Integrated Dell Remote Access Controller 7 (iDRAC7) Version 1.50.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2014 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 Overview.....................................................................................................................................15 Benefits of Using iDRAC7 With Lifecycle Controller...............................................................................................15 Key Features........................................................................................................................................................... 16 New In This Release...................
Enabling or Disabling Default Password Warning Message Using Web Interface.........................................35 Enabling or Disabling Warning Message to Change Default Login Password Using RACADM......................35 3 Setting Up Managed System and Management Station.................................................... 37 Setting Up iDRAC7 IP Address................................................................................................................................
Scheduling Automatic Backup Server Profile................................................................................................. 64 Importing Server Profile..........................................................................................................................................65 Importing Server Profile Using iDRAC7 Web Interface....................................................................................65 Importing Server Profile Using RACADM.............................
SSL Server Certificates.................................................................................................................................... 84 Generating a New Certificate Signing Request............................................................................................... 85 Uploading Server Certificate............................................................................................................................85 Viewing Server Certificate.............................
Switching From Serial Console to RAC Serial................................................................................................107 Switching From RAC Serial to Serial Console................................................................................................107 Communicating With iDRAC7 Using IPMI SOL..................................................................................................... 108 Configuring BIOS For Serial Connection..........................................
Configuring Browser to Enable Active Directory SSO................................................................................... 149 Configuring iDRAC7 SSO Login for Active Directory Users..................................................................................150 Configuring iDRAC7 SSO Login for Active Directory Users Using Web Interface......................................... 150 Configuring iDRAC7 SSO Login for Active Directory Users Using RACADM............................................
Viewing Lifecycle Log Using Web Interface.................................................................................................. 169 Viewing Lifecycle Log Using RACADM.......................................................................................................... 169 Exporting Lifecycle Controller Logs...................................................................................................................... 169 Exporting Lifecycle Controller Logs Using Web Interface..........
Synchronizing Mouse Pointers...................................................................................................................... 186 Passing All Keystrokes Through Virtual Console........................................................................................... 187 13 Managing Virtual Media...................................................................................................... 191 Supported Drives and Devices..........................................................
Downloading Partition Contents.................................................................................................................... 212 Booting to a Partition......................................................................................................................................213 16 Using SMCLP......................................................................................................................... 215 System Management Capabilities Using SMCLP..................
Viewing Post Codes.............................................................................................................................................. 235 Viewing Boot and Crash Capture Videos..............................................................................................................235 Viewing Logs.........................................................................................................................................................
Installing Bare Metal OS Using Attached Virtual Media and Remote File Share.................................................257 Managing Rack Density........................................................................................................................................257 Installing New Electronic License........................................................................................................................
Overview 1 The Integrated Dell Remote Access Controller 7 (iDRAC7) is designed to make server administrators more productive and improve the overall availability of Dell servers. iDRAC7 alerts administrators to server issues, helps them perform remote server management, and reduces the need for physical access to the server. iDRAC7 with Lifecycle controller technology is part of a larger datacenter solution that helps keep business critical applications and workloads available at all times.
Key Features The key features in iDRAC7 include: NOTE: Some of the features are available only with iDRAC7 Enterprise license. For information on the features available for a license, see Managing Licenses. Inventory and Monitoring • View managed server health. • Inventory and monitor network adapters and storage subsystem (PERC and direct attached storage) without any operating system agents. • View and export system inventory. • View sensor information such as temperature, voltage, and intrusion.
• Set email alerts, IPMI alerts, remote system logs, WS eventing logs, and SNMP traps (v1 and v2c) for events and improved email alert notification. • Capture last system crash image. • View boot and crash capture videos. Secure Connectivity Securing access to critical network resources is a priority. iDRAC7 implements a range of security features that includes: • Custom signing certificate for Secure Socket Layer (SSL) certificate. • Signed firmware updates.
• Export the Lifecycle log entries to a network share or to the local system. • Improved Virtual Media menu options: – Connect or disconnect Virtual Media session from Virtual Media menu. – Specify the location of the image file that is created from the folder. – Create an image from the folder without enabling Virtual Media session. – New interface when Virtual Media is launched in standalone mode.
Supported Web Browsers iDRAC7 is supported on the following browsers: • Internet Explorer • Mozilla Firefox • Google Chrome • Safari For the list of versions, see the Readme available at dell.com/support/manuals. Managing Licenses iDRAC7 features are available based on the purchased license (Basic Management, iDRAC7 Express, or iDRAC7 Enterprise). Only licensed features are available in the interfaces that allow you to configure or use iDRAC7.
• Import — After acquiring the license, store the license in a local storage and import it into iDRAC7 using one of the supported interfaces. The license is imported if it passes the validation checks. NOTE: For a few features, a system restart is required to enable the features. • Export — Export the installed license into an external storage device for backup or to reinstall it again after a part or motherboard replacement. The file name and format of the exported license is .xml.
Managing Licenses Using RACADM To manage licenses using RACADM, use the license subcommand. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals. Licensable Features In iDRAC7 The following table provides the iDRAC7 features that are enabled based on the license purchased. Table 2.
Feature Basic Management with IPMI iDRAC7 Express (Rack and Tower Servers) iDRAC7 iDRAC7 Express (for Enterprise Blade Servers) Remote Management and Remediation Embedded Diagnostic Yes Yes Yes Yes Serial Over LAN (with proxy) Yes Yes Yes Yes Serial Over LAN (no proxy) No Yes Yes Yes Crash Screen capture No Yes Yes Yes Crash Video Capture No No No Yes Boot Capture No No No Yes Virtual Media [4] No No Yes Yes Virtual Console [4] No No Yes [5] Yes Console Collaborat
Feature Basic Management with IPMI iDRAC7 Express (Rack and Tower Servers) iDRAC7 iDRAC7 Express (for Enterprise Blade Servers) RAC Log [7] No Yes Yes Yes Trace Log [7] No Yes Yes Yes Remote Syslog No No No Yes [1] iDRAC7 license management and firmware update functionality is always available through iDRAC7 Web interface and RACADM. [2] All blade servers use dedicated NIC for iDRAC7 at all times, but the speed is limited to 100 Mbps.
Interface or Protocol Description • • Server LCD Panel/ Chassis LCD Panel Firmware RACADM is accessible by logging in to iDRAC7 using SSH or telnet. You can run the firmware RACADM commands without specifying the iDRAC7 IP, user name, or password. You do not have to specify the iDRAC7 IP, user name, or password to run the firmware RACADM commands. After you enter the RACADM prompt, you can directly run the commands without the racadm prefix.
Interface or Protocol Description WS-MAN The LC-Remote Services is based on the WS-Management protocol to do one-to-many systems management tasks. You must use WS-MAN client such as WinRM client (Windows) or the OpenWSMAN client (Linux) to use the LC-Remote Services functionality. You can also use Power Shell and Python to script to the WS-MAN interface. Web Services for Management (WS-Management) is a Simple Object Access Protocol (SOAP)–based protocol used for systems management.
Table 5. Ports iDRAC7 Uses as Client Port Number Function 25* SMTP 53 DNS 68 DHCP-assigned IP address 69 TFTP 162* SNMP trap 445 Common Internet File System (CIFS) 636 LDAP Over SSL (LDAPS) 2049 Network File System (NFS) 123 Network Time Protocol (NTP) 3269 LDAPS for global catalog (GC) * Configurable port Other Documents You May Need In addition to this guide, the following documents available on the Dell Support website at dell.
• The iDRAC7 Overview and Feature Guide provides information about iDRAC7, its licensable features, and license upgrade options. • The safety instructions that came with your system provide important safety and regulatory information. For additional regulatory information, see the Regulatory Compliance home page at dell.com/regulatory_compliance. Warranty information may be included within this document or as a separate document.
• From Dell Support site as follows: – Go to dell.com/support/manuals. – In the Tell us about your Dell system section, under No, select Choose from a list of all Dell products and click Continue. – In the Select your product type section, click Software and Security.
Logging into iDRAC7 2 You can log in to iDRAC7 as an iDRAC7 user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name and password is root and calvin, respectively. You can also log in using Single Sign-On or Smart Card. NOTE: You must have Login to iDRAC privilege to log in to iDRAC7.
5. For an LDAP user, in the Username and Password fields, enter your LDAP user name and password. Domain name is not required for LDAP login. By default, This iDRAC is selected in the drop-down menu. 6. Click Submit. You are logged into iDRAC7 with the required user privileges. If you log in with Configure Users privileges and the default account credentials, and if the default password warning feature is enabled, the Default Password Warning page is displayed allowing you to easily change the password.
3. Enter the Smart Card PIN for local Smart Card users. You are logged into the iDRAC7. NOTE: If you are a local user for whom Enable CRL check for Smart Card Logon is enabled, iDRAC7 attempts to download the CRL and checks the CRL for the user's certificate. The login fails if the certificate is listed as revoked in the CRL or if the CRL cannot be downloaded for some reason.
• You have logged into your system using a valid Active Directory user account. • Single Sign-On option is enabled during Active Directory configuration. To login to iDRAC7 using Web interface: 1. Log in to your management station using a valid Active Directory account. 2. In a Web browser, type https://[FQDN address] NOTE: If the default HTTPS port number (port 443) has been changed, type: https://[FQDN address]:[port number] where, [FQDN address] is the iDRAC7 FQDN (iDRAC7dnsname.domain.
3. Append the PEM formatted CA certificate to the management station CA certificate. For example, use the cat command: - cat testcacert.pem >> cert.pem 4. Generate and upload the server certificate to iDRAC7. Accessing iDRAC7 Using Local RACADM For information to access iDRAC7 using local RACADM, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals.
Interface Number of Sessions Firmware RACADM / SMCLP SSH - 2 Telnet - 2 Serial - 1 Changing Default Login Password The warning message that allows you to change the default password is displayed if: • • • You log in to iDRAC7 with Configure Users privilege. Default password warning feature is enabled. Credentials for any currently enabled account are root/calvin. The same warning message is displayed if you log in using Active Directory or LDAP.
For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC. Changing Default Login Password Using iDRAC Settings Utility To change the default login password using iDRAC Settings Utility: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings.User Configuration page is displayed. 2. In the Change Password field, enter the new password. 3. Click Back, click Finish, and then click Yes. The details are saved.
Setting Up Managed System and Management Station 3 To perform out-of-band systems management using iDRAC7, you must configure iDRAC7 for remote accessibility, set up the management station and managed system, and configure the supported Web browsers. NOTE: In case of blade servers, install CMC and I/O modules in the chassis and physically install the system in the chassis before performing the configurations. Both iDRAC Express and iDRAC Enterprise ship from the factory with a default static IP address.
