Dell Idrac For Blade Servers Version 1 4 Owners Manual 1.4 User Guide

2014-11-13

: Dell Dell-Idrac-For-Blade-Servers-Version-1-4-Owners-Manual-118294 dell-idrac-for-blade-servers-version-1-4-owners-manual-118294 dell pdf

Open the PDF directly: View PDF .
Page Count: 400

Download
Open PDF In Browser	View PDF

Integrated Dell™ Remote Access
Controller Firmware Version 1.4
User Guide

w ww.del l. com | support .del l. com

Notes and Cautions
NOTE: A NOTE indicates important information that helps you make better use of
your computer.
CAUTION: A CAUTION indicates potential damage to hardware or loss of data if
instructions are not followed.

___________________
Information in this document is subject to change without notice.
© 2009 Dell Inc. All rights reserved.
Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc.
is strictly forbidden.
Trademarks used in this text: Dell, the DELL logo, Dell OpenManage, and PowerEdge, are trademarks
of Dell Inc.; Microsoft, Windows, Windows Server, MS-DOS, Windows Vista, Internet Explorer and
Active Directory are either trademarks or registered trademarks of Microsoft Corporation in the United
States and/or other countries; Red Hat and Linux are registered trademarks of Red Hat, Inc.; Novell
and SUSE are registered trademarks of Novell Corporation. Intel is a registered trademark of Intel
Corporation; UNIX is a registered trademark of The Open Group in the United States and other
countries.
Copyright 1998-2006 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source
and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public
License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution
or, alternatively, at www.OpenLDAP.org/license.html. OpenLDAP is a registered trademark of the
OpenLDAP Foundation. Individual files and/or contributed packages may be copyrighted by other parties
and subject to additional restrictions. This work is derived from the University of Michigan LDAP v3.3
distribution. This work also contains materials derived from public sources. Information about OpenLDAP
can be obtained at www.openldap.org/. Portions Copyright 1998-2004 Kurt D. Zeilenga. Portions
Copyright 1998-2004 Net Boolean Incorporated. Portions Copyright 2001-2004 IBM Corporation. All
rights reserved. Redistribution and use in source and binary forms, with or without modification, are
permitted only as authorized by the OpenLDAP Public License. Portions Copyright 1999-2003 Howard
Y.H. Chu. Portions Copyright 1999-2003 Symas Corporation. Portions Copyright 1998-2003 Hallvard
B. Furuseth. All rights reserved. Redistribution and use in source and binary forms, with or without
modification, are permitted provided that this notice is preserved. The names of the copyright holders may
not be used to endorse or promote products derived from this software without their specific prior written
permission. This software is provided "as is'' without express or implied warranty. Portions Copyright (c)
1992-1996 Regents of the University of Michigan. All rights reserved. Redistribution and use in source
and binary forms are permitted provided that this notice is preserved and that due credit is given to the
University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote
products derived from this software without specific prior written permission. This software is provided
"as is'' without express or implied warranty. Other trademarks and trade names may be used in this
document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims
any proprietary interest in trademarks and trade names other than its own.
February 2009

Rev. A00

Contents

iDRAC Overview

. . . . . . . . . . . . . . . . . . .

iDRAC Management Features .
iDRAC Security Features

. . . . . . . . . . . . .

. . . . . . . . . . . . . . . .

iDRAC Firmware Improvements .
Supported Platforms

. . . . . . . . . . . .

. . . . . . . . . . . . . . . . . .

Supported Operating Systems .

. . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . . . . . . . . . . .

. . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . . . . .

Supported Web Browsers .

Supported Remote Access Connections
iDRAC Ports

Other Documents You May Need

Configuring the iDRAC
Before You Begin

Interfaces for Configuring the iDRAC
Configuration Tasks

Configure the Management Station
Configure iDRAC Networking
Configure iDRAC Users

Configure Active Directory .

. . . . . . . . . . . .

. . . . . . .

Configure IP Filtering and IP Blocking

Contents

Configure Platform Events

. . . . . . . . . . . . .

Enabling or Disabling Local Configuration
Access . . . . . . . . . . . . . . . . . .
Configure iDRAC Services

. . . . .

. . . . . . . . . . . . .

. . . . . .

. . . . . . . . . . . . . .

. . . . . . .

Configure the Managed Server for the Last Crash
Screen Feature . . . . . . . . . . . . . . . . . . .

Configure Secure Sockets Layer (SSL)
Configure Virtual Media

Install the Managed Server Software

Configuring Networking Using the CMC
Web Interface . . . . . . . . . . . . . .

. . . . . . . .

Viewing FlexAddress Mezzanine Card Fabric
Connections . . . . . . . . . . . . . . . . . .
Updating the iDRAC Firmware

. . . . . . . . . . . . .

Using the DOS Update Utility

. . . . . . . . . . .

42
43

. . . . . . . . . . .

. . . . . . . . . . . .

. . . . . .

Verifying the Digital Signature
Clear Your Browser’s Cache

. . . . . . .

. . . . . . . . . . . .

Execute the Firmware Update

Configuring iDRAC for Use with IT Assistant

Using the iDRAC Configuration Utility to Enable
Discovery and Monitoring . . . . . . . . . . .

. .

Using the iDRAC Web Interface to Enable
Discovery and Monitoring . . . . . . . .

. . . . .

Using the Dell IT Assistant to View iDRAC
Status and Events . . . . . . . . . . . .

. . . . .

Configuring the Management Station
Management Station Set Up Steps

. . .

. . . . . . . . . . .

. . . . .

Management Station Network Requirements

Contents

. . . . .

Downloading the Firmware or Update
Package . . . . . . . . . . . . . . .

. . . . . . . .

. . . . . . . . . . . .

Configuring Your Web Browser to Connect to the
Web Interface . . . . . . . . . . . . . . . . . . .

. . .

. . . . . . . . .

. . . . . . . . . . . . .

. . . . .

. . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

Configuring a Supported Web Browser
Opening Your Web Browser

Adding iDRAC to the List of Trusted Domains
Viewing Localized Versions of the
Web Interface . . . . . . . . . .
Setting the Locale in Linux

Disabling the Whitelist Feature in Firefox
Installing a Java Runtime Environment (JRE)
Installing Telnet or SSH Clients .
Telnet with iDRAC

Configuring the Backspace Key For Your
Telnet Session . . . . . . . . . . . . . .
SSH With iDRAC

. . . . .

. . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . .

Installing a TFTP Server

Installing Dell OpenManage IT Assistant

Configuring the Managed Server

. . . . . .

Installing the Software on the Managed Server

. . . .

Configuring the Managed Server to Capture the
Last Crash Screen . . . . . . . . . . . . . . . .

. . . .

. . .

Disabling the Windows Automatic Reboot Option

Configuring the iDRAC Using the
Web Interface
. . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

Accessing the Web Interface
Logging In

Contents

Logging Out

. . . . . . . . . . . . . . . . . . . . .

. . . .

. . . . . . . . . . . . . . .

Using Multiple Browser Tabs and Windows
Configuring the iDRAC NIC

Configuring the Network and IPMI
LAN Settings . . . . . . . . . . . .

. . . . . . . .

. . . . . .

. . . . . . . . . . . . . .

Configuring Platform Event Filters (PEF)

. . . . . .

Configuring Platform Event Traps (PET)

. . . . . .

. . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . .

Configuring IP Filtering and IP Blocking
Configuring Platform Events .

Configuring E-Mail Alerts
Configuring IPMI

Adding and Configuring iDRAC Users .

. . . . . . . . .

Securing iDRAC Communications Using SSL and
Digital Certificates . . . . . . . . . . . . . . . .
Secure Sockets Layer (SSL)

. . .

. . . . . . . . . . . .

. . . . . . . . .

. . . . . . . . . .

