key – Select media key – Start Application 1 key – Start Application 2 key • All the individual keys (not a combination of different keys, but a single key stroke) are always sent to the managed system.
Using opensource IPMI tool Make sure that BIOS/iDRAC settings supports console redirection using SOL. 1. At the command prompt, run the SOL activate command: Ipmitool –I lanplus –H -U -P sol activate The SOL session is activated. 2. After the server boots to the operating system, the localhost.localdomain login prompt appears. Log in using the operating system user name and password. 3. If SysRq is not enabled, enable using echo 1 >/proc/sys/kernel/sysrq. 4.
15 Managing virtual media Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: • Remotely access media connected to a remote system over the network • Install applications • Update drivers • Install an operating system on the managed system This is a licensed feature for rack and tower servers.
Table 35. Supported drives and devices Drive Supported Storage Media Virtual Optical Drives • • • • • Legacy 1.44 floppy drive with a 1.
Table 36. Attached media state and system response Attached Media State System Response Detach Cannot map an image to the system. Attach Media is mapped even when Client View is closed. Auto-attach Media is mapped when Client View is opened and unmapped when Client View is closed. Server settings for viewing virtual devices in virtual media You must configure the following settings in the management station to allow visibility of empty drives.
Launching virtual media without using virtual console Before you launch Virtual Media when the Virtual Console is disabled, make sure that • Virtual Media is in Attach state. • System is configured to unhide empty drives. To do this, in Windows Explorer, navigate to Folder Options, clear the Hide empty drives in the Computer folder option, and click OK. To launch Virtual Media when Virtual Console is disabled: 1. In the iDRAC web Interface, go to Overview → Server → Virtual Console.
Therefore, it is recommended not to move or delete the .img file while the image is being used. However, the .img file can be removed after the relevant entry is first deselected and then removed using Remove Image to remove the entry. Viewing virtual device details To view the virtual device details, in the Virtual Console Viewer, click Tools → Stats. In the Stats window, the Virtual Media section displays the mapped virtual devices and the read/write activity for each device.
If the image is created in the default path (Desktop), when you select Map Removable Disk, the created image is available for selection in the drop-down menu. If image is created in a different location, when you select Map Removable Disk, the created image is not available for selection in the drop-down menu. Click Browse to specify the image. 4. Select Read-only to map writable devices as read-only. For CD/DVD devices, this option is enabled by default and you cannot disable it.
To enable the managed system to boot: 1. Boot the managed system. 2. Press to enter the System Setup page. 3. Go to System BIOS Settings → Boot Settings → BIOS Boot Settings → Boot Sequence. In the pop-up window, the virtual optical drives and virtual floppy drives are listed with the standard boot devices. 4. Make sure that the virtual drive is enabled and listed as the first device with bootable media. If required, follow the on-screen instructions to modify the boot order. 5.
16 Installing and using VMCLI utility The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. NOTE: VMCLI supports only the TLS 1.0 security protocol.
The parameter enables VMCLI to connect to the specified server, access iDRAC, and map to the specified virtual media. NOTE: VMCLI syntax is case-sensitive. To ensure security, it is recommended to use the following VMCLI parameters: • vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users.
NOTE: The VMCLI utility does not read from standard input (stdin). Hence, stdin redirection is not required. • Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features for the utility to run in the background. For example, under a Linux operating system, the ampersand character (&) following the command causes the program to be spawned as a new background process.
17 Managing vFlash SD card The vFlash SD card is a Secure Digital (SD) card that plugs into the vFlash SD card slot in the system. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC Web interface at Overview → Server → vFlash: SD card not detected.
Viewing vFlash SD card properties using RACADM To view the vFlash SD card properties using RACADM, use the get command with the following objects: • iDRAC.vflashsd.AvailableSize • iDRAC.vflashsd.Health • iDRAC.vflashsd.Licensed • iDRAC.vflashsd.Size • iDRAC.vflashsd.WriteProtect For more information about these objects, see the iDRAC RACADM Command Line Interface Reference Guide available at dell.com/ idracmanuals.
NOTE: If the SD card is write-protected, then the Initialize option is disabled. Initializing vFlash SD card using web interface To initialize the vFlash SD card: 1. In the iDRAC Web interface, go to Overview → Server → vFlash. The SD Card Properties page is displayed. 2. Enable vFLASH and click Initialize. All existing contents are removed and the card is reformatted with the new vFlash system information.