After you configure iDRAC7 IP address: • Make sure to change the default user name and password after setting up the iDRAC7 IP address. • Access it through any of the following interfaces: – iDRAC7 Web interface using a supported browser (Internet Explorer, Firefox, Chrome, or Safari) – Secure Shell (SSH) — Requires a client such as PuTTY on Windows. SSH is available by default in most of the Linux systems and hence does not require a client.
NOTE: For information about the options, see the iDRAC Settings Utility Online Help. 1. Under Enable NIC, select the Enabled option. 2. From the NIC Selection drop-down menu, select one of the following ports based on the network requirement: – Dedicated — Enables the remote access device to use the dedicated network interface available on the Remote Access Controller (RAC).
IPv4 Settings To configure the IPv4 settings: 1. Select Enabled option under Enable IPv4 . 2. Select Enabled option under Enable DHCP , so that DHCP can automatically assign the IP address, gateway, and subnet mask to iDRAC7. Else, select Disabled and enter the values for: 3. – Static IP Address – Static Gateway – Static Subnet Mask Optionally, enable Use DHCP to obtain DNS server address, so that the DHCP server can assign the Static Preferred DNS Server and Static Alternate DNS Server.
NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC7 network settings from CMC. 1. Log in to CMC Web interface. 2. Go to Server Overview → Setup → iDRAC. The Deploy iDRAC page is displayed. 3. Under iDRAC Network Settings, select Enable LAN and other network parameters as per requirements. For more information, see CMC online help. 4. For additional network settings specific to each blade server, go to Server Overview → . The Server Status page is displayed.
4. Click Network. The iDRAC Settings Network page is displayed. 5. Enable NIC. 6. Enable IPv4. NOTE: IPv6 is not supported for auto-discovery. 7. Enable DHCP and get the domain name, DNS server address, and DNS domain name from DHCP. NOTE: Step 7 is optional if the provisioning server IP address (step 3) is provided.
Enabling Auto Config Using RACADM Auto Config Sequence 1. Create or modify the XML file that configures the attributes of Dell servers. 2. Place the XML file in a share location that is accessible by the DHCP server and all the Dell servers that are assigned IP address from the DHCP server. 3. Specify the XML file location in vendor-option 43 field of DHCP server. 4. The iDRAC as part of acquiring IP address advertises vendor class identifier iDRAC. (Option 60) 5.
Configuring Option 60 on Windows To configure option 60 on Windows: 1. On the DHCP server, go to Start → Administration Tools → DHCP to open the DHCP server administration tool. 2. Find the server and expand the items under it. 3. Right-click on IPv4 and choose Define Vendor Classes. 4. Click Add and enter the following: – Display name — iDRAC (read-only) – Description — Vendor Class 5. – Under ASCII, click and enter iDRAC. Click OK. 6.
#default gateway option routers 192.168.0.1; option subnet-mask 255.255.255.0; option nis-domain "domain.org"; option domain-name "domain.org"; option domain-name-servers 192.168.1.1; option time-offset -18000; # Eastern Standard Time # option ntp-servers 192.168.1.1; # option netbios-name-servers 192.168.1.1; # --- Selects point-to-point node (default is hybrid).
To set up the management station: 1. Install a supported operating system. For more information, see the readme. 2. Install and configure a supported Web browser (Internet Explorer, Firefox, Chrome, or Safari). 3. Install the latest Java Runtime Environment (JRE) (required if Java plug-in type is used to access iDRAC7 using a Web browser). 4. From the Dell Systems Management Tools and Documentation DVD, install Remote RACADM and VMCLI from the SYSMGMT folder.
Modifying Local Administrator Account Settings After setting the iDRAC7 IP address, you can modify the local administrator account settings (that is, user 2) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to User Configuration. The iDRAC Settings User Configuration page is displayed. 2. Specify the details for Username, LAN User Privileges, Serial Port User Privileges, and Password. For information about the options, see the iDRAC Settings Utility Online Help. 3.
• Optimize for performance • Optimize for minimum power • Set the maximum air exhaust temperature • Increase airflow through a fan offset, if required To do this: 1. In the iDRAC Settings utility, go to Thermal. The iDRAC Settings Thermal page is displayed. 2. Specify the thermal, user option, and fan settings: – Thermal Base Algorithm — By default, this is set to Auto, which maps to the profile settings selected under System BIOS → System BIOS Settings. System Profile Settings page.
4. Scroll down to the section labeled ActiveX controls and plug-ins and set the following: NOTE: The settings in the Medium-Low state depend on the IE version.
6. Under Browsing: – Always send URLs as UTF-8: selected – Disable script debugging (Internet Explorer): selected – Disable script debugging: (Other): selected – Display a notification about every script error: cleared – Enable Install On demand (Other): selected – Enable page transitions: selected – Enable third-party browser extensions: selected – Reuse windows for launching shortcuts: cleared Under HTTP 1.1 settings: – Use HTTP 1.1: selected – Use HTTP 1.
Disabling Whitelist Feature in Firefox Adding iDRAC7 to the List of Trusted Domains When you access iDRAC7 Web interface, you are prompted to add iDRAC7 IP address to the list of trusted domains if the IP address is missing from the list. When completed, click Refresh or relaunch the Web browser to establish a connection to iDRAC7 Web interface.
iDRAC7 Web interface is designed to work with localized keyboards for the supported language variants. Some features of iDRAC7 Web interface, such as Virtual Console, may require additional steps to access certain functions or letters. Other keyboards are not supported and may cause unexpected problems. NOTE: See the browser documentation on how to configure or setup different languages and view localized versions of iDRAC7 Web interface.
NOTE: When multiple firmware updates are applied through out-of-band methods, the updates are ordered in the most efficient possible manner to reduce unnecessary system restart. Table 7.
NOTE: The same file format is used to recover iDRAC7 using CMC Web interface. • Managed System — Download the operating system-specific Dell Update Package (DUP). The file extensions are .bin for Linux Operating systems and .exe for Windows operating systems. • Lifecycle Controller — Download the latest catalog file and DUPs and use the Platform Update feature in Lifecycle Controller to update the device firmware.
updates, a comparison report is generated that lists all available updates. You can then select and apply the required updates contained in the repository to the system. Before performing an update using the repository, make sure that: • A repository containing Windows based update packages (DUPs) and a catalog file is created in the network share (CIFS or NFS). If a user-defined catalog file is not available, by default Catalog.xml is used. • Lifecycle Controller is enabled.
To update device firmware using FTP: 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed. 2. On the Update tab, select FTP as the File Location. 3. In the FTP Server Settings section, enter the FTP details. For information about the fields, see the iDRAC7 Online Help. 4. Click Check for Update. 5.
Automatic updates is available only with the iDRAC7 Enterprise license. You can schedule automatic firmware updates using the iDRAC Web interface or RACADM. NOTE: IPv6 address is not supported for scheduling automatic firmware updates.
– To automatically update firmware using a CIFS share: racadm AutoUpdateScheduler create -u admin -p pwd -l //1.2.3.4/CIFS-share –f cat.xml -time 14:30 -wom 1 -dow sun -rp 5 -a 1 – To automatically update firmware using FTP: racadm AutoUpdateScheduler create -u admin -p pwd -l ftp.mytest.com -pu puser –pp puser –po 8080 –pt http –f cat.
Updating Firmware Using Remote RACADM To update using remote RACADM: 1. Download the firmware image to the TFTP or FTP server. For example, C:\downloads\firmimg.d7 2. Run the following RACADM command: TFTP server: – Using fwupdate command: racadm -r -u -p fwupdate -g -u -a where path is the location on the TFTP server where firmimg.d7 is stored.
Viewing and Managing Staged Updates Using RACADM To view the staged updates using RACADM, use jobqueue subcommand. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals. Rolling Back Device Firmware You can rollback the firmware for iDRAC or any device that is supported by Lifecycle Controller. You can perform firmware rollback for multiple devices with one system reboot.
Rollback Firmware Using iDRAC7 Web Interface To roll back device firmware: 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Update and Rollback → Rollback . The Rollback page displays the devices for which you can rollback the firmware. You can view the device name, associated devices, currently installed firmware version, and the available firmware rollback version. 2. Select one or more devices for which you want to rollback the firmware. 3.
Rollback Firmware Using RACADM To rollback device firmware using racadm: 1. Check the rollback status and the FQDD using the swinventory command: racadm swinventory For the device for which you want to rollback the firmware, the Rollback Version must be Available. Also, make a note of the FQDD. 2. Rollback the device firmware using: racadm rollback For more information, see RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals.
Backing Up Server Profile You can backup the system configuration, including the installed firmware images on various components such as BIOS, RAID, NIC, iDRAC, Lifecycle Controller, and Network Daughter Cards (NDCs) and the configuration settings of those components. The backup operation also includes the hard disk configuration data, motherboard, and replaced parts. The backup creates a single file that you can save to a vFlash SD card or network share (CIFS or NFS).
Scheduling Automatic Backup Server Profile You can enable and schedule periodic backups of the firmware and server configuration based on a certain day, week, or month. Before scheduling automatic backup server profile operation, make sure that: • Lifecycle Controller and Collect System Inventory On Reboot (CSIOR) option is enabled. • Network Time Protocol (NTP) is enabled so that time drift does not affect the actual times of scheduled jobs running and when the next scheduled job is created.
To disable automatic backup use the command: racadm set LifeCycleController.lcattributes.autobackup Disabled To clear the backup schedule: racadm systemconfig clearbackupscheduler For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals.
6. Click Import. The import server profile operation is initiated. Importing Server Profile Using RACADM To import the server profile using RACADM, use systemconfig restore command. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals. Restore Operation Sequence The restore operation sequence is: 1. Host system shuts down. 2. Backup file information is used to restore the Lifecycle Controller. 3. Host system turns on. 4.
Configuring iDRAC7 4 iDRAC7 enables you to configure iDRAC7 properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC7, make sure that the iDRAC7 network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC7, see Managing Licenses.
Configuring Services Configuring Front Panel Display Setting Up Managed System Location Configuring Time Zone and NTP Setting Up iDRAC7 Communication Configuring User Accounts and Privileges Monitoring and Managing Power Enabling Last Crash Screen Configuring and Using Virtual Console Managing Virtual Media Managing vFlash SD Card Setting First Boot Device Enabling or Disabling OS to iDRAC Pass-through Configuring iDRAC7 to Send Alerts Viewing iDRAC7 Information You can view the basic properties of iDRAC7.