Certificate Signing Request (CSR)
Accessing the SSL Main Menu

Generating a New Certificate Signing
Request . . . . . . . . . . . . . . . .

. . . . . . .

. . . . . . . . . . .

. . . . . . . . . . . .

Uploading a Server Certificate
Viewing a Server Certificate

Configuring and Managing Active Directory
Certificates . . . . . . . . . . . . . . . . .

. . . . . .

Configuring Active Directory (Standard Schema
and Extended Schema) . . . . . . . . . . . . . .

90
93

Downloading an iDRAC Server Certificate .

. . . .

Viewing an Active Directory CA Certificate

. . . .

Enabling or Disabling Local Configuration Access .
Enabling Local Configuration Access

Contents

. . .

Uploading an Active Directory CA Certificate

. .

. . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . .

. . .

100

Disabling Local Configuration Access
Configuring iDRAC Services
Updating the iDRAC Firmware

Recovering iDRAC Firmware Using the CMC

Using the iDRAC with Microsoft
Active Directory

103

Advantages and Disadvantages of Extended Schema
and Standard Schema . . . . . . . . . . . . . . . . .

103

. . . . .

104

. . . . . . .

104

. . . . .

105

. . . . . . . . .

105

Extended Schema Active Directory Overview
Active Directory Schema Extensions

Overview of the RAC Schema Extensions
Active Directory Object Overview

Configuring Extended Schema Active Directory
to Access Your iDRAC . . . . . . . . . . . . . .
Extending the Active Directory Schema

109

. . . . . .

109

Installing the Dell Extension to the Active
Directory Users and Computers Snap-In
Adding iDRAC Users and Privileges to
Active Directory . . . . . . . . . . . .

. . . . .

115

. . . . . .

116

Configuring the iDRAC With Extended Schema
Active Directory Using the Web Interface . . .

. .

119

Configuring the iDRAC With Extended Schema
Active Directory Using RACADM . . . . . . .

. .

120

Configuring the iDRAC With Extended Schema
Active Directory and SM-CLP . . . . . . . . .

. .

121

. . . . .

122

Active Directory Standard Schema Overview

Configuring Standard Schema Active Directory
to Access Your iDRAC . . . . . . . . . . . . . .
Configuring the iDRAC With Standard Schema
Active Directory and the Web Interface . . . .

124

. .

124

Contents

Configuring the iDRAC With Standard Schema
Active Directory and RACADM . . . . . . . . .

. .

126

Configuring the iDRAC With Standard Schema
Active Directory and SM-CLP . . . . . . . . .

. .

127

. . . . . . . . .

129

Enabling SSL on a Domain Controller .

Exporting the Domain Controller Root
CA Certificate . . . . . . . . . . . . .

. . . . . . .

130

. .

131

. . . . .

132

. . . . . . . . . . . . . .

132

Importing the iDRAC Firmware SSL Certificate
Using Active Directory to Log In To the iDRAC
Frequently Asked Questions

Viewing the Configuration and Health
of the Managed Server
System Summary .

. . . . . . . . . . . . . . . . . . . .

135

. . . . . . . . . . . . . .

135

Main System Enclosure

Integrated Dell Remote Access Controller .

. . . .

136

. . . . . . . . . . . . . . . . . .

137

. . . . . . . . . . . . . . . . . . . . . .

137

iDRAC

. . . . . . . . . . . . . . . . . . . . . . . .

137

CMC .

. . . . . . . . . . . . . . . . . . . . . . . .

138

. . . . . . . . . . . . . . . . . . . . . .

138

. . . . . . . . . . . . . . . . . . . .

138

. . . . . . . . . . . . . . . . . . . . . .

138

. . . . . . . . . . . . . . . . .

138

. . . . . . . . . . . . . . . . . . . . . . . . .

139

. . . . . . . . . . . . . . . . . . . . . . . .

139

WWN/MAC Summary
System Health

Batteries

Temperatures
Voltages

Power Monitoring
CPU

POST

Misc Health .

Contents

135

. . . . . . . . . . . . . . . . . . . .

139

Configuring and Using Serial Over
LAN
Enabling Serial Over LAN in the BIOS

141

. . . . . . . . .

Configuring Serial Over LAN in the iDRAC Web
GUI . . . . . . . . . . . . . . . . . . . . . . . .
Using Serial Over LAN (SOL)

. . . .

142

. . . . . . . . . . . . . .

145

Model for Redirecting SOL Over Telnet
or SSH . . . . . . . . . . . . . . . . .
Model for the SOL Proxy

. . . . . .

145

. . . . . . . . . . . . . .

146

. . . . .

146

Model for Redirecting SOL Over IMPItool

. . . .

146

. . . . . . . . . . . . . . .

147

. . . . . . . . .

147

. . . . . . .

148

. . . . . . . . . . . . .

148

. . . . . . . . . . .

149

. . . . . . . . . . . .

154

. . . . . . . .

154

. . . . . . . . . . . . .

159

Disconnecting an SOL Session in SM-CLP
Using SOL Over PuTTY

Using SOL Over Telnet With Linux

Using SOL Over OpenSSH with Linux
Using SOL Over IPMItool .

Opening SOL With SOL Proxy
Operating System Configuration

Linux Enterprise Operating System
Windows 2003 Enterprise

Using GUI Console Redirection .
Overview

141

161

. . . . . .

. . . . . . . . . . . . . . . . . . . . . . . .

161

. . . . . . . . . . . . . . .

161

Using Console Redirection

Supported Screen Resolutions and
Refresh Rates . . . . . . . . . . .

. . . . . . . .

162

. . . . . .

162

Configuring Your Management Station

Configuring Console Redirection in the iDRAC
Web Interface . . . . . . . . . . . . . . . . .

. .

Configuring Console Redirection in the SM-CLP
Command Line Interface . . . . . . . . . . . . .

Contents

163
165

. . . . . .

165

. . . . . . . . . . . . . . . . .

167

Synchronizing the Mouse Pointers

. . . . . . . .

170

Disabling or Enabling Local Console

. . . . . . . .

171

. . . . . . . . . . . . . .

172

Opening a Console Redirection Session
Using the Video Viewer

Frequently Asked Questions

10 Configuring and Using Virtual Media
Overview .

. .

177

. . . . . . . . . . . . . . . . . . . . . . . .

177

. . . . . .

179

. . . . . . . .

179

. . . . . . . . . . . . . . .

180

. . . . . . . . . . . . . . . . .

182

. . . . . . . . . . . .

183

Windows-Based Management Station
Linux-Based Management Station .
Configuring Virtual Media .
Running Virtual Media .

Booting From Virtual Media

Installing Operating Systems Using
Virtual Media . . . . . . . . . . . .

. . . . . . . .

Using Virtual Media When the Server’s
Operating System Is Running . . . . . .
Frequently Asked Questions

184

. . . . . .

184

. . . . . . . . . . . . . .

185

11 Using the Local RACADM Command Line
191
Interface
. . . . . . . . . . . . .

191

. . . . . . . . . . . . . . . .

192

Using the RACADM Command
RACADM Subcommands

. . .

193

. . . . . . . .

193

. . . . . .

194

. . . . . . . . . . . . . . .

195

Using the RACADM Utility to Configure the iDRAC
Displaying Current iDRAC Settings .

Managing iDRAC Users with RACADM
Adding an iDRAC User

Contents

Enabling an iDRAC User With Permissions

195

. . . . . . . . . . . . .

196

. . . . . . . . . . . . . . .

196

Removing an iDRAC User
Testing E-mail Alerting

. . . .

. . .

197

. . . . . .

197

Configuring IPMI

. . . . . . . . . . . . . . . . . .

198

Configuring PEF

. . . . . . . . . . . . . . . . . .

200

Configuring PET

. . . . . . . . . . . . . . . . . .