• Modifying a partition • Attaching or detaching partitions • Deleting existing partitions • Downloading partition contents • Booting to a partition NOTE: If you click any option on the vFlash pages when an application such as WS-MAN, iDRAC Settings utility, or RACADM is using vFlash, or if you navigate to some other page in the GUI, iDRAC may display the message: vFlash is currently in use by another process. Try again after some time.
Before creating a partition from an image file, make sure that: • You have Access Virtual Media privilege. • The card is initialized. • The card is not write-protected. • An initialize operation is not being performed on the card. • The image type and the emulation type match. NOTE: The uploaded image and the emulation type must match. There are issues when iDRAC emulates a device with incorrect image type.
• The card is not write-protected. • An initialize operation is not being performed on the card. To format vFlash partition: 1. In iDRAC Web interface, go to Overview → Server → vFlash → Format. The Format Partition page is displayed. 2. Enter the required information and click Apply. For information about the options, see the iDRAC Online Help. A warning message indicating that all the data on the partition will be erased is displayed. 3. Click OK.
The Manage Partitions page is displayed. 2. In the Read-Only column: • Select the checkbox for the partition(s) and click Apply to change to read-only. • Clear the checkbox for the partition(s) and click Apply to change to read-write. The partitions are changed to read-only or read-write, based on the selections. NOTE: If the partition is of type CD, the state is read-only. You cannot change the state to read-write. If the partition is attached, the check box is grayed-out.
Attaching or detaching partitions using RACADM To attach or detach partitions: 1. Log in to the system using telnet, SSH, or Serial console. 2. Use the following commands: • To attach a partition: racadm set iDRAC.vflashpartition..AttachState 1 • To detach a partition: racadm set iDRAC.vflashpartition..
• Managed system (where iDRAC is operated from) • Network location mapped to a management station. Before downloading the partition contents, make sure that: • You have Access Virtual Media privileges. • The vFlash functionality is enabled. • An initialize operation is not being performed on the card. • For a read-write partition, it must not be attached. To download the contents of the vFlash partition: 1. In the iDRAC Web interface, go to Overview → Server → vFlash → Download.
18 Using SMCLP The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
where, y is an alpha-numeric character such as M (for blade servers), R (for rack servers), and T (for tower servers) and x is a number. This indicates the generation of Dell PowerEdge servers. NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers. iDRAC SMCLP syntax The iDRAC SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI.
Target Definitions admin1/system1/capabilities1/pwrcap1 Managed system power utilization capabilities admin1/system1/capabilities1/elecap1 Managed system target capabilities admin1/system1/logs1 Record Log collections target admin1/system1/logs1/log1 System Event Log (SEL) record entry admin1/system1/logs1/log1/record* An individual SEL record instance on the managed system admin1/system1/settings1 Managed system SMASH collection settings admin1/system1/capacities1 Managed system capacities S
Target Definitions admin1/sysetm1/sp1/account1-16/identity2 IPMI identity (LAN) account admin1/sysetm1/sp1/account1-16/identity3 IPMI identity (Serial) account admin1/sysetm1/sp1/account1-16/identity4 CLP identity account admin1/system1/sp1/acctsvc1 Local user account management service admin1/system1/sp1/acctsvc2 IPMI account management service admin1/system1/sp1/acctsvc3 CLP account management service admin1/system1/sp1/rolesvc1 Local Role Base Authorization (RBA) service admin1/system1/sp
Using show verb To learn more about a target use the show verb. This verb displays the target’s properties, sub-targets, associations, and a list of the SM-CLP verbs that are allowed at that location. Using the -display option The show –display option allows you to limit the output of the command to one or more of properties, targets, associations, and verbs.
system1 has been stopped successfully • To switch on the server: start /system1 The following message is displayed: system1 has been started successfully • To reboot the server: reset /system1 The following message is displayed: system1 has been reset successfully SEL management The following examples show how to use the SMCLP to perform SEL-related operations on the managed system.
ElementName = IPMI SEL Commands: cd show help exit version • To view the SEL record: show/system1/logs1/log1 The following output is displayed: /system1/logs1/log1/record4 Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.