To modify the network settings using iDRAC7 Web interface or RACADM, you must have Configure privileges. NOTE: Changing the network settings may terminate the current network connections to iDRAC7. Modifying Network Settings Using Web Interface To modify the iDRAC7 network settings: 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network. The Network page is displayed. 2.
racadm racadm racadm racadm racadm racadm set set set set set set iDRAC.IPv4.DNS1 192.168.0.5 iDRAC.IPv4.DNS2 192.168.0.6 iDRAC.Nic.DNSRegister 1 iDRAC.Nic.DNSRacName RAC-EK00002 iDRAC.Nic.DNSDomainFromDHCP 0 iDRAC.Nic.DNSDomainName MYDOMAIN NOTE: If cfgNicEnable or iDRAC.Nic.Enable is set to 0, the iDRAC7 LAN is disabled even if DHCP is enabled.
• – cfgRacTuneIpRangeMask – cfgRacTuneIpBlkEnable – cfgRacTuneIpBlkFailCount – cfgRacTuneIpBlkFailWindow With set command, use the objects in the iDRAC.IPBlocking group: – RangeEnable – RangeAddr – RangeMask – BlockEnable – FailCount – FailWindow – PenaltyTime The cfgRacTuneIpRangeMask or the RangeMask property is applied to both the incoming IP address and to the cfgRacTuneIpRangeAddr or RangeAddr property.
• – Using config command: racadm config -g cfgRacTuning -o cfgRacTuneIpRangeEnable 1 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailCount 5 racadm config -g cfgRacTuning -o cfgRacTuneIpBlkFailWindow 60 – Using set command: racadm set iDRAC.IPBlocking.RangeEnable 1 racadm set iDRAC.IPBlocking.FailCount 5 racadm set iDRAC.IPBlocking.
• Use the following objects with the config command: – • cfgRacTuneLocalConfigDisable – cfgRacTuneCtrlEConfigDisable – cfgSerialSshEnable – cfgRacTuneSshPort – cfgSsnMgtSshIdleTimeout – cfgSerialTelnetEnable – cfgRacTuneTelnetPort – cfgSsnMgtTelnetIdleTimeout – cfgRacTuneWebserverEnable – cfgSsnMgtWebserverTimeout – cfgRacTuneHttpPort – cfgRacTuneHttpsPort – cfgRacTuneRemoteRacadmEnable – cfgSsnMgtRacadmTimeout – cfgOobSnmpAgentEnable – cfgOobSnmpAgentCommunity Use the obje
Using VNC Client to Manage Remote Server You can use a standard open VNC client to manage the remote server using both desktop and mobile devices such as Dell Wyse PocketCloud. When servers in data centers stop functioning, the iDRAC or the operating system sends an alert to the console on the management station. The console sends an email or SMS to a mobile device with required information and launches VNC viewer application on the management station.
To configure the SSL tunnel application: 1. Configure SSL tunnel to accept connection on :. For example, 127.0.0.1:5930. 2. Configure SSL tunnel to connect to :. For example, 192.168.0.120:5901. 3. Start the tunnel application. To establish connection with the iDRAC VNC server over the SSL encrypted channel, connect the VNC viewer to the localhost (link local IP address) and the local port number (127.0.0.1:).
Configuring LCD Setting Using Web Interface To configure the server LCD front panel display: 1. In iDRAC7 Web interface, go to Overview → Hardware → Front Panel. 2.
Configuring System ID LED Setting To identify a server, enable or disable System ID LED blinking on the managed system. Configuring System ID LED Setting Using Web Interface To configure the System ID LED display: 1. In iDRAC7 Web interface, go to Overview → Hardware → Front Panel. The Front Panel page is displayed. 2. In System ID LED Settings section, select any of the following options to enable or disable LED blinking: 3.
remains as the first boot device in the BIOS boot order, until it is changed again either from the iDRAC7 Web interface or from the BIOS boot sequence.
To set the first boot device using Virtual Console: 1. Launch Virtual Console. 2. In the Virtual Console Viewer, from the Next Boot menu, set the required device as the first boot device. Enabling Last Crash Screen To troubleshoot the cause of managed system crash, you can capture the system crash image using iDRAC7. To enable the last crash screen: 1. From the Dell Systems Management Tools and Documentation DVD, install Server Administrator on the managed system.
• iDRAC is configured to use dedicated NIC or shared mode (that is, NIC selection is assigned to one of the LOMs). • Host operating system and iDRAC7 are in the same subnet and same VLAN. • Host operating system IP address is configured. • A card that supports OS to iDRAC pass-through capability is installed. • You have Configure privilege. When you enable this feature: • In shared mode, the host operating system's IP address is used.
Supported Operating Systems for USB NIC The operating systems supported for USB NIC are: • Windows Server 2008 SP2 (64-bit) • Windows Server 2008 SP2 R2 (64-bit) • Windows Server 2012 SP1 • SLES 10 SP4 (64-bit) • SLES 11 SP2 (64-bit) • RHEL 5.9 (32-bit and 64-bit) • RHEL 6.4 • vSphere v5.0 U2 ESXi • vSphere v5.1 U1 ESXi • vSphere v5.5 ESXi On servers with Windows 2008 SP2 64-bit operating system, the iDRAC Virtual CD USB Device is not discovered automatically (or enabled).
• Turn off and turn on the system. On systems with RHEL 5.9 operating system, if the USB NIC was disabled and if you turn off the system or vice-versa, when the system is turned on and if the USB NIC is enabled, the USB NIC device is not active automatically. To make it active, check if any ifcfg-ethX.bak file is available in the /etc/sysconfig/network-script directory for the USB NIC interface. If it is available, rename it to ifcfg-ethX and then use the ifup ethX command.
6. Click Test Network Configuration to check if the IP is accessible and the link is established between the iDRAC and the host operating system. Enabling or Disabling OS to iDRAC Pass-through Using RACADM To enable or disable OS to iDRAC Pass-through using RACADM, use the objects in the iDRAC.OS-BMC group. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/ manuals.
Login Type Certificate Type How to Obtain SHA-2 certificates are also supported. Local User login SSL Certificate Generate a CSR and get it signed from a trusted CA NOTE: iDRAC7 ships with a default self-signed SSL server certificate. The iDRAC7 Web server, Virtual Media, and Virtual Console use this certificate. SHA-2 certificates are also supported.
is called a wildcard certificate. If a wildcard CSR is generated outside of iDRAC, you can have a signed single wildcard SSL certificate that you can upload for multiple iDRACs and all the iDRACs are trusted by the supported browsers. While connecting to iDRAC Web interface using a supported browser that supports a wildcard certificate, the iDRAC is trusted by the browser. While launching viewers, the iDRACs are trusted by the viewer clients.
CAUTION: During reset, iDRAC7 is not available for a few minutes. Related Links SSL Server Certificates Uploading Server Certificate Using Web Interface To upload the SSL server certificate: 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → SSL, select Upload Server Certificate and click Next. The Certificate Upload page is displayed. 2. Under File Path, click Browse and select the certificate on the management station. 3. Click Apply.
Uploading Custom Signing Certificate Using Web Interface To upload the custom signing certificate using iDRAC7 Web interface: 1. Go to Overview → iDRAC Settings → Network → SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Upload Custom SSL Certificate Signing Certificate and click Next. The Upload Custom SSL Certificate Signing Certificate page is displayed. 3. Click Browse and select the custom SSL certificate signing certificate file.
Deleting Custom Signing Certificate To delete the custom signing certificate using iDRAC7 Web interface: 1. Go to Overview → iDRAC Settings → Network → SSL. The SSL page is displayed. 2. Under Custom SSL Certificate Signing Certificate, select Delete Custom SSL Certificate Signing Certificate and click Next. The custom signing certificate is deleted from iDRAC. iDRAC resets to use the default self-signed SSL certificate auto-generated by the Web server. iDRAC is not available during reset.
Creating an iDRAC7 Configuration File The configuration file .cfg can be: • Created • Obtained from racadm getconfig -f .cfg command or racadm get -f .cfg • Obtained from racadm getconfig -f .cfg command or racadm get -f .cfg, and then edited For information about the getconfig and get commands, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals . The .
CAUTION: Use the racresetcfg subcommand to reset the database and the iDRAC7 NIC settings to the default settings and remove all users and user configurations. While the root user is available, other user settings are also reset to the default settings. Parsing Rules • All lines that start with '#' are treated as comments. A comment line must start in column one. A '#' character in any other column is treated as a '#' character. Some modem parameters may include # characters in its string.
cfgNicIpAddress=10.35.10.110 cfgNicGateway=10.35.10.1 This file is updated as follows: # # Object Group "cfgLanNetworking" # [cfgLanNetworking] cfgNicIpAddress=10.35.9.143 # comment, the rest of this line is ignored cfgNicGateway=10.35.9.1 The command racadm config -f myfile.cfg parses the file and identifies any errors by line number. A correct file updates the proper entries. Additionally, you can use the same getconfig command from the previous example to confirm the update.
Viewing iDRAC7 and Managed System Information 5 You can view iDRAC7 and managed system’s health and properties, hardware and firmware inventory, sensor health, storage devices, network devices, and view and terminate user sessions. For blade servers, you can also view the flex address information.
• CPUs • DIMMs • HDDs • Backplanes • Network Interface Cards (integrated and embedded) • Video card • SD card • Power Supply Units (PSUs) • Fans • Fibre Channel HBAs • USB The Firmware Inventory section displays the firmware version for the following components: • BIOS • Lifecycle Controller • iDRAC • OS driver pack • 32-bit diagnostics • System CPLD • PERC controllers • Batteries • Physical disks • Power supply • NIC • Fibre Channel • Backplane • Enclosure
• CPU — Indicates the health and state of the CPUs in the managed system. It also reports processor automatic throttling and predictive failure. • Memory — Indicates the health and state of the Dual In-line Memory Modules (DIMMs) present in the managed system. • Intrusion— Provides information about the chassis. • Power Supplies (available only for rack and tower servers) — Provides information about the power supplies and the power supply redundancy status.
View Sensor Information For Using Web Interface Temperature Overview → Server → Power/ Thermal → Temperatures Voltage Overview → Server → Power/ Thermal → Voltages Using RACADM Checking the System for Fresh Air Compliance Fresh air cooling directly uses outside air to cool systems in the data center. Fresh air compliant systems can operate above its normal ambient operating range (temperatures up to 113 °F (45 °C)).