201

. . . . . . . . .

203

Configuring IP Filtering .

. . . . . . . . . . . . . .

204

Configuring IP Blocking

. . . . . . . . . . . . . .

205

Testing the iDRAC SNMP Trap Alert Feature
Configuring iDRAC Network Properties

Configuring IP Filtering (IpRange)

Configuring iDRAC Telnet and SSH Services
Using Local RACADM . . . . . . . . . . . .

. . .

207

. . . . . . . . . . .

208

. . . . . . .

208

. . . . . . . . . . . . .

209

Using an iDRAC Configuration File

Creating an iDRAC Configuration File
Configuration File Syntax

Modifying the iDRAC IP Address in a
Configuration File . . . . . . . . . .

. . . . . . .

Loading the Configuration File Into the iDRAC .
Configuring Multiple iDRACs

212

. . . . . . . . . . . . . .

212

12 Using the iDRAC SM-CLP Command
Line Interface
System Management With SM-CLP .

215

. . . . . . . . . .

215

. . . . . . . . . . . . . . . . .

216

. . . . . . . . . . . . . . . . . . . .

216

. . . . . . . . . .

219

. . . . . . . . . . . . . . . . . . . . . . .

220

. . . . . . . . . . . . . . . . . .

220

iDRAC SM-CLP Support
SM-CLP Features

Navigating the MAP Address Space
Targets

211

. .

Using the Show Verb

Contents

Using the -display Option .

. . . . . . . . . . . . .

221

. . . . . . . . . . . . . . .

221

. . . . . . . . . . . . . .

221

. . . . . . . . . . . . . . . .

222

Using the -level Option

Using the -output Option
iDRAC SM-CLP Examples

. . . . . . . . . . . .

222

. . . . . . . . . . . . . . . . .

222

. . . . . . . . . . . . . .

224

Server Power Management
SEL Management .

MAP Target Navigation

Setting the iDRAC IP Address, Subnet Mask,
and Gateway Address . . . . . . . . . . . .

. . .

225

Updating the iDRAC Firmware Using SM-CLP

. . .

226

13 Deploying Your Operating System
Using iVM-CLI
Before You Begin

229

. . . . . . . . . . . . . . . . . . . .

229

. . . . . . . . . . .

229

. . . . . . . . . . . . . .

229

. . . . . . . . . . . . .

230

. . . . .

230

. . .

230

. . . . . . . . . . . . . . . .

230

Remote System Requirements
Network Requirements .

Creating a Bootable Image File

Creating an Image File for Linux Systems

Creating an Image File for Windows Systems
Preparing for Deployment

Configuring the Remote Systems .
Deploying the Operating System

. . . . . . . . .

230

. . . . . . . . . . . .

231

Using the Virtual Media Command Line
Interface Utility . . . . . . . . . . . . .

232

. . . . . . . . . . . .

233

. . . . . . . . . . . . . . .

234

. . . . . . . . . . . . . . . .

234

. . . . .

237

Installing the iVM-CLI Utility
Command Line Options
iVM-CLI Parameters

. . . . . . . .

iVM-CLI Operating System Shell Options

Contents

14 Using the iDRAC Configuration
Utility
Overview

. . . . . . . . . . . . . . . . . . . . . . . .

239

. . . . . . . .

240

. . . . . . . . .

240

. . . . . . . . . . . . . . . . . . . . . . . . .

241

. . . . . . . . . . . . . .

241

Starting the iDRAC Configuration Utility
Using the iDRAC Configuration Utility
LAN

239

IPMI Over LAN (On/Off)

. . . . . . . . . . . . . . . . . .

242

. . . . . . . . . . . . . . . . . . . .

244

LAN Parameters
Virtual Media

. . . . . . . . . . . . . .

244

. . . . . . . . . . . . . . . . . .

245

. . . . . . . . . . . . . .

245

LAN User Configuration
Reset to Default

System Event Log Menu

Exiting the iDRAC Configuration Utility .

. . . . . .

15 Recovering and Troubleshooting the
Managed Server

247

. . . . . . . . .

247

. . . . . . . . . . . . . . . . . . . .

248

. . . . . . . . . . . . . . . . . . .

248

Safety First–For You and Your System
Trouble Indicators

246

LED Indicators

. . . . . . . . . . .

249

. . . . . . . . . . . . . .

249

. . . . . . . . . . . . . . . . .

250

. . . . . . . . . . . .

250

. . . . . . .

251

. . . . . . . . . . . . .

252

. . . . . .

252

. . . .

253

. . . . . .

254

Hardware Trouble Indicators
Other Trouble Indicators
Problem Solving Tools

Checking the System Health

Checking the System Event Log (SEL)
Checking the Post Codes

Viewing the Last System Crash Screen

Viewing the Most Recent Boot Sequences
Checking the Server Status Screen for
Error Messages . . . . . . . . . . . .

Contents

Viewing the iDRAC Log

. . . . . . . . . . . . . . .

262

. . . . . . . . . . . .

263

Viewing System Information

Identifying the Managed Server in the
Chassis . . . . . . . . . . . . . . . . .
Using the Diagnostics Console .

. . . . . .

265

. . . . . . . . . .

266

. . . . . .

267

. . .

268

Managing Power on a Remote System

Troubleshooting and Frequently Asked Questions

A RACADM Subcommand Overview

275

. . . . . . . . . . . . . . . . . . . . . . . . . .

276

. . . . . . . . . . . . . . . . . . . . . . . . .

278

getssninfo

. . . . . . . . . . . . . . . . . . . . . . . .

280

getsysinfo

. . . . . . . . . . . . . . . . . . . . . . . .

282

getractime

. . . . . . . . . . . . . . . . . . . . . . . .

284

setniccfg

. . . . . . . . . . . . . . . . . . . . . . . . .

285

getniccfg

. . . . . . . . . . . . . . . . . . . . . . . . .

287

config

getconfig

getsvctag .
racreset

. . . . . . . . . . . . . . . . . . . . . . . .

288

. . . . . . . . . . . . . . . . . . . . . . . . .

288

racresetcfg .

. . . . . . . . . . . . . . . . . . . . . . .

289

serveraction

. . . . . . . . . . . . . . . . . . . . . . .

290

. . . . . . . . . . . . . . . . . . . . . . . .

291

. . . . . . . . . . . . . . . . . . . . . . . . .

292

. . . . . . . . . . . . . . . . . . . . . . . . . .

293

getraclog .
clrraclog
getsel
Contents

275

. . . . . . . . . . . . . . . . . . . . . . . . . . .

help

. . . . .

clrsel .

. . . . . . . . . . . . . . . . . . . . . . . . . .

294

. . . . . . . . . . . . . . . . . . . . . . .

294

. . . . . . . . . . . . . . . . . . . . . . . .

296

. . . . . . . . . . . . . . . . . . . . . .

297

. . . . . . . . . . . . . . . . . . . .

298

. . . . . . . . . . . . . . . . . . . . . . .

299

. . . . . . . . . . . . . . . . . . . . . . . .

301

. . . . . . . . . . . . . . . . . . . . . . . . .

303

gettracelog
sslcsrgen

sslcertupload

sslcertdownload
sslcertview
testemail .
testtrap .

B iDRAC Property Database Group and
Object Definitions
. . . . . . . . . . . . . . . . .

305

. . . . . . . . . . . . . . . . . . . . . . . .

305

. . . . . . . . . . .

306

. . . . . . . . .

306

Displayable Characters
idRacInfo

305

idRacProductInfo (Read Only)

idRacDescriptionInfo (Read Only)

. . . . . . . . . . .

306

. . . . . . . . . . . .

307

idRacVersionInfo (Read Only)
idRacBuildInfo (Read Only)

. . . . . . . . . . . . . .