Map target navigation The following examples show how to use the cd verb to navigate the MAP. In all examples, the initial default target is assumed to be /. Type the following commands at the SMCLP command prompt: • To navigate to the system target and reboot: cd system1 reset The current default target is /. • To navigate to the SEL target and display the log records: cd system1 cd logs1/log1 show • To display current target: type cd . • To move up one level: type cd ..
19 Using iDRAC Service Module The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system. It complements iDRAC by providing additional data to work with iDRAC interfaces such as the Web interface, RACADM, and WSMAN. You can configure the features monitored by the iDRAC Service Module to control the CPU and memory consumed on the server’s operating system.
• Integrate with SupportAssist Collection. This is applicable only if iDRAC Service Module version 2.0 or later is installed. For more information, see Generating SupportAssist Collection. • Prepare to Remove NVMe PCIe SSD. For more information, see Idracug_preparing to remove nvme pcie ssd.
Windows Management Instrumentation providers WMI is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF) to manage Server hardware, operating systems and applications.
CIM Interface WinRM WMIC ystem +SystemName=systemmc} PowerShell namespace root/cimv2/ dcim Remote iDRAC Hard Reset By using iDRAC, you can monitor the supported servers for critical system hardware, firmware, or software issues. Sometimes, iDRAC may become unresponsive due to various reasons. During such scenarios, you must turn off the server and reset iDRAC. To reset the iDRAC CPU, you must either power off and power on the server or perform an AC power cycle.
On all iSM supported ESXi operating systems, the iSM v2.3 supports a Common Management Programming Interface (CMPI) method provider to perform the iDRAC reset remotely by using the WinRM remote commands. winrm i iDRACHardReset http://schemas.dell.
-u: -p: -r:http:///wsman a:Basic -encoding:utf-8 -skipCACheck –skipCNCheck • - Linux operating system On all iSM supported Linux operating system, iSM provides an executable command. You can run this command by logging into the operating system by using SSH or equivalent. Beginning with iSM 2.4.0, you can configure Agent-x as the default protocol for in-band iDRAC SNMP alerts using the following command: ./Enable-iDRACSNMPTrap.
rule in the host operating system, which allows incoming connections. The firewall rule is enabled automatically when this feature is enabled. Beginning with iSM 2.4.0, you can retrieve the current status and listening-port configuration by using the following Powershell cmdlet: Enable-iDRACAccessHostRoute –status get The output of this command indicates whether this feature is enabled or disabled. If the feature is enabled, it displays the listeningport number.
IP range in format. Example: 10.95.146.98/24 Coexistence of OpenManage Server Administrator and iDRAC Service Module In a system, both OpenManage Server Administrator and the iDRAC Service Module can co-exist and continue to function correctly and independently.
By default, the logs are available at Event viewer → Applications and Services Logs → System.
20 Using USB port for server management In Dell PowerEdge 12th generation servers, all USB ports are dedicated to the server. With the 13th generation of servers, one of the front panel USB port is used by iDRAC for management purposes such as pre-provisioning and troubleshooting. The port has an icon to indicate that it is a management port. All 13th generation servers with LCD panel support this feature. This port is not available in a few of the 200-500 model variations without the LCD panel.
Configuring iDRAC using server configuration profile on USB device With the new iDRAC Direct feature, you can configure iDRAC at-the-server. First configure the USB Management port settings in iDRAC, insert the USB device that has the server configuration profile, and then import the server configuration profile from the USB device to iDRAC. NOTE: You can set the USB Management port settings using the iDRAC interfaces only if there is no USB device connected to the server.
• A USB device is in use by iDRAC and you attempt to modify the USB Management Port Mode. • A USB device is in use by iDRAC and you remove the device. Configuring USB management port using web interface To configure the USB port: 1. In the iDRAC Web interface, go to Overview → Hardware → USB Management Port. The Configure USB Management Port page is displayed. 2. 3.
• Enabled while server has default credential settings only • Enabled For information about the fields, see the iDRAC Settings Utility Online Help. 4. Click Back, click Finish and then click Yes to apply the settings. Importing server configuration profile from USB device Make sure to create a directory in root of the USB device called System_Configuration_XML which contains both the config.xml and control.
6. If there is a configuration that needs to be staged and the Shut Down Type is specified as No Reboot is specified in the control file, then you must reboot the server for the settings to be configured. Else, server is rebooted and the configuration is applied. Only when the server was already powered down, then the staged configuration is applied even if the No Reboot option is specified. 7. After the import job is complete, the LCD/LED indicates that the job is complete.