You can also configure iDRAC to generate additional events. For more information, see the Setting Alert Recurrence Event section. Viewing Historical Temperature Data Using iDRAC7 Web Interface To view historical temperature data: 1. In the iDRAC7 Web interface, go to Overview → Server → Power / Thermal → Temperatures. The Temperatures page is displayed. 2.
• Go to Overview → Storage → Virtual Disks to view virtual disks information. The Virtual Disks page is displayed. • Go to Overview → Storage → Controllers to view the RAID controller information. The Controllers page is displayed. • Go to Overview → Storage → Enclosures to view the enclosure information. The Enclosures page is displayed. You can also use filters to view specific device information. For more information on the displayed properties and to use the filter options, see iDRAC7 Online Help.
initiator, and storage target attributes after the device is reset and before it is initialized, thus eliminating a second BIOS restart. The device configuration and boot operation occur in a single system start and is optimized for boot time performance. Before enabling I/O identity optimization, make sure that: • You have the Login, Configure, and System Control privileges. • BIOS, iDRAC, and network cards are updated to the latest firmware.
NOTE: I/O Identity Optimization is not supported on the following cards: • Emulex cards • Fibre Channel cards • Intel x520 Mezz 10 GB Supported BIOS Version for I/O Identity Optimization The following table provides the minimum BIOS version supported on the 12th generation PowerEdge servers. Dell PowerEdge 12th Generation Server Minimum Supported BIOS Version R720, R720xd, R620, T620, and M620 2.1.0 R820 2.0.15 R520, R320, R420, T420, T320, M520, and M420 2.0.19 M820 1.7.
Inventory and Monitoring FC HBA Devices You can remotely monitor the health and view the inventory of the Fibre Channel Host Bus Adapters (FC HBA) devices in the managed system. The Emulex and QLogic (except FC8) FC HBAs are supported.
CAUTION: With FlexAddress enabled, if you switch from a server–assigned MAC address to a chassis–assigned MAC address and vice–versa, iDRAC7 IP address also changes. Viewing or Terminating iDRAC7 Sessions You can view the number of users currently logged in to iDRAC7 and terminate the user sessions. Terminating iDRAC7 Sessions Using Web Interface The users who do not have administrative privileges must have Configure iDRAC7 privilege to terminate iDRAC7 sessions using iDRAC7 Web interface.
6 Setting Up iDRAC7 Communication You can communicate with iDRAC7 using any of the following modes: • iDRAC7 Web Interface • Serial connection using DB9 cable (RAC serial or IPMI serial) - For rack and tower servers only • IPMI Serial Over LAN • IPMI Over LAN • Remote RACADM • Local RACADM • Remote Services For an overview of the supported protocols, supported commands, and pre-requisites, see the following table. Table 11.
Communicating With iDRAC7 Using IPMI SOL Communicating With iDRAC7 Using IPMI Over LAN Enabling or Disabling Remote RACADM Disabling Local RACADM Enabling IPMI on Managed System Configuring Linux for Serial Console During Boot Supported SSH Cryptography Schemes Communicating With iDRAC7 Through Serial Connection Using DB9 Cable You can use any of the following communication methods to perform systems management tasks through serial connection to rack and tower servers: • RAC Serial • IPMI Serial — Direc
6. Press to exit System Setup. Enabling RAC Serial Connection After configuring serial connection in BIOS, enable RAC serial in iDRAC7. NOTE: This is applicable only for iDRAC7 on rack and tower servers. Enabling RAC Serial Connection Using Web Interface To enable RAC serial connection: 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → Serial. The Serial page is displayed. 2. Under RAC Serial, select Enabled and specify the values for the attributes. 3. Click Apply.
Enabling Serial Connection IPMI Mode Using RACADM To configure the IPMI mode, disable the RAC serial interface and then enable the IPMI mode using any of the following: • Usingconfig command: racadm config -g cfgSerial -o cfgSerialConsoleEnable 0 racadm config -g cfgIpmiSerial -o cfgIpmiSerialConnectionMode < 0 or 1> where, 0 indicates Terminal mode and 1 indicates Basic mode. • Using set command: racadm set iDRAC.Serial.Enable 0 racadm set iDRAC.IPMISerial.
Configuring Additional Settings for IPMI Serial Terminal Mode Using Web Interface To set the Terminal Mode settings: 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → Serial The Serial page is displayed. 2. Enable IPMI serial. 3. Click Terminal Mode Settings. The Terminal Mode Settings page is displayed. 4.
Communicating With iDRAC7 Using IPMI SOL IPMI Serial Over LAN (SOL) allows a managed system’s text-based console serial data to be redirected over iDRAC7’s dedicated or shared out-of-band ethernet management network. Using SOL you can: • Remotely access operating systems with no time-out. • Diagnose host systems on Emergency Management Services (EMS) or Special Administrator Console (SAC) for Windows or Linux shell. • View the progress of a servers during POST and reconfigure the BIOS setup program.
Configuring iDRAC7 to Use SOL Using iDRAC7 Web Interface To configure IPMI Serial over LAN (SOL): 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → Serial Over LAN. The Serial over LAN page is displayed. 2. Enable SOL, specify the values, and click Apply. The IPMI SOL settings are configured. 3. To set the character accumulate interval and the character send threshold, select Advanced Settings. The Serial Over LAN Advanced Settings page is displayed. 4.
Enabling Supported Protocol The supported protocols are IPMI, SSH, and Telnet. Enabling Supported Protocol Using Web Interface To enable SSH or Telnet, go to Overview → iDRAC Settings → Network → Services and select Enabled for SSH or Telnet, respectively. To enable IPMI, go to Overview → iDRAC Settings → Network and select Enable IPMI Over LAN. Make sure that the Encryption Key value is all zeroes or press the backspace key to clear and change the value to NULL characters.
NOTE: If required, you can change the default SOL time-out at Overview → iDRAC Settings → Network → Services. 1. Install IPMITool from the Dell Systems Management Tools and Documentation DVD. 2. At the command prompt (Windows or Linux), run the command to start SOL from iDRAC7: ipmitool -H -I lanplus -U -P sol activate For installation instructions, see the Software Quick Installation Guide.
NOTE: If required, you can change the default SSH or Telnet time-out at Overview → iDRAC Settings → Network → Services. 1. Run the command to connect to iDRAC7: putty.exe [-ssh | -telnet] @ NOTE: The port number is optional. It is required only when the port number is reassigned. 2. Run the command console com2 or connect to start SOL and boot the managed system.
3. Enter one of the following commands at the command prompt to start SOL: – connect – console com2 This connects iDRAC7 to the managed system’s SOL port. Once a SOL session is established, iDRAC7 command line console is not available. Follow the escape sequence correctly to open the iDRAC7 command line console. The escape sequence is also printed on the screen as soon as a SOL session is connected. When the managed system is off, it takes sometime to establish the SOL session.
Disconnecting SOL Session in iDRAC7 Command Line Console The commands to disconnect a SOL session are based on the utility. You can exit the utility only when a SOL session is completely terminated. To disconnect a SOL session, terminate the SOL session from the iDRAC7 command line console: • To quit SOL redirection, press , , and then . The SOL session closes. • To quit a SOL session from Telnet on Linux, press and hold +]. A Telnet prompt is displayed. Enter quit to exit Telnet.
Configuring IPMI Over LAN Using RACADM To configure IPMI over LAN using set or config command: 1. Enable IPMI over LAN: – Using config command: racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1 – Using set command: racadm set iDRAC.IPMILan.Enable 1 NOTE: This setting determines the IPMI commands that are executed using IPMI over LAN interface. For more information, see the IPMI 2.0 specifications at intel.com. 2.
• Using config command: racadm config -g cfgRacTuning -o cfgRacTuneRemoteRacadmEnable 0 • Using set command: racadm set iDRAC.Racadm.Enable 0 NOTE: It is recommended to run these commands on the local system. Disabling Local RACADM The local RACADM is enabled by default. To disable, see Disabling Access to Modify iDRAC7 Configuration Settings on Host System. Enabling IPMI on Managed System On a managed system, use the Dell Open Manage Server Administrator to enable or disable IPMI.
3. Disable GRUB's graphical interface and use the text-based interface. Else, the GRUB screen is not displayed in RAC Virtual Console. To disable the graphical interface, comment-out the line starting with splashimage. The following example provides a sample /etc/grub.conf file that shows the changes described in this procedure. # grub.conf generated by anaconda # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition.
#Things to run in every runlevel. ud::once:/sbin/update ud::once:/sbin/update #Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now #When our UPS tells us power has failed, assume we have a few #minutes of power left. Schedule a shutdown for 2 minutes from now. #This does, of course, assume you have power installed and your #UPS is connected and working correctly.
Supported SSH Cryptography Schemes To communicate with iDRAC7 using SSH protocol, it supports multiple cryptography schemes listed in the following table. Table 12.
Generating Public Keys for Windows To use the PuTTY Key Generator application to create the basic key: 1. Start the application and select either SSH-2 RSA or SSH-2 DSA for the type of key to generate. (SSH-1 is not supported). The supported key generation algorithms are RSA and DSA only. 2. Enter the number of bits for the key. For RSA, it is between 768 and 4096 bits and for DSA, it 1024 bits. 3. Click Generate and move the mouse in the window as directed. The keys are generated. 4.
4. Upload the SSH keys in one of the following ways: – Upload the key file. – Copy the contents of the key file into the text box For more information, see iDRAC7 Online Help. 5. Click Apply. Uploading SSH Keys Using RACADM To upload the SSH keys, run the following command: NOTE: You cannot upload and copy a key at the same time.
3. Under SSH Key Configurations, select View/Remove SSH Key(s) and click Next. The View/Remove SSH Key(s) page displays the key details. 4. Select Remove for the key(s) you want to delete, and click Apply. The selected key(s) is deleted.
Configuring User Accounts and Privileges 7 You can setup user accounts with specific privileges (role-based authority) to manage your system using iDRAC7 and maintain system security. By default iDRAC7 is configured with a local administrator account. This default user name is root and the password is calvin. As an administrator, you can setup user accounts to allow other users to access iDRAC7.
Configuring Local Users Using RACADM NOTE: You must be logged in as user root to execute RACADM commands on a remote Linux system. You can configure single or multiple iDRAC7 users using RACADM. To configure multiple iDRAC7 users with identical configuration settings, perform one of the following procedures: • Use the RACADM examples in this section as a guide to create a batch file of RACADM commands and then execute the batch file on each managed system.
Adding iDRAC7 User Using RACADM To add a new user to the RAC configuration, perform the following: 1. Set the user name. 2. Set the password. 3. Set the following user privileges: 4. – iDRAC7 – LAN – Serial Port – Serial Over LAN Enable the user. Example: The following example describes how to add a new user named "John" with a "123456" password and LOGIN privileges to the RAC.