307

. . . . . . . . . . . . . . .

307

. . . . . . . . . . . . . . . . . . .

307

idRacName (Read Only)
idRacType (Read Only)
cfgLanNetworking

cfgDNSDomainNameFromDHCP
(Read/Write) . . . . . . . . . . .

. . . . . . . . .

308

. . . . . . . .

308

. . . . . . . . . .

309

. . . . . . . . .

309

. . . . .

309

. . . . . . . . . . .

310

cfgDNSDomainName (Read/Write)
cfgDNSRacName (Read/Write)

cfgDNSRegisterRac (Read/Write)

cfgDNSServersFromDHCP (Read/Write)
cfgDNSServer1 (Read/Write)

Contents

cfgDNSServer2 (Read/Write)
cfgNicEnable (Read/Write) .

. . . . . . . . . . .

310

. . . . . . . . . . . .

310

cfgNicIpAddress (Read/Write)

. . . . . . . . . . .

311

cfgNicNetmask (Read/Write)

. . . . . . . . . . .

311

cfgNicGateway (Read/Write)

. . . . . . . . . . .

312

cfgNicUseDhcp (Read/Write)

. . . . . . . . . . .

312

. . . . . . . . . .

313

. . . . . . . . . . . . . . . . . . . . . .

313

cfgNicMacAddress (Read Only)
cfgUserAdmin

. . .

313

. . . . . . .

314

cfgUserAdminIpmiLanPrivilege (Read/Write)
cfgUserAdminPrivilege (Read/Write)

. . . . . .

315

. . . . . . .

315

. . . . . . . . . . . . . . . .

316

. . . . . . . . . . . . . .

316

. . . . . . . . . . . . . . . . . . . . . .

316

. . . . . . . . . .

317

cfgUserAdminUserName (Read/Write)
cfgUserAdminPassword (Write Only)
cfgUserAdminEnable

cfgUserAdminSolEnable
cfgEmailAlert

cfgEmailAlertIndex (Read Only)

. . . . . . . . .

317

. . . . . . . . . . . . . . .

317

. . . . . . . . . . . . .

318

. . . . . . . . . . . . . . . .

318

cfgEmailAlertEnable (Read/Write)
cfgEmailAlertAddress

cfgEmailAlertCustomMsg
cfgSessionManagement .

cfgSsnMgtConsRedirMaxSessions
(Read/Write) . . . . . . . . . . . .

. . . . . . . .

cfgSsnMgtWebserverTimeout (Read/Write) .

319

. . . . .

319

. . . .

320

. . . . . . . . . . . . . . . . . . . . . . . . .

320

. . . . . . . . .

320

. . . . . . . .

321

. . . . . . . . . . . . . . . . . . . . . .

321

. . . . . . . . .

321

cfgSsnMgtSshIdleTimeout (Read/Write) .
cfgSsnMgtTelnetIdleTimeout (Read/Write)
cfgSerial

cfgSerialSshEnable (Read/Write)

cfgSerialTelnetEnable (Read/Write)
cfgRacTuning

cfgRacTuneHttpPort (Read/Write)

Contents

318

. . .

cfgRacTuneHttpsPort (Read/Write)

. . . . . . . . . . . .

322
322

. . . . . . . . . . . . .

323

. . . . . . . . . . . . . .

323

cfgRacTuneIpRangeMask
cfgRacTuneIpBlkEnable

322

. . . . . . . . . . . . .

cfgRacTuneIpRangeEnable
cfgRacTuneIpRangeAddr

. . . . . . . .

. . . . . . . . . . . . .

323

cfgRacTuneIpBlkFailWindow

. . . . . . . . . . .

324

cfgRacTuneIpBlkPenaltyTime

. . . . . . . . . . .

324

. . . . . . . . .

324

cfgRacTuneTelnetPort (Read/Write)

. . . . . . . .

325

cfgRacTuneConRedirEncryptEnable
(Read/Write) . . . . . . . . . . . .

. . . . . . . .

325

. . . . . .

325

. . .

326

. . . . . . . .

326

cfgRacTuneIpBlkFailCount

cfgRacTuneSshPort (Read/Write)

cfgRacTuneConRedirPort (Read/Write)

cfgRacTuneConRedirVideoPort (Read/Write)
cfgRacTuneAsrEnable (Read/Write)

cfgRacTuneWebserverEnable (Read/Write) .

. . .

326

cfgRacTuneLocalServerVideo (Read/Write) .

. . .

327

cfgRacTuneLocalConfigDisable (Read/Write)

. . .

327

. . . . . . . . . . . . . . . .

328

ifcRacManagedNodeOs .

ifcRacMnOsHostname (Read/Write) .

. . . . . . .

328

. . . . . . . .

328

. . . . . . . . . . . . . . . . . . . . .

328

. . . . . .

329

ifcRacMnOsOsName (Read/Write)
cfgRacSecurity

cfgSecCsrCommonName (Read/Write)

. . . .

329

. . . . .

329

cfgSecCsrOrganizationName (Read/Write)
cfgSecCsrOrganizationUnit (Read/Write)
cfgSecCsrLocalityName (Read/Write) .
cfgSecCsrStateName (Read/Write)

. . . . . .

330

. . . . . . . .

330

. . . . . . .

330

. . . . . . . .

331

. . . . . . . . . .

331

. . . . . . . . . . . . . . . . . . . . . .

331

. . . . . . . .

331

cfgSecCsrCountryCode (Read/Write)
cfgSecCsrEmailAddr (Read/Write) .
cfgSecCsrKeySize (Read/Write)
cfgRacVirtual

cfgVirMediaAttached (Read/Write)

Contents

. . . . . . . . . .

332

cfgVirAtapiSrvPortSsl (Read/Write)

. . . . . . . .

332

cfgVirMediaBootOnce (Read/Write)

. . . . . . . .

333

. . . . . . . . .

333

. . . . . . . . . . . . . . . . . . .

333

. . . . . . . . . .

334

cfgVirAtapiSrvPort (Read/Write)

cfgFloppyEmulation (Read/Write)
cfgActiveDirectory

cfgADRacDomain (Read/Write)

. . . . . . . . . . .

334

. . . . . . . . . . . . .

334

cfgADAuthTimeout (Read/Write)

. . . . . . . . . .

335

cfgADRootDomain (Read/Write)

. . . . . . . . . .

335

cfgADRacName (Read/Write)
cfgADEnable (Read/Write)

. . . . .

335

. . . . . . .

336

cfgADSpecifyServerEnable (Read/Write)
cfgADDomainController (Read/Write)

. . . . . . . . .

336

. . . . . . . . . . . . . .

336

. . . . . . . . . . . . . . . . . . .

337

. . . . . . .

337

. . . . . .

337

. . . . .

337

. . . .

338

. . . . . . . . . . . . . . . . . . . . . . . .

338

. . . . . . . . . .

339

. . . . . . . . .

339

. . . . . . .

339

cfgADGlobalCatalog (Read/Write)
cfgADType (Read/Write)
cfgStandardSchema

cfgSSADRoleGroupIndex (Read Only)

cfgSSADRoleGroupName (Read/Write)

cfgSSADRoleGroupDomain (Read/Write)
cfgSSADRoleGroupPrivilege (Read/Write)
cfgIpmiSol

cfgIpmiSolEnable (Read/Write)

cfgIpmiSolBaudRate (Read/Write)

cfgIpmiSolMinPrivilege (Read/Write)

. . .

340

. . . . . .

340

. . . . . . . . . . . . . . . . . . . . . . . .

340

. . . . . . . . . .

340

. . . . . . . . .

341

cfgIpmiSolAccumulateInterval (Read/Write)
cfgIpmiSolSendThreshold (Read/Write)
cfgIpmiLan

cfgIpmiLanEnable (Read/Write)

cfgIpmiLanPrivLimit (Read/Write)

cfgIpmiLanAlertEnable (Read/Write) .
cfgIpmiEncryptionKey (Read/Write)

. . . . . . .