21 Using iDRAC Quick Sync A few Dell 13th generation PowerEdge servers have the Quick Sync bezel that supports the Quick Sync feature. This feature enables at-the-server management with a mobile device. This allows you to view inventory and monitoring information and configure basic iDRAC settings (such as root credential setup and configuration of the first boot device) using the mobile device. You can configure iDRAC Quick Sync access for your mobile device (example, OpenManage Mobile) in iDRAC.
– If enabled, you can specify a time after which the Quick Sync mode is turned off. To turn on, press the activation button again. – If disabled, the timer does not allow you to enter a time-out period. • Time-out Limit — Allows you specify the time after which the Quick Sync mode is disabled. The default value is 30 seconds. You must have Server Control privilege to configure the settings. A server reboot is not required for the settings to take effect.
22 Deploying operating systems You can use any of the following utilities to deploy operating systems to managed systems: • • Remote File Share Virtual Media Console Related links Deploying operating system using remote file share Deploying operating system using virtual media Deploying operating system using remote file share Before you deploy the operating system using Remote File Share (RFS), make sure that: • • Configure User and Access Virtual Media privileges for iDRAC are enabled for the user.
• If the Virtual Media client is not active, and you attempt to establish an RFS connection, the connection is established and the remote image is available to the host operating system. • If the Virtual Media client is active, and you attempt to establish an RFS connection, the following error message is displayed: Virtual Media is detached or redirected for the selected virtual drive. The connection status for RFS is available in iDRAC log.
For RHEL, the CD device (.iso virtual device) is /dev/scd0 and floppy device (.img virtual device) is /dev/sdc. For SLES, the CD device is /dev/sr0 and the floppy device is /dev/sdc. To make sure that the correct device is used (for either SLES or RHEL), when you connect the virtual device, on the Linux OS you must immediately run the command: tail /var/log/messages | grep SCSI This displays the text that identifies the device (example, SCSI device sdc).
Related links Configuring virtual media Setting first boot device Configuring iDRAC Installing operating system from multiple disks 1. Unmap the existing CD/DVD. 2. Insert the next CD/DVD into the remote optical drive. 3. Remap the CD/DVD drive. Deploying embedded operating system on SD card To install an embedded hypervisor on an SD card: 1. Insert the two SD cards in the Internal Dual SD Module (IDSDM) slots on the system. 2. Enable SD module and redundancy (if required) in BIOS. 3.
23 Troubleshooting managed system using iDRAC You can diagnose and troubleshoot a remote managed system using: • • • • • • • • • Diagnostic console Post code Boot and crash capture videos Last system crash screen System event logs Lifecycle logs Front panel status Trouble indicators System health Related links Using diagnostic console Scheduling remote automated diagnostics Viewing post codes Viewing boot and crash capture videos Viewing logs Viewing last system crash screen Viewing front panel status Har
You can perform the diagnostics immediately or schedule it on a particular day and time, specify the type of diagnostics, and the type of reboot. For the schedule, you can specify the following: • Start time – Run the diagnostic at a future day and time. If you specify TIME NOW, the diagnostic is run on the next reboot. • End time - Run the diagnostic until a date and time after the Start time. If it is not started by End time, it is marked as failed with End time expired.
Viewing boot and crash capture videos You can view the video recordings of: • Last three boot cycles — A boot cycle video logs the sequence of events for a boot cycle. The boot cycle videos are arranged in the order of latest to oldest. • Last crash video — A crash video logs the sequence of events leading to the failure. This is a licensed feature. iDRAC records fifty frames during boot time. Playback of the boot screens occur at a rate of 1 frame per second.
Related links Enabling last crash screen Viewing front panel status The Front Panel on the managed system summarizes the status of the following components in the system: • Batteries • Fans • Intrusion • Power Supplies • Removable Flash Media • Temperatures • Voltages You can view the status of the front panel of the managed system: • For rack and tower servers: LCD front panel and system ID LED status or LED front panel and system ID LED status. • For blade servers: Only system ID LEDs.