NOTE: You can use the getconfig and config commands or get and set commands. 1. 2. Locate an available user index using the command syntax: – Using getconfig command: racadm getconfig -g cfgUserAdmin -i – Using get command: racadm get iDRAC.Users Type the following commands with the new user name and password. – Using config command: racadm config -g cfgUserAdmin -o cfgUserAdminPrivilege -i – Using set command: racadm set iDRAC.Users..
Current Generation Prior Generation Description Access Virtual Console Access Virtual Console Redirection (for blade servers) Access Virtual Console (for rack and tower servers) Enables the user to run Virtual Console. Access Virtual Media Access Virtual Media Enables the user to run and use Virtual Media. System Operations Test Alerts Allows user initiated and generated events, and information is sent as an asynchronous notification and logged.
Installing SSL Certificate For Each Domain Controller To install the SSL certificate for each controller: 1. Click Start → Administrative Tools → Domain Security Policy . 2. Expand the Public Key Policies folder, right-click Automatic Certificate Request Settings and click Automatic Certificate Request. The Automatic Certificate Request Setup Wizard is displayed. 3. Click Next and select Domain Controller. 4. Click Next and click Finish. The SSL certificate is installed.
3. Right-click Certificates, select All Tasks and click Import. 4. Click Next and browse to the SSL certificate file. 5. Install iDRAC7 SSL Certificate in each domain controller’s Trusted Root Certification Authority. If you have installed your own certificate, make sure that the CA signing your certificate is in the Trusted Root Certification Authority list. If the Authority is not in the list, you must install it on all your domain controllers. 6.
Table 15.
Configuring Active Directory With Standard Schema Using iDRAC7 Web Interface NOTE: For information about the various fields, see the iDRAC7 Online Help. 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → User Authentication → Directory Services → Microsoft Active Directory. The Active Directory summary page is displayed. 2. Click Configure Active Directory. The Active Directory Configuration and Management Step 1 of 4 page is displayed. 3.
Configuring Active Directory With Standard Schema Using RACADM To configure iDRAC7 Active Directory with Standard Schema using the RACADM: 1.
If you want to disable the certificate validation during SSL handshake, enter the following RACADM command: – Using config command: racadm config -g cfgActiveDirectory -o cfgADCertValidationEnable 0 – Using set command: racadm set iDRAC.ActiveDirectory.CertValidationEnable 0 In this case, no Certificate Authority (CA) certificate needs to be uploaded.
class that is stored in the database. Some example user class attributes can include the user’s first name, last name, phone number, and so on. You can extend the Active Directory database by adding your own unique attributes and classes for specific requirements. Dell has extended the schema to include the necessary changes to support remote management authentication and authorization using Active Directory.
The Dell extension to the ADUC MMC Snap-in only allows associating the Privilege Object and iDRAC7 Objects from the same domain with the Association Object. The Dell extension does not allow a group or an iDRAC7 object from other domains to be added as a product member of the Association Object. When adding Universal Groups from separate domains, create an Association Object with Universal Scope.
3. Add iDRAC7 users and their privileges to Active Directory. 4. Configure iDRAC7 Active Directory properties using iDRAC7 Web interface or RACADM.
Classes and Attributes Table 16. Class Definitions for Classes Added to the Active Directory Schema Class Name Assigned Object Identification Number (OID) delliDRACDevice 1.2.840.113556.1.8000.1280.1.7.1.1 delliDRACAssociation 1.2.840.113556.1.8000.1280.1.7.1.2 dellRAC4Privileges 1.2.840.113556.1.8000.1280.1.1.1.3 dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4 dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5 Table 17. dellRacDevice Class OID 1.2.840.113556.1.8000.1280.1.7.1.
OID 1.2.840.113556.1.8000.1280.1.1.1.3 dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 20. dellPrivileges Class OID 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 21. dellProduct Class OID 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived.
Attribute Name/Description Assigned OID/Syntax Object Identifier Single Valued TRUE if the user has Log Clearing rights on the device. Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) dellIsServerResetUser TRUE if the user has Server Reset rights on the device. 1.2.840.113556.1.8000.1280.1.1.2.7 Boolean (LDAPTYPE_BOOLEAN 1.3.6.1.4.1.1466.115.121.1.7) TRUE dellIsConsoleRedirectUser TRUE if the user has Virtual Console rights on the device. 1.2.840.113556.1.8000.1280.1.1.2.
Adding iDRAC7 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC7 users and privileges by creating device, association, and privilege objects.
5. Provide access privileges to the authenticated users for accessing the created association objects. Related Links Providing User Access Privileges For Association Objects Providing User Access Privileges For Association Objects To provide access privileges to the authenticated users for accessing the created association objects: 1. Go to Administrative Tools → ADSI Edit. The ADSI Edit window is displayed. 2.
Configuring Active Directory With Extended Schema Using iDRAC7 Web Interface To configure Active Directory with extended schema using Web interface: NOTE: For information about the various fields, see the iDRAC7 Online Help. 1. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → User Authentication → Directory Services → Microsoft Active Directory. The Active Directory summary page is displayed. 2. Click Configure Active Directory.
Configuring Active Directory With Extended Schema Using RACADM To configure Active Directory with Extended Schema using the RACADM: 1.
3. 4. – Using config command: racadm config -g cfgLanNetworking -o cfgDNSServersFromDHCP 1 – Using set command: racadm set iDRAC.IPv4.
Configuring Generic LDAP Users iDRAC7 provides a generic solution to support Lightweight Directory Access Protocol (LDAP)-based authentication. This feature does not require any schema extension on your directory services. To make iDRAC7 LDAP implementation generic, the commonality between different directory services is utilized to group users and then map the user-group relationship. The directory service specific action is the schema.
9. If you want to configure additional role groups, repeat steps 7 and 8. 10. Click Finish. The generic LDAP directory service is configured. Configuring Generic LDAP Directory Service Using RACADM To configure the LDAP directory service: • Use the objects in the cfgLdap and cfgLdapRoleGroup groups with the config command. • Use the objects in the iDRAC.LDAP and iDRAC.LDAPRole groups with the set command.
Configuring iDRAC7 for Single Sign-On or Smart Card Login 8 This section provides information to configure iDRAC7 for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features. iDRAC7 supports Kerberos based Active Directory authentication to support Smart Card and SSO logins. For information on Kerberos, see the Microsoft website.
Registering iDRAC7 as a Computer in Active Directory Root Domain To register iDRAC7 in Active Directory root domain: 1. Click Overview → iDRAC Settings → Network → Network. The Network page is displayed. 2. Provide a valid Preferred/Alternate DNS Server IP address. This value is a valid DNS server IP address that is part of the root domain. 3. Select Register iDRAC on DNS. 4. Provide a valid DNS Domain Name. 5. Verify that network DNS configuration matches with the Active Directory DNS information.
3. Run the following command: C:\>setspn -a HTTP/iDRAC7name.domainname.com username A keytab file is generated. NOTE: If you find any issues with iDRAC7 user for which the keytab file is created, create a new user and a new keytab file. If the same keytab file which was initially created is again executed, it does not configure correctly. Creating Active Directory Objects and Providing Privileges Perform the following steps for Active Directory Extended schema based SSO login: 1.
Configuring iDRAC7 SSO Login for Active Directory Users Before configuring iDRAC7 for Active Directory SSO login, make sure that you have completed all the prerequisites. You can configure iDRAC7 for Active Directory SSO when you setup an user account based on Active Directory.
Uploading Smart Card User Certificate Before you upload the user certificate, make sure that the user certificate from the smart card vendor is exported in Base64 format. SHA-2 certificates are also supported. Related Links Obtaining Certificates Uploading Smart Card User Certificate Using Web Interface To upload smart card user certificate: 1. In iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → User Authentication → Local Users. The Users page is displayed. 2.
To configure iDRAC7 for smart card login: 1. 2. In iDRAC7 Web interface, while configuring Active Directory to set up an user account based on standard schema or extended schema, on the Active Directory Configuration and Management Step 1 of 4 page: – Enable certificate validation. – Upload a trusted CA-signed certificate. – Upload the keytab file. Enable smart card login. For information about the options, see the iDRAC7 Online Help.
• Use the objects in the iDRAC.SmartCard group with the set command. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMCavailable at dell.com/ support/manuals. Enabling or Disabling Smart Card Login Using iDRAC Settings Utility To enable or disable the Smart Card logon feature: 1. In the iDRAC Settings utility, go to Smart Card. The iDRAC Settings Smart Card page is displayed. 2. Select Enabled to enable smart card logon. Else, select Disabled.
Configuring iDRAC7 to Send Alerts 9 You can set alerts and actions for certain events that occur on the managed system. An event occurs when the status of a system component is greater than the pre-defined condition. If an event matches an event filter and you have configured this filter to generate an alert (e-mail, SNMP trap, IPMI alert, remote system logs, or WS events), then an alert is sent to one or more configured destinations.
Enabling or Disabling Alerts Using Web Interface To enable or disable generating alerts: 1. In iDRAC7 Web interface, go to Overview → Server → Alerts. The Alerts page is displayed. 2. Under Alerts section: – 3. Select Enable to enable alert generation or perform an event action. – Select Disable to disable alert generation or disable an event action. Click Apply to save the setting.
NOTE: Even if you are a user with read-only privileges, you can filter the alerts. 1. In iDRAC7 Web interface, go to Overview → Server → Alerts . The Alerts page is displayed. 2. Under Alerts Filter section, select one or more of the following categories: 3. 4. – System Health – Storage – Configuration – Audit – Updates – Work Notes Select one or more of the following severity levels: – Informational – Warning – Critical Click Apply.
3. Under Alerts Results, select one or all of the following alerts for the required events: – Email Alert – SNMP Trap – IPMI Alert – Remote System Log – OS Log 4. – WS Eventing Click Apply. 5. Under Alerts section, select the Enable option to send alerts to configured destinations. 6. Optionally, you can send a test event. In the Message ID to Test Event field, enter the message ID to test if the alert is generated and click Test.
Enabling or Disabling Alerts Setting Event Actions Using Web Interface To set an event action: 1. In iDRAC7 Web interface, go to Overview → Server → Alerts . The Alerts page is displayed. 2. Under Alerts Results, from the Actions drop-down menu, for each event select an action: 3. – Reboot – Power Cycle – Power Off – No Action Click Apply. The setting is saved. Setting Event Actions Using RACADM To configure an event action, use one of the following: • eventfilters command.