341

. . . . . . . .

342

. . . . .

342

cfgIpmiPetCommunityName (Read/Write)

Contents

. . . . . . . . . . . . . . . . . . . . . . . .

342

cfgIpmiPefName (Read Only)

. . . . . . . . . . .

342

cfgIpmiPefIndex (Read Only) .

cfgIpmiPef

. . . . . . . . . . .

343

cfgIpmiPefAction (Read/Write)

. . . . . . . . . .

343

cfgIpmiPefEnable (Read/Write)

. . . . . . . . . .

343

. . . . . . . . . . . . . . . . . . . . . . . .

344

. . . . . . . . . . .

344

. . . . .

344

. . . . . . .

345

cfgIpmiPet

cfgIpmiPetIndex (Read/Write)

cfgIpmiPetAlertDestIpAddr (Read/Write)
cfgIpmiPetAlertEnable (Read/Write) .

C iDRAC SMCLP Property Database

347

. . . . . . . . . . . . . .

347

. . . . . . . . . . . . . . . . .

347

. . . . . . . . . . . . . .

347

/system1/sp1/account<1-16>
userid (Read Only)

. . . .

username (Read/Write)

oemdell_ipmilanprivileges (Read/Write) .
password (Write Only)

. . . . .

348

. . . . . . . . . . . . . . .

348

. . . . . . . . . . . . .

349

. . . . . . . . . . . . . .

349

. . . .

349

. . . . . . . . . . . . . . . .

351

. . . . . . . . . . . . . .

351

enabledstate (Read/Write)
solenabled (Read/Write)

oemdell_extendedprivileges (Read/Write)
/system1/sp1/enetport1/*

macaddress (Read Only)

. . . . . .

351

. . . . . . . . .

351

. . . . . . . . . . . . . .

352

. . . . . . . . . . . . .

352

. . . . . . . . . .

352

. . . . . . . . . . . . . .

353

/system1/sp1/enetport1/lanendpt1/ipendpt1
oemdell_nicenable (Read/Write)
ipaddress (Read/Write)

subnetmask (Read/Write)

oemdell_usedhcp (Read/Write)
committed (Read/Write)

/system1/sp1/enetport1/lanendpt1/ipendpt1/
dnsendpt1 . . . . . . . . . . . . . . . . . .

. . . . . .

Contents

353

oemdell_domainnamefromdhcp (Read/Write)

353

. . . . . .

354

. . . . . . .

354

. . . . . . . .

355

oemdell_dnsdomainname (Read/Write)
oemdell_dnsregisterrac (Read/Write)
oemdell_dnsracname (Read/Write)

. . .

oemdell_serversfromdhcp (Read/Write) .

. . . . .

355

/system1/sp1/enetport1/lanendpt1/ipendpt1/dnsendpt1/
remotesap1 . . . . . . . . . . . . . . . . . . . . . . . 355
dnsserveraddress (Read/Write)

. . . . . . . . . .

355

/system1/sp1/enetport1/lanendpt1/ipendpt1/dnsendpt1/
remotesap2 . . . . . . . . . . . . . . . . . . . . . . . 356
dnsserveraddress (Read/Write)

. . . . . . . . . .

/system1/sp1/enetport1/lanendpt1/ipendpt1/
remotesap1 . . . . . . . . . . . . . . . . .

. . . . . .

356

. . . . . . .

356

. . . . . . . . . . . . . . . .

357

. . . . . . . . .

357

. . . . . . . .

357

. . . . . . .

357

. . . . . . . . . . .

358

. . . . . . . . . . . . .

358

. . . . . . . . .

359

. . . . . . . .

359

. . . . . . .

359

. . . . . . . . . . .

360

. . . . . . . .

360

defaultgatewayaddress (Read/Write)
/system1/sp1/group<1-5>

oemdell_groupname (Read/Write)

oemdell_groupdomain (Read/Write)

oemdell_groupprivilege (Read/Write)
/system1/sp1/oemdell_adservice1
enabledstate (Read/Write)

oemdell_adracname (Read/Write)

oemdell_adracdomain (Read/Write)
oemdell_adrootdomain (Read/Write)
oemdell_timeout (Read/Write)

oemdell_schematype (Read/Write)

oemdell_adspecifyserverenable (Read/Write) .

. .

360

. . . .

361

. . . . . .

361

. . . . . . . . . .

361

. . . . . . . . . . . .

362

oemdell_addomaincontroller (Read/Write)
oemdell_adglobalcatalog (Read/Write)
/system1/sp1/oemdell_racsecurity1
commonname (Read/Write)

Contents

356

organizationname (Read/Write)

. . . . . . . . . .

362

. . . . . .

362

. . . . . . . .

363

. . . . . . . . .

363

. . . . . . . .

363

oemdell_organizationunit (Read/Write)
oemdell_localityname (Read/Write)
oemdell_statename (Read/Write)

oemdell_countrycode (Read/Write)

. . . . . . .

364

. . . . . . . . . . .

364

/system1/sp1/oemdell_ssl1

. . . . . . . . . . . . . . .

364

generate (Read/Write)

. . . . . . . . . . . . . . .

364

. . . . . . . . . . . .

365

. . . . . . . . . .

365

. . . . . . . . . . .

366

. . . . . . . . . . . . .

366

. . . . . . . . .

366

. . . . . .

367

. . . . .

367

portnumber (Read/Write)

. . . . . . . . . . . . .

367

portnumber (Read/Write)

. . . . . . . . . . . . .

368

oemdell_emailaddress (Read/Write)
oemdell_keysize (Read/Write)

oemdell_status (Read Only)

oemdell_certtype (Read / Write)
/system1/sp1/oemdell_vmservice1
enabledstate (Read/Write)

oemdell_singleboot (Read/Write)

oemdell_floppyemulation (Read/Write)

/system1/sp1/oemdell_vmservice1/tcpendpt1

oemdell_sslenabled (Read Only) .

. . . . . . . . .

D RACADM and SM-CLP
Equivalencies

368

369

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Index

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

391

Contents

iDRAC Overview

The Integrated Dell™ Remote Access Controller (iDRAC) is a systems
management hardware and software solution that provides remote management
capabilities, crashed system recovery, and power control functions for Dell
PowerEdge™ systems.
The iDRAC uses an integrated System-on-Chip microprocessor for the remote
monitor/control system. The iDRAC co-exists on the system board with the
managed PowerEdge server. The server operating system is concerned with
executing applications; the iDRAC is concerned with monitoring and managing
the server’s environment and state outside of the operating system.
You can configure the iDRAC to send you an e-mail or Simple Network
Management Protocol (SNMP) trap alert for warnings or errors. To help you
diagnose the probable cause of a system crash, iDRAC can log event data and
capture an image of the screen when it detects that the system has crashed.
Managed servers are installed in a Dell M1000e system enclosure (chassis) with
modular power supplies, cooling fans, and a chassis management controller
(CMC). The CMC monitors and manages all components installed in the
chassis. A redundant CMC can be added to provide hot failover if the primary
CMC fails. The chassis provides access to the iDRACs through its LCD display,
local console connections, and its web interface.
All network connections to the iDRAC are through the CMC network interface
(CMC RJ45 connection port labelled "GB1"). The CMC routes traffic to the
iDRACs on its servers through a private, internal network. This private
management network is outside of the server’s data path and outside of the
operating system’s control, that is, out-of-band. The managed servers’ inband
network interfaces are accessed through I/O modules (IOMs) installed in the
chassis.