Hardware trouble indicators The hardware related problems are: • Failure to power up • Noisy fans • Loss of network connectivity • Hard drive failure • USB media failure • Physical damage Based on the problem, use the following methods to correct the problem: • Reseat the module or component and restart the system • In case of a blade server, insert the module into a different bay in the chassis • Replace hard drives or USB flash drives • Reconnect or replace the power and network cables
Click any component name in the Server Health section to view details about the component. Generating SupportAssist Collection If you have to work with Tech Support on an issue with a server but the security policies restrict direct internet connection, then you can provide Tech Support with necessary data to facilitate troubleshooting of the problem without having to install software or download tools from Dell and without having access to the Internet from the server operating system or iDRAC.
Generating SupportAssist Collection automatically If iDRAC Service Module is installed and running, you can automatically generate the SupportAssist Collection. The iDRAC Service Module invokes the appropriate OS collector file on the host operating system, collects the data, and transfers to iDRAC. You can then save the data to the required location. Generating SupportAssist Collection automatically using iDRAC web interface To generate the SupportAssist collection automatically: 1.
Linux Operating System Command to Check the IPMI Service Status Command to Start the IPMI Service $ systemctl status ipmi.service $ systemctl start ipmi.service Oracle VM Oracle Linux 6.4 Red Hat Enterprise Linux 7 NOTE: – CentOS is supported only for iDRAC Service Module 2.0 or later. – If the IPMI modules are not present, then you can install the respective modules from the OS distribution media. The service starts once the installation is complete.
10. If you have selected Network, enter the network location details. 11. Select the I agree to allow SupportAssist to use this data option and click Export to export the data to the specified location. Generating SupportAssist Collection manually using RACADM To generate the SupportAssist Collection by using RACADM, use the techsupreport subcommand. For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/esmmanuals.
You can delete individual or multiple system components using the SystemErase command: racadm systemErase where, • BIOS — BIOS reset to default • DIAG — Embedded Diagnostics • DRVPACK— Embedded OS Driver Pack • LCDATA — Clear the Lifecycle Controller Data • IDRAC — iDRAC reset to default For more information, see the iDRAC RACADM Command Line Reference Guide available at dell.com/esmmanuals.
24 Frequently asked questions This section lists the frequently asked questions for the following: • System Event Log • Network security • Active Directory • Single Sign On • Smart card login • Virtual console • Virtual media • vFlash SD card • SNMP authentication • Storage devices • iDRAC Service Module • RACADM • Miscellaneous System Event Log While using iDRAC Web interface through Internet Explorer, why does SEL not save using the Save As option? This is due to a browser settin
When accessing the iDRAC Web-based interface, a security warning is displayed stating that the SSL certificate host name does not match the iDRAC host name. iDRAC includes a default iDRAC server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. When this certificate is used, the Web browser displays a security warning because the default certificate that is issued to iDRAC does not match the iDRAC host name (for example, the IP address).
• The domain controller addresses configured in iDRAC does not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, read the next question. If you are using FQDN, make sure you are using the FQDN of the domain controller and not the domain. For example, servername.example.com instead of example.com. Certificate validation fails even if IP address is used as the domain controller address.
The Active Directory is configured for a domain present in Windows Server 2008 Active Directory. A child or sub domain is present for the domain, the user and group is present in the same child domain, and the user is a member of that group. When trying to log in to iDRAC using the user present in the child domain, Active Directory Single Sign-On login fails. This may be because of the an incorrect group type.
11. In the Value data field, type 1 and click OK. 12. Close the Registry Editor window. You can now log in to iDRAC using SSO. If you have enabled SSO for iDRAC and you are using Internet Explorer to log in to iDRAC, SSO fails and you are prompted to enter your user name and password. How to resolve this? Make sure that the iDRAC IP address is listed in the Tools → Internet Options → Security → Trusted sites. If it is not listed, SSO fails and you are prompted to enter your user name and password.
Does turning off the local console turn off the video on the remote console session? No, turning the local video on or off is independent of the remote console session. What privileges are required for an iDRAC user to turn on or turn off the local server video? Any user with iDRAC configuration privileges can turn on or turn off the local console. How to get the current status of the local server video? The status is displayed on the Virtual Console page. To display the status of the object iDRAC.
Why do multiple Session Viewer windows appear when a Virtual Console session is established from the local host? You are configuring a Virtual Console session from the local system. This is not supported. If a Virtual Console session is in-progress and a local user accesses the managed server, does the first user receive a warning message? No. If a local user accesses the system, both have control of the system.