Configuring IP Alert Destinations Using Web Interface To configure alert destination settings using Web interface: 1. Go to Overview → Server → Alerts → SNMP and E-mail Settings. 2. Select the State option to enable an alert destination (IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN)) to receive the traps. You can specify up to eight destination addresses. For more information about the options, see the iDRAC7 Online Help. 3.
4. To test the trap, if required: racadm testtrap -i [index] where [index] is the trap destination index to test. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals. Configuring IP Alert Destinations Using iDRAC Settings Utility You can configure alert destinations (IPv4, IPv6, or FQDN) using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to Alerts. The iDRAC Settings Alerts page is displayed. 2.
Configuring Email Alert Settings Using RACADM To configure the email alert settings: 1. To enable email alert: – Using config command: racadm config -g cfgEmailAlert -o cfgEmailAlertEnable -i [index] [0|1] where [index] is the email destination index. 0 disables the email alert and 1 enables the alert. The email destination index can be a value from 1 through 4.
Configuring SMTP Email Server Address Settings Using iDRAC7 Web Interface To configure the SMTP server address: 1. In iDRAC7 Web interface, go to Overview → Server → Alerts → SNMP and E-mail Settings. 2. Enter the valid IP address or fully qualified domain name (FQDN) of the SMTP server to be used in the configuration. 3. Select the Enable Authentication option and then provide the user name and password (of a user who has access to SMTP server). 4. Enter the SMTP port number.
Message ID Description CPU Processor CPUA Proc Absent CTL Storage Contr DH Cert Mgmt DIS Auto-Discovery ENC Storage Enclosr FAN Fan Event FSD Debug HWC Hardware Config IPA DRAC IP Change ITR Intrusion JCP Job Control LC Lifecycle Contr LIC Licensing LNK Link Status LOG Log event MEM Memory NDR NIC OS Driver NIC NIC Config OSD OS Deployment OSE OS Event PCI PCI Device PDR Physical Disk PR Part Exchange PST BIOS POST PSU Power Supply PSUA PSU Absent PWR
Message ID Description SEL Sys Event Log SRD Software RAID SSD PCIe SSD STOR Storage SUP FW Update Job SWC Software Config SWU Software Change SYS System Info TMP Temperature TST Test Alert UEFI UEFI Event USR User Tracking VDR Virtual Disk VF vFlash SD card VFL vFlash Event VFLA vFlash Absent VLT Voltage VME Virtual Media VRM Virtual Console WRK Work Note 165
Managing Logs 10 iDRAC7 provides Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC7 Web interface, RACADM, and WS-MAN interface. When the size of the lifecycle log reaches 800 KB, the logs are compressed and archived.
For more information, see RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/ manuals. Viewing System Event Log Using iDRAC Settings Utility You can view the total number of records in the System Event Log (SEL) using the iDRAC Settings Utility and clear the logs. To do this: 1. In the iDRAC Settings Utililty, go to System Event Log. The iDRAC Settings.System Event Log displays the Total Number of Records. 2. To clear the records, select Yes. Else, select No. 3.
Viewing Lifecycle Log Using Web Interface To view the Lifecycle Logs, click Overview → Server → Logs → Lifecycle Log.The Lifecycle Log page is displayed. For more information about the options, see the iDRAC7 Online Help. Filtering Lifecycle Logs You can filter logs based on category, severity, keyword, or date range. To filter the lifecycle logs: 1. 2. In the Lifecycle Log page, under the Log Filter section, do any or all of the following: – Select the Log Type from the drop-down list.
Exporting Lifecycle Controller Logs Using RACADM To export the Lifecycle Controller logs using RACADM, use the lclog export command. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals or dell.com/ esmmanuals. Adding Work Notes Each user who logs in to iDRAC7 can add work notes and this is stored in the lifecycle log as an event. You must have iDRAC7 logs privilege to add work notes.
Monitoring and Managing Power 11 You can use iDRAC7 to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: • Power Monitoring — View the power status, history of power measurements, the current averages, peaks, and so on for the managed system.
Executing Power Control Operations iDRAC7 enables you to remotely perform a power-on, power off, reset, graceful shutdown, Non-Masking Interrupt (NMI), or power cycle using the Web interface or RACADM. You can also perform these operations using Lifecycle Controller Remote Services or WS-Management. For more information, see the Lifecycle Controller Remote Services Quick Start Guide available at dell.com/support/manuals and the Dell Power State Management profile document available at delltechcenter.com.
If there is not enough power allocated, the blade server does not power on. If the blade has been allocated enough power, the iDRAC7 turns on the system power. Viewing and Configuring Power Cap Policy When power cap policy is enabled, it enforces user-defined power limits for the system. If not, it uses the hardware power protection policy that is implemented by default. This power protection policy is independent of the user defined policy.
– System.Power.Cap.Percent For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals. Configuring Power Cap Policy Using iDRAC Settings Utility To view and configure power policies: 1. In iDRAC Settings utility, go to Power Configuration. NOTE: The Power Configuration link is available only if the server power supply unit supports power monitoring. The iDRAC Settings Power Configuration page is displayed. 2.
• System.Power.RedundancyPolicy • System.Power.Hotspare.Enable • System.Power.Hotspare.PrimaryPSU • System.Power.PFC.Enable For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals. Configuring Power Supply Options Using iDRAC Settings Utility To configure the power supply options: 1. In iDRAC Settings utility, go to Power Configuration.
Configuring and Using Virtual Console 12 You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers. The key features are: • A maximum of four simultaneous Virtual Console sessions are supported. All the sessions view the same managed server console simultaneously.
NOTE: If you have an active Virtual Console session and a lower resolution monitor is connected to the Virtual Console, the server console resolution may reset if the server is selected on the local console. If the system is running a Linux operating system, an X11 console may not be viewable on the local monitor. Press at the iDRAC7 Virtual Console to switch Linux to a text console. Configuring Web Browsers to Use Virtual Console To use Virtual Console on your management station: 1.
To configure IE to use ActiveX plug-in: 1. Clear the browser’s cache. 2. Add iDRAC7 IP or hostname to the Trusted Sites list. 3. Reset the custom settings to Medium-low or change the settings to allow installation of signed ActiveX plug-ins. 4. Enable the browser to download encrypted content and to enable third-party browser extensions.
Clearing Earlier ActiveX Versions in IE7 To clear earlier versions of Active-X viewer for IE7, do the following: 1. Close the Video Viewer and Internet Explorer browser. 2. Open the Internet Explorer browser again and go to Internet Explorer → Tools → Manage Add-ons and click Enable or Disable Add-ons. The Manage Add-ons window is displayed. 3. Select Add-ons that have been used by Internet Explorer from the Show drop-down menu. 4. Delete the Video Viewer add-on.
Importing CA Certificate to ActiveX Trusted Certificate Store You must use the OpenSSL command line tool to create the certificate Hash using Secure Hash Algorithm (SHA). It is recommended to use OpenSSL tool 1.0.x and later since it uses SHA by default. The CA certificate must be in Base64 encoded PEM format. This is one-time process to import each CA certificate. To import the CA certificate to the ActiveX trusted certificate store: 1. Open the OpenSSL command prompt. 2.
Previewing Virtual Console Before launching the Virtual Console, you can preview the state of the Virtual Console on the System → Properties → System Summary page. The Virtual Console Preview section displays an image showing the state of the Virtual Console. The image is refreshed every 30 seconds. This is a licensed feature. NOTE: The Virtual Console image is available only if you have enabled Virtual Console.
The Virtual Console Viewer displays the remote system’s desktop. Using this viewer, you can control the remote system’s mouse and keyboard functions from your management station. Multiple message boxes may appear after you launch the application. To prevent unauthorized access to the application, navigate through these message boxes within three minutes. Otherwise, you are prompted to relaunch the application. If one or more Security Alert windows appear while launching the viewer, click Yes to continue.
4. Click Browse Path, specify the location to store the user’s certificate, click Apply, click OK, and exit from the viewer. 5. Launch Virtual Console again. 6. In the certificate warning message, select the Always trust this certificate option, and then click Continue. 7. Exit from the viewer. 8. When you re-launch Virtual Console, the warning message is not displayed.
NOTE: This is not applicable for managed systems running Windows operating system since they support Absolute Positioning. When using the Virtual Console to connect to a managed system with a recent Linux distribution operating system installed, you may experience mouse synchronization problems. This may be due to the Predictable Pointer Acceleration feature of the GNOME desktop. For correct mouse synchronization in the iDRAC7 Virtual Console, this feature must be disabled.
Java-based Virtual Console Session running on Windows Operating System • Ctrl+Alt+Del key is not sent to the managed system, but always interpreted by the management station.
– If SysRq is enabled on the management station, then or resets the management station irrespective of the system’s state. – If SysRq is disabled on the management station, then the or keys resets the operating system on the managed system. – Other SysRq key combinations (example, , , and so on) are passed to the managed system irrespective of the SysRq keys enabled or not on the management station.
Managing Virtual Media 13 Virtual media allows the managed server to access media devices on the management station or ISO CD/DVD images on a network share as if they were devices on the managed server. Using the Virtual Media feature, you can: • Remotely access media connected to a remote system over the network • Install applications • Update drivers • Install an operating system on the managed system This is a licensed feature for rack and tower servers.
Supported Drives and Devices The following table lists the drives supported through virtual media. Table 25. Supported Drives and Devices Drive Supported Storage Media Virtual Optical Drives Virtual floppy drives USB flash drives • • • • • Legacy 1.44 floppy drive with a 1.
Configuring Virtual Media Using iDRAC Settings Utility You can attach, detach, or auto-attach virtual media using the iDRAC Settings utility. To do this: 1. In the iDRAC Settings utility, go to Virtual Media. The iDRAC Settings Virtual Media page is displayed. 2. Select Detach, Attach, or Auto attach based on the requirement. For more information about the options, see iDRAC Settings Utility Online Help. 3. Click Back, click Finish, and then click Yes. The Virtual Media settings are configured.
To access Virtual Media using Virtual Console: 1. In the iDRAC7 Web interface, go to Overview → Server → Virtual Console. The Virtual Console page is displayed. 2. Click Launch Virtual Console. The Virtual Console Viewer is launched. NOTE: On Linux, Java is the default plug-in type for accessing the Virtual Console. On Windows, open the.jnlp file to launch the Virtual Console using Java. 3. Click Virtual Media → Connect Virtual Media.