iDRAC Overview

The iDRAC network interface is disabled by default. It must be configured
before the iDRAC is accessible. After the iDRAC is enabled and configured on
the network, it can be accessed at its assigned IP address with the iDRAC web
interface, telnet or SSH, and supported network management protocols, such as
Intelligent Platform Management Interface (IPMI).

iDRAC Management Features
The iDRAC provides the following management features:

•

Dynamic Domain Name System (DDNS) registration

•

Remote system management and monitoring using a Web interface, the local
RACADM command line interface via console redirection, and the SM-CLP
command line over a telnet/SSH connection

•

Support for Microsoft® Active Directory® authentication — Centralizes
iDRAC user IDs and passwords in Active Directory using the standard
schema or an extended schema

•

Console Redirection — Provides remote system keyboard, video, and mouse
functions

•

Virtual Media — Enables a managed server to access a local media drive on
the management station or ISO CD/DVD images on a network share

•

Monitoring — Provides access to system information and status of
components

•

Access to system logs — Provides access to the system event log, the iDRAC
log, and the last crash screen of the crashed or unresponsive system that is
independent of the operating system state

•

Dell OpenManage™ software integration — Enables you to launch the
iDRAC Web interface from Dell OpenManage Server Administrator or IT
Assistant

•

iDRAC alert — Alerts you to potential managed node issues through an email message or SNMP trap

•

Remote power management — Provides remote power management
functions, such as shutdown and reset, from a management console

•

Single Sign-On from CMC Web interface — Once credentials are accepted
by CMC, users can access any iDRAC without additional login

iDRAC Overview

NOTE: If a warning window appears during the Single Sign-On process, it
must be bypassed within 20 seconds or Single Sign-On will fail.
•

One-to-Many firmware update – Enables user configurable update of more
than one iDRAC using CMC GUI and command line

•

Intelligent Platform Management Interface (IPMI) support

•

Secure Sockets Layer (SSL) encryption — Provides secure remote system
management through the Web interface

•

Password-level security management — Prevents unauthorized access to a
remote system

•

Role-based authority — Provides assignable permissions for different
systems management tasks

iDRAC Security Features
The iDRAC provides the following security features:
•

User authentication through Microsoft Active Directory (optional) or
hardware-stored user IDs and passwords

•

Role-based authority, which enables an administrator to configure specific
privileges for each user

•

User ID and password configuration through the Web interface or SM-CLP

•

SM-CLP and Web interfaces, which support 128-bit and 40-bit encryption
(for countries where 128 bit is not acceptable), using the SSL 3.0 standard

•

Session time-out configuration (in seconds) through the Web interface or
SM-CLP

•

Configurable IP ports (where applicable)
NOTE: Telnet does not support SSL encryption.

•

Secure Shell (SSH), which uses an encrypted transport layer for higher
security

•

Limited IP address range for clients connecting to the iDRAC

iDRAC Overview

iDRAC Firmware Improvements
The following improvements have been made to the iDRAC firmware:
•

Major improvements in Active Directory lookup performance

•

Improved responsiveness of TCP-IP networking stack

•

Improved health status interface between iDRAC and CMC

•

Security improvements using multiple third-party analysis tools

Supported Platforms
The iDRAC supports the following PowerEdge systems in the Dell PowerEdge
M1000e system enclosure:
•

PowerEdge M600

•

PowerEdge M605

•

PowerEdge M805

•

PowerEdge M905

Check the iDRAC Readme file and the Dell PowerEdge Compatibility Guide
located on the Dell Support website at support.dell.com for the latest supported
platforms.

Supported Operating Systems
Table 1-1 lists the operating systems that support the iDRAC.
See the Dell OpenManage Server Administrator Compatibility Guide located on
the Dell Support website at support.dell.com for the latest information.

iDRAC Overview

Table 1-1. Supported Operating Systems
Operating System
Family

Operating System

Microsoft
Windows

Microsoft® Windows Server® 2003 R2 Standard and Enterprise
(32-bit x86) Editions with SP2
Microsoft Windows Server 2003 Web, Standard and Enterprise
(32-bit x86) Editions with SP2
Microsoft Windows Server 2003 Standard and Enterprise (x64)
Editions with SP2
Microsoft Windows Storage Server 2003 R2 Express, Workgroup,
Standard, and Enterprise x64 Editions
Microsoft Windows Server 2008 Web, Standard, and Enterprise
(32-bit x86) Editions
Microsoft Windows Server 2008 Web, Standard, Enterprise and
Datacenter (x64) Editions

NOTE: When installing Windows Server 2003 with Service Pack 1,
be aware of changes to DCOM security settings. For more
information, see article 903220 from the Microsoft Support website
at support.microsoft.com/kb/903220.
Red Hat® Linux®

Enterprise Linux WS, ES, and AS (version 4) (x86 and x86_64)
Enterprise Linux 5 (x86 and x86-64)

SUSE® Linux

Enterprise Server 10 (Gold) (x86_64)

VMware

ESX(i) 3.5 U2 or later

Supported Web Browsers
Table 1-2 lists the Web browsers that are supported as iDRAC clients.
See the iDRAC Readme file and the Dell OpenManage Server Administrator
Compatibility Guide located on the Dell Support website at support.dell.com
for the latest information.
NOTE: Due to serious security flaws, support for SSL 2.0 has been discontinued.
Your browser must be configured to enable SSL 3.0 in order to work properly.

iDRAC Overview

Table 1-2. Supported Web Browsers
Operating System

Supported Web Browser

Windows

Internet Explorer® 6.0 with Service Pack 2 (SP2) for
Windows XP and Windows 2003 R2 SP2 only
Internet Explorer 7.0 for Windows Vista, Windows XP,
Windows 2003 R2 SP2, and Windows Server 2008 only
Mozilla Firefox 2.0 for Windows (Java vKVM/vMedia
console only)

Linux

Mozilla Firefox 1.5 on SUSE Linux (version 10) only
Mozilla Firefox 2.0 on Red Hat Enterprise Linux 4 and 5
(32-bit or 64-bit) and SUSE Linux Enterprise Server 10
(32-bit or 64-bit)

Supported Remote Access Connections
Table 1-3 lists the connection features.
Table 1-3. Supported Remote Access Connections
Connection

Features

iDRAC NIC

• 10Mbps/100Mbs/1Gbps Ethernet via CMC Gb Ethernet port
• DHCP support
• SNMP traps and e-mail event notification
• Support for SM-CLP (telnet or SSH) command shell for
operations such as iDRAC configuration, system boot, reset,
power-on, and shutdown commands
• Support for IPMI utilities such as ipmitool and ipmishell

iDRAC Ports
Table 1-4 lists the ports iDRAC listens on for connections. Table 1-5 identifies
the ports that the iDRAC uses as a client. This information is required when
opening firewalls for remote access to an iDRAC.

iDRAC Overview

Table 1-4. iDRAC Server Listening Ports
Port Number

Function

22*

Secure Shell (SSH)

23*

Telnet

80*

HTTP

443*

HTTPS

623

RMCP/RMCP+

3668*, 3669*

Virtual Media Service

3770*, 3771*

Virtual Media Secure Service

5900*

Console Redirection keyboard/mouse

5901*

Console Redirection video

* Configurable port

Table 1-5. iDRAC Client Ports
Port Number

Function

SMTP

DNS

DHCP-assigned IP address

TFTP

162

SNMP trap

636

LDAPS

3269

LDAPS for global catalog (GC)

Other Documents You May Need
In addition to this User Guide, the following documents provide additional
information about the setup and operation of the iDRAC in your system:
•

The iDRAC online help provides information about using the Web interface.

iDRAC Overview

•

The Dell Chassis Management Controller User Guide provides information
about using the controller that manages all modules in the chassis containing
your PowerEdge server.

•

The Dell OpenManage IT Assistant User’s Guide provides information about
using IT Assistant.