When iDRAC web interface is launched from the CMC web interface soon after Virtual Console is launched, why does GUI session time-out? When launching the Virtual Console to iDRAC from the CMC web interface a popup is opened to launch the Virtual Console. The popup closes shortly after the Virtual Console opens. When launching both the GUI and Virtual Console to the same iDRAC system on a management station, a session time-out for the iDRAC GUI occurs if the GUI is launched before the popup closes.
On the managed system, access BIOS Setup and go to the boot menu. Locate the virtual CD, virtual floppy, or vFlash and change the device boot order as required. Also, press the "spacebar" key in the boot sequence in the CMOS setup to make the virtual device bootable. For example, to boot from a CD drive, configure the CD drive as the first device in the boot order.
where: /dev/sdx is the device name found in step 4 and /mnt/floppy is the mount point. Why are the virtual drives attached to the server removed after performing a remote firmware update using the iDRAC web interface? Firmware updates cause the iDRAC to reset, drop the remote connection, and unmount the virtual drives. The drives reappear when iDRAC reset is complete.
As part of discovery, IT Assistant attempts to verify the get and set community names of the device. In IT Assistant, you have the get community name = public and the set community name = private. By default, the SNMP agent community name for iDRAC agent is public. When IT Assistant sends out a set request, the iDRAC agent generates the SNMP authentication error because it accepts requests only from community = public.
iDRAC Service Module uses the OS to iDRAC pass-through over USB NIC feature to establish the communication with iDRAC. Sometimes, the communication is not established though the USB NIC interface is configured with the correct IP endpoints. This may happen when the host operating system routing table has multiple entries for the same destination mask and the USB NIC destination is not listed as the first one in routing order. Destination Gateway Genmask Flags Metric Ref Use Iface default 10.94.148.
Operating System Location NOTE: The location of the Lifecycle log can be configured using the iDRAC Service Module installer. You can configure the location while installing iDRAC Service Module or modifying the installer. Red Hat Enterprise Linux, SUSE Linux, CentOS, and Citrix XenServer /var/log/messages VMware ESXi /var/log/syslog.
• A new SSL server certificate is uploaded. Why is an error message displayed if you try to delete a partition after creating it using local RACADM? This occurs because the create partition operation is in-progress. However, the partition is deleted after sometime and a message that the partition is deleted is displayed. If not, wait until the create partition operation is completed and then delete the partition.
How to find iDRAC IP address for rack and tower server? • From iDRAC web Interface: Go to Overview → Server → Properties → Summary. The System Summary page displays the iDRAC IP address. • From Local RACADM: Use the command racadm getsysinfo. • From LCD: On the physical server, use the LCD panel navigation buttons to view the iDRAC IP address. Go to Setup View → View → iDRAC IP → IPv4 or IPv6 → IP.
• Memory is not installed or is inaccessible. • CPU is not installed or is inaccessible • Video riser card is missing or not connected properly. Also, see error messages in iDRAC log using iDRAC web interface or from the server LCD.
25 Use case scenarios This section helps you in navigating to specific sections in the guide to perform typical use case scenarios. Troubleshooting an inaccessible managed system After receiving alerts from OpenManage Essentials, Dell Management Console, or a local trap collector, five servers in a data center are not accessible with issues such as hanging operating system or server. Need to identify the cause to troubleshoot and bring up the server using iDRAC.
Obtaining system information and assess system health To obtain system information and assess system health: • In iDRAC Web interface, go to Overview → Server → System Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. • You can also configure the chassis locator LED and based on the color, assess the system health.
• Overview → Server → Power/Thermal → Power Configuration → Power Control. The Power Control page is displayed. Select Graceful Shutdown and click Apply. • Overview → Server → Power/Thermal → Power Monitoring. From the Power Control drop-down menu, select Graceful Shutdown and click Apply. NOTE: All Power options are dependent on the host operating system. For the options to function properly, you must make required changes in the operating system. For example, Gnome-tweak-tool in RHEL 7.2.
Installing new electronic license See License operations for more information. Applying I/O Identity configuration settings for multiple network cards in single host system reboot If you have multiple network cards in a server that is part of a Storage Area Network (SAN) environment and you want to apply different virtual addresses, initiator and target configuration settings to those cards, use the I/O Identity Optimization feature to reduce the time in configuring the settings. To do this: 1.