Disabling Warning Messages While Launching Virtual Console Or Virtual Media Using Java or ActiveX Plug-in Adding Virtual Media Images You can create a media image of the remote folder and mount it as a USB attached device to the server’s operating system. To add Virtual Media images: 1. Click Virtual Media → Create Image.... 2. In the Source Folder field, click Browse and browse to the folder or directory to be used as the source for the image file.
Mapping Virtual Drive To map the virtual drive: NOTE: While using ActiveX-based Virtual Media, you must have administrative privileges to map an operating system DVD or a USB flash drive (that is connected to the management station.) To map the drives, launch IE as an administrator or add the iDRAC7 IP address to the list of trusted sites. 1. To establish a Virtual Media session, from the Virtual Media menu, click Connect Virtual Media.
Displaying Correct Virtual Drives For Mapping On a Linux-based management station, the Virtual Media Client window may display removable disks and floppy disks that are not part of the management station. To make sure that the correct virtual drives are available to map, you must enable the port setting for the connected SATA hard drive. To do this: 1. Reboot the operating system on the management station. During POST, press or to enter System Setup. 2. Go to SATA settings.
Enabling Boot Once for Virtual Media You can change the boot order only once when you boot after attaching remote Virtual Media device. Before you enable the boot once option, make sure that: • You have Configure User privilege. • Map the local or virtual drives (CD/DVD, Floppy, or USB flash device) with the bootable media or image using the Virtual Media options • Virtual Media is in Attached state for the virtual drives to appear in the boot sequence.
Installing and Using VMCLI Utility 14 The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC7 on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network. NOTE: You can run the VMCLI utility only on the management station that is installed with 32–bit operating system.
The parameter enables VMCLI to connect to the specified server, access iDRAC7, and map to the specified virtual media. NOTE: VMCLI syntax is case-sensitive. To ensure security, it is recommended to use the following VMCLI parameters: • vmcli -i — Enables an interactive method of starting VMCLI. It ensures that the user name and password are not visible when processes are examined by other users.
• stderr/stdout redirection — Redirects any printed utility output to a file. For example, using the greater-than character (>) followed by a filename overwrites the specified file with the printed output of the VMCLI utility. NOTE: The VMCLI utility does not read from standard input (stdin). Hence, stdin redirection is not required. • Background execution — By default, the VMCLI utility runs in the foreground. Use the operating system's command shell features for the utility to run in the background.
Managing vFlash SD Card 15 The vFlash SD card is a Secure Digital (SD) card that plugs into the vFlash SD card slot in the system. You can use a card with a maximum of 16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC7 Web interface at Overview → Server → vFlash: SD card not detected.
Viewing vFlash SD Card Properties Using RACADM To view the vFlash SD card properties using RACADM, use one of the following: • • Use the cfgvFlashSD object with the getconfig command. The following read-only properties are displayed: – cfgVFlashSDSize – cfgVFlashSDLicensed – cfgVFlashSDAvailableSize – cfgVFlashSDHealth – cfgVFlashSDEnable – cfgVFlashSDWriteProtect – cfgVFlashSDInitialized Use the following objects with the get command: – iDRAC.vflashsd.AvailableSize – iDRAC.vflashsd.
– • To disable vFlash: racadm config -g cfgvFlashsd -o cfgvflashSDEnable 0 Using set command: – To enable vFlash: racadm set iDRAC.vflashsd.Enable 1 – To disable vFlash: racadm set iDRAC.vflashsd.Enable 0 NOTE: The RACADM command functions only if a vFlash SD card is present. If a card is not present, the following message is displayed: ERROR: SD Card not present. Enabling or Disabling vFlash Functionality Using iDRAC Settings Utility To enable or disable the vFlash functionality: 1.
Initializing vFlash SD Card Using iDRAC Settings Utility To initialize the vFlash SD card using iDRAC Settings utility: 1. In the iDRAC Settings utility, go to vFlash Media. The iDRAC Settings vFlash Media page is displayed. 2. Click Initialize vFlash. 3. Click Yes. The initialization operation starts. 4. Click Back and navigate to the same iDRAC Settings vFlash Media page to view the successful message.
Creating an Empty Partition An empty partition, when attached to the system, is similar to an empty USB flash drive. You can create empty partitions on a vFlash SD card. You can create partitions of type Floppy or Hard Disk. The partition type CD is supported only while creating partitions using images. Before creating an empty partition, make sure that: • You have Access Virtual Media privilege. • The card is initialized. • The card is not write-protected.
NOTE: The uploaded image and the emulation type must match. There are issues when iDRAC7 emulates a device with incorrect image type. For example, if the partition is created using an ISO image and the emulation type is specified as Hard Disk, then the BIOS cannot boot from this image. • Image file size is less than or equal to the available space on the card. • Image file size is less than or equal to 4 GB as the maximum partition size supported is 4 GB.
To format vFlash partition: 1. In iDRAC7 Web interface, go to Overview → Server → vFlash → Format. The Format Partition page is displayed. 2. Enter the required information and click Apply. For information about the options, see the iDRAC7 Online Help. A warning message indicating that all the data on the partition will be erased is displayed. 3. Click OK. The selected partition is formatted to the specified file system type. An error message is displayed if: – The card is write-protected.
Modifying a Partition Using Web Interface To modify a partition: 1. In the iDRAC7 Web interface, go to Overview → Server → vFlash → Manage. The Manage Partitions page is displayed. 2. In the Read-Only column: – – Select the checkbox for the partition(s) and click Apply to change to read-only. Clear the checkbox for the partition(s) and click Apply to change to read-write. The partitions are changed to read-only or read-write, based on the selections.
• An initialize operation is not already being performed on the card. • You have Access Virtual Media privileges. Attaching or Detaching Partitions Using Web Interface To attach or detach partitions: 1. In the iDRAC7 Web interface, go to Overview → Server → vFlash → Manage. The Manage Partitions page is displayed. 2. In the Attached column: – Select the checkbox for the partition(s) and click Apply to attach the partition(s).
• The vFlash functionality is enabled. • The card is not write-protected. • The partition is not attached. • An initialize operation is not being performed on the card. Deleting Existing Partitions Using Web Interface To delete an existing partition: 1. In the iDRAC7 Web interface, go to Overview → Server → vFlash → Manage. The Manage Partitions page is displayed. 2. In the Delete column, click the delete icon for the partition that you want to delete.
3. Specify the location to save the file. The contents of the selected partition are downloaded to the specified location. NOTE: If only the folder location is specified, then the partition label is used as the file name, along with the extension .iso for CD and Hard Disk type partitions, and .img for Floppy and Hard Disk type partitions. Booting to a Partition You can set an attached vFlash partition as the boot device for the next boot operation.
Using SMCLP 16 The Server Management Command Line Protocol (SMCLP) specification enables CLI-based systems management. It defines a protocol for management commands transmitted over standard character oriented streams. This protocol accesses a Common Information Model Object Manager (CIMOM) using a human-oriented command set. The SMCLP is a sub-component of the Distributed Management Task Force (DMTF) SMASH initiative to streamline systems management across multiple platforms.
• yx2x blade, rack, and tower servers use admin->. where, y is a alpha-numeric character such as M (for blade servers), R (for rack servers), and T (for tower servers) and x is a number. This indicates the generation of Dell PowerEdge servers. NOTE: Scripts using -$ can use these for yx1x systems, but starting with yx2x systems one script with admin-> can be used for blade, rack, and tower servers.
Target Definitions admin1/system1/logs1/log1 System Event Log (SEL) record entry admin1/system1/logs1/log1/record* An individual SEL record instance on the managed system admin1/system1/settings1 Managed system SMASH collection settings admin1/system1/capacities1 Managed system capacities SMASH collection admin1/system1/consoles1 Managed system consoles SMASH collection admin1/system1/sp1 Service Processor admin1/system1/sp1/timesvc1 Service Processor time service admin1/system1/sp1/capabili
Target Definitions admin1/sysetm1/sp1/account1-16/ identity2 IPMI identity (LAN) account admin1/sysetm1/sp1/account1-16/ identity3 IPMI identity (Serial) account admin1/sysetm1/sp1/account1-16/ identity4 CLP identity account admin1/system1/sp1/acctsvc1 Local user account management service admin1/system1/sp1/acctsvc2 IPMI account management service admin1/system1/sp1/acctsvc3 CLP account management service admin1/system1/sp1/rolesvc1 Local Role Base Authorization (RBA) service admin1/system1
Using Show Verb To learn more about a target use the show verb. This verb displays the target’s properties, sub-targets, associations, and a list of the SM-CLP verbs that are allowed at that location. Using the -display Option The show –display option allows you to limit the output of the command to one or more of properties, targets, associations, and verbs.
• To switch on the server: start /system1 The following message is displayed: system1 has been started successfully • To reboot the server: reset /system1 The following message is displayed: system1 has been reset successfully SEL Management The following examples show how to use the SMCLP to perform SEL-related operations on the managed system.
Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.000000-000 Description= FAN 7 RPM: fan sensor, detected a failure ElementName= IPMI SEL Record Commands: cd show help exit version • To clear the SEL: delete /system1/logs1/log1/record* The following output is displayed: All records deleted successfully MAP Target Navigation The following examples show how to use the cd verb to navigate the MAP.
Using iDRAC Service Module 17 iDRAC monitoring currently depends on OpenManage Server Administrator to provide information about the host, such as the operating system and host name. The iDRAC Service Module is a software application that is recommended to be installed on the server (it is not installed by default). It complements iDRAC with monitoring information from the operating system.
Replicate Lifecycle Logs to OS Log You can replicate the Lifecycle Controller Logs to the OS logs from the time when the feature is enabled in iDRAC. This is similar to the System Event Log (SEL) replication performed by OpenManage Server Administrator. All events that have the OS Log option selected as the target (in the Alerts page, or in the equivalent RACADM or WSMAN interfaces) are replicated in the OS log using the iDRAC Service Module.
3. To perform out-of-band monitoring functions, select one or more of the following options: – OS Information — View the operating system information. – Replicate Lifecycle Log in OS Log — Include Lifecycle Controller logs to operating system logs. This option is disabled if OpenManage Server Administrator is installed on the system.
Deploying Operating Systems 18 You can use any of the following utilities to deploy operating systems to managed systems: • Virtual Media Command Line Interface (CLI) • Virtual Media Console • Remote File Share Related Links Deploying Operating System Using VMCLI Deploying Operating System Using Remote File Share Deploying Operating System Using Virtual Media Deploying Operating System Using VMCLI Before you deploy the operating system using the vmdeploy script, make sure that: • VMCLI utility is
3. Open a command prompt with administrator privileges and run the vmdeploy script: vmdeploy.bat -r -u -p [ -f { | < device-name>} | -c { |} ] [-i ] NOTE: vmdeploy does not support IPv6, since IPv6 does not support the IPMI tool. NOTE: The vmdeploy script processes the -r option slightly differently than the vmcli -r option.