•

The Dell OpenManage Server Administrator User’s Guide provides
information about installing and using Server Administrator.

•

The Dell Update Packages User’s Guide provides information about
obtaining and using Dell Update Packages as part of your system update
strategy.

The following system documents are also available to provide more information
about the system in which your iDRAC is installed:
•

The Product Information Guide provides important safety and regulatory
information. Warranty information may be included within this document or
as a separate document.

•

The Rack Installation Guide and Rack Installation Instructions included with
your rack solution describe how to install your system into a rack.

•

The Getting Started Guide provides an overview of system features, setting
up your system, and technical specifications.

•

The Hardware Owner’s Manual provides information about system features
and describes how to troubleshoot the system and install or replace system
components.

•

Systems management software documentation describes the features,
requirements, installation, and basic operation of the software.

•

Operating system documentation describes how to install (if necessary),
configure, and use the operating system software.

•

Documentation for any components you purchased separately provides
information to configure and install these options.

•

Updates are sometimes included with the system to describe changes to the
system, software, and/or documentation.
NOTE: Always read the updates first because they often supersede
information in other documents.

iDRAC Overview

•

Release notes or readme files may be included to provide last-minute updates
to the system or documentation or advanced technical reference material
intended for experienced users or technicians.

iDRAC Overview

Configuring the iDRAC

This section provides information about how to establish access to the iDRAC
and to configure your management environment to use iDRAC.

Before You Begin
Gather the following items prior to configuring the iDRAC:
•

Dell Chassis Management Controller User Guide

•

Dell Systems Management Tools and Documentation DVD

Interfaces for Configuring the iDRAC
You can configure the iDRAC using the iDRAC Configuration Utility, the
iDRAC Web interface, the local RACADM CLI, or the SM-CLP CLI. The local
RACADM CLI is available after you have installed the operating system and the
Dell PowerEdge server management software on the managed server. Table 2-1
describes these interfaces.
For greater security, access to the iDRAC configuration through the iDRAC
Configuration Utility or Local RACADM CLI can be disabled by means of a
RACADM command (see "cfgRacTuneLocalConfigDisable (Read/Write)" on
page 327) or from the GUI (see "Enabling or Disabling Local Configuration
Access" on page 95).
NOTE: Using more than one configuration interface at the same time may generate
unexpected results.

Configuring the iDRAC

Table 2-1. Configuration Interfaces
Interface

Description

iDRAC
Configuration
Utility

Accessed at boot time, the iDRAC Configuration utility is useful
when installing a new PowerEdge server. Use it for setting up the
network and basic security features and for enabling other
features.

iDRAC Web
Interface

The iDRAC Web interface is a browser-based management
application that you can use to interactively manage the iDRAC
and monitor the managed server. It is the primary interface for
day-to-day tasks, such as monitoring system health, viewing the
system event log, managing local iDRAC users, and launching
the CMC Web interface and console redirection sessions.

CMC Web Interface

In addition to monitoring and managing the chassis, the CMC
Web interface can be used to view the status of a managed
server, configure iDRAC network settings, and to start, stop, or
reset the managed server.

Chassis LCD Panel

The LCD panel on the chassis containing the iDRAC can be
used to view the high-level status of the servers in the chassis.
During initial configuration of the CMC, the configuration
wizard allows you to enable DHCP configuration of iDRAC
networking.

Local RACADM

The local RACADM command line interface runs on the
managed server. It is accessed from either the iKVM or a console
redirection session initiated from the iDRAC Web interface.
RACADM is installed on the managed server when you install
Dell OpenManage Server Administrator.
RACADM commands provide access to nearly all iDRAC
features. You can inspect sensor data, system event log records,
and the current status and configuration values maintained in the
iDRAC. You can alter iDRAC configuration values, manage
local users, enable and disable features, and perform power
functions such as shutting down or rebooting the managed
server.

iVM-CLI

The iDRAC Virtual Media Command Line Interface (iVM-CLI)
provides the managed server access to media on the management
station. It is useful for developing scripts to install operating
systems on multiple managed servers.

Configuring the iDRAC

Table 2-1. Configuration Interfaces (continued)
Interface

Description

SM-CLP

SM-CLP is the Distributed Management Task Force (DMTF)
Server Management-Command Line Protocol (SM-CLP) that is
incorporated in the iDRAC. The SM-CLP command line is
accessed by logging into the iDRAC using telnet or SSH.
SM-CLP commands implement a useful subset of the local
RACADM commands. The commands are useful for scripting
since they can be executed from a management station command
line. The output of commands can be retrieved in well-defined
formats, including XML, facilitating scripting and integration
with existing reporting and management tools.
See "RACADM and SM-CLP Equivalencies" on page 369 for a
comparison of the RACADM and SM-CLP commands.

IPMI

IPMI defines a standard way for embedded management
subsystems such as the iDRAC to communicate with other
embedded systems and management applications.
You can use the iDRAC Web interface, SM-CLP, or RACADM
commands to configure IPMI Platform Event Filters (PEFs) and
Platform Event Traps (PETs).
PEFs cause the iDRAC to perform selectable actions (for
example, rebooting the managed server) when it detects a
condition. PETs instruct the iDRAC to send e-mail or IPMI
alerts when it detects specified events or conditions.
You can also use standard IPMI tools such as ipmitool and
ipmishell with iDRAC when you enable IPMI Over LAN.

Configuring the iDRAC

Configuration Tasks
This section is an overview of the configuration tasks for the management
station, the iDRAC, and the managed server. The tasks to be performed include
configuring the iDRAC so that it can be used remotely, configuring the iDRAC
features you want to use, installing the operating system on the managed server,
and installing management software on your management station and the
managed server.
The configuration tasks that can be used to perform each task are listed beneath
the task.
NOTE: Before performing configuration procedures in this guide, the CMC and I/O
modules must be installed in the chassis and configured, and the PowerEdge server
must be physically installed in the chassis.

Configure the Management Station
Set up a management station by installing the Dell OpenManage software, a
Web browser, and other software utilities.
•

See "Configuring the Management Station" on page 51

Configure iDRAC Networking
Enable the iDRAC network and configure IP, netmask, gateway, and DNS
addresses.
NOTE: Access to the iDRAC configuration through the iDRAC Configuration Utility
or Local RACADM CLI can be disabled by means of a RACADM command (see
"cfgRacTuneLocalConfigDisable (Read/Write)" on page 327) or from the GUI (see
"Enabling or Disabling Local Configuration Access" on page 95).
NOTE: Changing the iDRAC network settings terminates all current network
connections to the iDRAC.
NOTE: The option to configure the server using the LCD panel is available only
during the CMC initial configuration. Once the chassis is deployed, the LCD panel
cannot be used to reconfigure the iDRAC.
NOTE: The LCD panel can be used to enable DHCP to configure the iDRAC network.
If you want to assign static addresses, you must use the iDRAC Configuration Utility
or the CMC Web interface.

Configuring the iDRAC

•

Chassis LCD Panel — see the Dell Chassis Management Controller
Firmware User Guide.

•

iDRAC configuration utility — see "LAN" on page 241

•

CMC Web interface — see "Configuring Networking Using the CMC Web
Interface" on page 39

•

RACADM — see "cfgLanNetworking" on page 307

Configure iDRAC Users
Set up the local iDRAC users and permissions. The iDRAC holds a table of
sixteen local users in firmware. You can set usernames, passwords, and roles for
these users.
•

iDRAC configuration utility (configures administrative user only) — see
"LAN User Configuration" on page 244

•

iDRAC Web interface — see "Adding and Configuring iDRAC Users" on
page 80

•

RACADM — see "Adding an iDRAC User" on page 195

Configure Active Directory
In addition to the local iDRAC users, you can use Microsoft® Active Directory®
to authenticate iDRAC user logins.
•

See "Using the iDRAC with Microsoft Active Directory" on page 103
NOTE: When using iDRAC in an Active Directory environment, be sure your user
names conform to the Active Directory naming convention in force in your
environment.