To deploy an operating system using RFS: 1. Using Remote File Share (RFS), mount the ISO or IMG image file to the managed system through NFS or CIFS. 2. Go to Overview → Setup → First Boot Device . 3. Set the boot order in the First Boot Device drop-down list to Remote File Share. 4. Select the Boot Once option to enable the managed system to reboot using the image file for the next instance only. 5. Click Apply. 6.
Configuring Remote File Share Using Web Interface To enable remote file sharing: 1. In iDRAC7 Web interface, go to Overview → Server → Attached Media. The Attached Media page is displayed. 2. Under Attached Media, select Attach or Auto Attach. 3. Under Remote File Share, specify the image file path, domain name, user name, and password. For information about the fields, see the iDRAC7 Online Help.
–p : password to access the network share –l : image location on the network share; use double quotes around the location.
4. Deploy the embedded operating system and follow the operating system installation instructions. Related Links About IDSDM Enabling SD Module and Redundancy in BIOS Enabling SD Module and Redundancy in BIOS To enable SD module and redundancy in BIOS: 1. Press during boot. 2. Go to System Setup → System BIOS Settings → Integrated Devices. 3. Set the Internal USB Port to On. If it is set to Off, the IDSDM is not available as a boot device. 4.
19 Troubleshooting Managed System Using iDRAC7 You can diagnose and troubleshoot a remote managed system using: • Diagnostic console • Post code • Boot and crash capture videos • Last system crash screen • System event logs • Lifecycle logs • Front panel status • Trouble indicators • System health Related Links Using Diagnostic Console Scheduling Remote Automated Diagnostics Viewing Post Codes Viewing Boot and Crash Capture Videos Viewing Logs Viewing Last System Crash Screen Viewing Fron
You can also run diagnostics using the appropriate WSMAN command(s). For more information, see the WSMAN documentation. You must have iDRAC7 Express license to use remote automated diagnostics. You can perform the diagnostics immediately or schedule it on a particular day and time, specify the type of diagnostics, and the type of reboot. For the schedule, you can specify the following: • Start time – Run the diagnostic at a future day and time.
Viewing Post Codes Post codes are progress indicators from the system BIOS, indicating various stages of the boot sequence from poweron-reset, and allows you to diagnose any faults related to system boot-up. The Post Codes page displays the last system post code prior to booting the operating system. To view the Post Codes, go to Overview → Server → Troubleshooting → Post Code. The Post Code page displays the system health indicator, a hexadecimal code, and a description of the code.
• Batteries • Fans • Intrusion • Power Supplies • Removable Flash Media • Temperatures • Voltages You can view the status of the front panel of the managed system: • For rack and tower servers: LCD front panel and system ID LED status or LED front panel and system ID LED status. • For blade servers: Only system ID LEDs.
• Hard drive failure • USB media failure • Physical damage Based on the problem, use the following methods to correct the problem: • Reseat the module or component and restart the system • In case of a blade server, insert the module into a different bay in the chassis • Replace hard drives or USB flash drives • Reconnect or replace the power and network cables If problem persists, see the Hardware Owner’s Manual for specific troubleshooting information about the hardware device.
operating system or iDRAC. You can send the report from an alternate system and be certain that the data collected from your server is not viewable by non-authorized individuals during the transmission to Tech Support. You can generate a health report of the server and then export the report to a location on the management station (local) or to a shared network location such as Common Internet File System (CIFS) or Network File Share (NFS). You can then share this report directly with the Tech Support.
• Soft restart — Using iDRAC7 Web interface or RACADM. Resetting iDRAC7 Using iDRAC7 Web Interface To restart iDRAC7, do one of the following in the iDRAC7 Web interface: • Go to Overview → Server → Summary. Under Quick Launch Tasks, click Reset iDRAC. • Go to Overview → Server → Troubleshooting → Diagnostics. Click Reset iDRAC. Resetting iDRAC7 Using RACADM To restart iDRAC7, use the racreset command. For more information, see the RACADM Reference Guide for iDRAC7 and CMC available at dell.
Frequently Asked Questions 20 This section lists the frequently asked questions for the following: • System Event Log • Network Security • Active Directory • Single Sign On • Smart Card Login • Virtual Console • Virtual Media • vFlash SD Card • SNMP Authentication • Storage Devices • RACADM • Miscellaneous System Event Log While using iDRAC7 Web interface through Internet Explorer, why does SEL not save using the Save As option? This is due to a browser setting. To resolve this: 1.
When accessing the iDRAC7 Web-based interface, a security warning is displayed stating that the SSL certificate host name does not match the iDRAC7 host name. iDRAC7 includes a default iDRAC7 server certificate to ensure network security while accessing through the Web-based interface and remote RACADM. When this certificate is used, the Web browser displays a security warning because the default certificate that is issued to iDRAC7 does not match the iDRAC7 host name (for example, the IP address).
• • iDRAC7 date is not within the validity period of the server certificate or CA certificate. Check the iDRAC7 time and the validity period of your certificate. The domain controller addresses configured in iDRAC7 does not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, read the next question. If you are using FQDN, make sure you are using the FQDN of the domain controller and not the domain. For example, servername.example.
The Active Directory is configured for a domain present in Windows Server 2008 Active Directory. A child or sub domain is present for the domain, the user and group is present in the same child domain, and the user is a member of that group. When trying to log in to iDRAC7 using the user present in the child domain, Active Directory Single Sign-On login fails. This may be because of the an incorrect group type.
9. Name the new key as SuppressExtendedProtection. 10. Right-click SuppressExtendedProtection and click Modify. 11. In the Value data field, type 1 and click OK. 12. Close the Registry Editor window. You can now log in to iDRAC7 using SSO. If you have enabled SSO for iDRAC7 and you are using Internet Explorer to log in to iDRAC7, SSO fails and you are prompted to enter your user name and password.
Any user with iDRAC7 configuration privileges can turn on or turn off the local console. How to get the current status of the local server video? The status is displayed on the Virtual Console page. Use the RACADM command racadm getconfig –g cfgRacTuning to display the status in the object cfgRacTuneLocalServerVideo. Or, use the following RACADM command from a Telnet, SSH, or a remote session: racadm -r (iDRAC IP) -u -p getconfig -g cfgRacTuning The status is also seen on the Virtual Console OSCAR display.
It is recommended to have a 5 MBPS connection for good performance. A 1 MBPS connection is required for minimal performance. What are the minimum system requirements for the management station to run Virtual Console? The management station requires an Intel Pentium III 500 MHz processor with at least 256 MB of RAM. Why doe Virtual Console Viewer window sometimes displays No Signal message? You may see this message because the iDRAC7 Virtual Console plug-in is not receiving the remote server desktop video.
The Linux SysRq key behavior is different when using Virtual Console from Internet Explorer. To send the SysRq key, press the Print Screen key and release while holding the Ctrl and Alt keys. To send the SysRq key to a remote Linux server though iDRAC7, while using Internet Explorer: 1. Activate the magic key function on the remote Linux server. You can use the following command to activate it on the Linux terminal: echo 1 > /proc/sys/kernel/sysrq 2.
• A USB key image How to make the USB key a bootable device? Search support.dell.com for the Dell Boot Utility You can also boot with a Windows 98 startup disk and copy system files from the startup disk to the USB key. For example, from the DOS prompt, type the following command: sys a: x: /s where, x: is the USB key that is required to be set as a bootable device. The Virtual Media is attached and connected to the remote floppy.
Virtual media devices and vFlash devices are connected as a composite USB device to the Host USB BUS, and they share a common USB port. Whenever any virtual media or vFlash USB device is connected to or disconnected from the host USB bus, all the Virtual Media and vFlash devices are disconnected momentarily from the host USB bus, and then they are re-connected. If the host operating system uses a virtual media device, do not attach or detach one or more virtual media or vFlash devices.
Storage Devices Information for all the storage devices connected to the system are not displayed and OpenManage Storage Management displays more storage devices that iDRAC7. Why? iDRAC7 displays information for only the Comprehensive Embedded Management (CEM) supported devices. RACADM After performing an iDRAC7 reset (using the racadm racreset command), if any command is issued, the following message is displayed.
This occurs because the create partition operation is in-progress. However, the partition is deleted after sometime and a message that the partition is deleted is displayed. If not, wait until the create partition operation is completed and then delete the partition. Miscellaneous How to find an iDRAC IP address for a blade server? You can find the iDRAC IP address using any of the following methods: Using CMC Web interface: Go to Chassis → Servers → Setup → Deploy.
iDRAC7 network connection is not working. For blade servers: • Make sure that the LAN cable is connected to CMC. • Make sure that NIC settings, IPv4 or IPv6 settings, and either Static or DHCP is enabled for your network. For rack and tower servers: • In shared mode, make sure the LAN cable is connected to the NIC port where the wrench symbol is present. • In Dedicated mode, make sure the LAN cable is connected to the iDRAC LAN port.
Use Case Scenarios 21 This section helps you in navigating to specific sections in the guide to perform typical use case scenarios. Troubleshooting An Inaccessible Managed System After receiving alerts from OpenManage Essentials, Dell Management Console, or a local trap collector, five servers in a data center are not accessible with issues such as hanging operating system or server. Need to identify the cause to troubleshoot and bring up the server using iDRAC7.
Obtaining System Information and Assess System Health To obtain system information and assess system health: • In iDRAC7 Web interface, go to Overview → Server → System Summary to view the system information and access various links on this page to asses system health. For example, you can check the health of the chassis fan. • You can also configure the chassis locator LED and based on the color, assess the system health.
Performing Graceful Shutdown To perform graceful shutdown, in iDRAC7 Web interface, go to one of the following locations: • Overview → Server → Power/Thermal → Power Configuration → Power Control. The Power Control page is displayed. Select Graceful Shutdown and click Apply. • Overview → Server → Power/Thermal → Power Monitoring. From the Power Control drop-down menu, select Graceful Shutdown and click Apply. For more information, see the iDRAC7 Online Help.
To assess the capacity of a rack to add additional servers: 1. View the current power consumption data and historical power consumption data for the servers. 2. Based on the data, power infrastructure and cooling system limitations, enable the power cap policy and set the power cap values. NOTE: It is recommended that you set a cap close to the peak, and then use that capped level to determine how much capacity is remaining in the rack for adding more servers.