Configure IP Filtering and IP Blocking
In addition to user authentication, you can prevent unauthorized access by
rejecting connection attempts from IP addresses outside of a defined range and
by temporarily blocking connections from IP addresses where authentication
has failed multiple times within a configurable timespan.
•

iDRAC Web interface — see "Configuring IP Filtering and IP Blocking" on
page 75

•

RACADM — see "Configuring IP Filtering (IpRange)" on page 203,
"Configuring IP Blocking" on page 205

Configuring the iDRAC

Configure Platform Events
Platform events occur when the iDRAC detects a warning or critical condition
from one of the managed server’s sensors.
Configure Platform Event Filters (PEFs) to choose the events you want to
detect, such as rebooting the managed server, when an event is detected.
•

iDRAC Web interface — see "Configuring Platform Event Filters (PEF)" on
page 77

•

RACADM — see "Configuring PEF" on page 200

Configure Platform Event Traps (PETs) to send alert notifications to an IP
address, such as a management station with IPMI software or to send an e-mail
to a specified e-mail address.
•

iDRAC Web interface — see "Configuring Platform Event Traps (PET)" on
page 78

•

RACADM — see "Configuring PET" on page 201

Enabling or Disabling Local Configuration Access
Access to critical configuration parameters, such as network configuration and
user privileges, can be disabled. Once disabled, the setting remains persistent
across reboots. Configuration write access is blocked for both the Local
RACADM program and the iDRAC Configuration Utility (at boot). Web access
to configuration parameters is unimpeded and configuration data is always
available for viewing. For information about the iDRAC Web interface, see
"Enabling or Disabling Local Configuration Access" on page 95. For cfgRac
Tuning commands, see "cfgRacTuning" on page 321.

Configure iDRAC Services
Enable or disable the iDRAC network services — such as telnet, SSH, and the
Web server interface — and reconfigure ports and other service parameters.
•

iDRAC Web interface — see "Configuring iDRAC Services" on page 95

•

RACADM — see "Configuring iDRAC Telnet and SSH Services Using
Local RACADM" on page 207

Configure Secure Sockets Layer (SSL)
Configure SSL for the iDRAC web server.

Configuring the iDRAC

•

iDRAC Web interface — see "Secure Sockets Layer (SSL)" on page 84

•

RACADM — see "cfgRacSecurity" on page 328, "sslcsrgen" on page 295,
"sslcertupload" on page 297, "sslcertdownload" on page 298, "sslcertview"
on page 299

Configure Virtual Media
Configure the virtual media feature so that you can install the operating system
on the PowerEdge server. Virtual media allows the managed server to access
media devices on the management station or ISO CD/DVD images on a network
share as if they were devices on the managed server.
•

iDRAC Web interface — see "Configuring and Using Virtual Media" on
page 177

•

iDRAC configuration utility — see "Virtual Media" on page 244

Install the Managed Server Software
Install the operating system on the PowerEdge server using virtual media and
then install the Dell OpenManage software on the managed PowerEdge server
and set up the last crash screen feature.
•

Console redirection — see "Installing the Software on the Managed Server"
on page 65

•

iVM-CLI — see "Using the Virtual Media Command Line Interface Utility"
on page 232

Configure the Managed Server for the Last Crash Screen Feature
Set up the managed server so that the iDRAC can capture the screen image after
an operating system crash or freeze.
•

Managed Server — see "Configuring the Managed Server to Capture the Last
Crash Screen" on page 66, "Disabling the Windows Automatic Reboot
Option" on page 67

Configuring Networking Using the CMC Web
Interface
NOTE: You must have Chassis Configuration Administrator privilege to set up
iDRAC network settings from the CMC.
Configuring the iDRAC

NOTE: The default CMC user is root and the default password is calvin.
NOTE: The CMC IP address can be found in the iDRAC Web interface by clicking
System→ Remote Access→ CMC. You can also launch the CMC Web interface
from this page.
1 Use your web browser to log in to the CMC web user interface using a URL
of the form https:// or https://.
2 Enter the CMC username and password and click OK.
3 Click the plus (+) symbol next to Chassis in the left column, then click
Servers.
4 Click Setup→ Deploy Network.
5 Enable the LAN for the server by checking the checkbox next to the server
beneath the Enable Lan heading.
6 Enable or disable IPMI over LAN by checking the or unchecking the
checkbox next to the server beneath the Enable IPMI over LAN heading.
7 Enable or disable DHCP for the server by checking or unchecking the
checkbox next to the server under the DHCP Enabled heading.
8 If DHCP is disabled, enter the static IP address, netmask, and default
gateway for the server.
9 Click Apply at the bottom of the page.

Viewing FlexAddress Mezzanine Card Fabric
Connections
The M1000e includes FlexAddress, an advanced multilevel, multistandard
networking system. FlexAddress allows the use of persistent, chassis-assigned
World Wide Names and MAC addresses (WWN/MAC) for each managed
server port connection.
NOTE: In order to avoid errors that may lead to an inability to power on the
managed server, you must have the correct type of mezzanine card installed for
each port and fabric connection.
Configuration of the FlexAddress feature is performed using the CMC web
interface. For more information on the FlexAddress feature and its
configuration, see your Dell Chassis Management Controller Firmware Version
1.20 User Guide.

Configuring the iDRAC

Once the FlexAddress feature has been enabled and configured for the cabinet,
click System→ Properties→ WWN/MAC to view a list of installed mezzanine
cards, the fabrics and ports to which they are connected, the fabric port location,
type of fabric, and server-configured or chassis-assigned MAC addresses for
each installed embedded Ethernet and optional mezzanine card port.
To view a list of installed mezzanine cards, the type of mezzanine cards
installed, and if FlexAddress is configured, click System→ Properties→
Summary.

Updating the iDRAC Firmware
Updating the iDRAC firmware installs a new firmware image in the iDRAC
flash memory. iDRAC 1.4 supports One-to-Many firmware updates via the
CMC in normal mode, not just for corruption. You can update the firmware
using any of the following methods:
•

SM-CLP load command

•

iDRAC Web interface

•

Dell Update Package (for Linux or Microsoft Windows)

•

DOS iDRAC Firmware update utility

•

CMC Web interface (you must use this method if iDRAC firmware is
corrupted, or to do One-to-Many updates with CMC 2.0 or later firmware;
see your CMC Firmware User Guide for more information)

Downloading the Firmware or Update Package
Download the firmware from support.dell.com. The firmware image is
available in several different formats to support the different update methods
available.
To update the iDRAC firmware using the iDRAC Web interface or SM-CLP, or
to recover the iDRAC using the CMC Web interface, download the binary
image, packaged as a self-extracting archive.
To update the iDRAC firmware from the managed server, download the
operating system-specific Dell Update Package (DUP) for the operating system
running on the server whose iDRAC you are updating.

Configuring the iDRAC

To update the iDRAC firmware using the DOS iDRAC Firmware update utility,
download both the update utility and the binary image, which are packaged in
self-extracting archive files.

Execute the Firmware Update
NOTE: When the iDRAC firmware update begins, all existing iDRAC sessions are
disconnected and new sessions are not permitted until the update process is
completed.
NOTE: The chassis fans run at 100% during the iDRAC firmware update. When the
update is complete, normal fan speed regulation resumes. This is normal behavior,
designed to protect the server from overheating during a time when it cannot send
sensor information to the CMC.
To use a Dell Update Package for Linux or Microsoft Windows, execute the
operating-specific DUP on the managed server.
When using the SM-CLP load command, place the firmware binary image in a
directory where a Trivial File Transfer Protocol (TFTP) server can serve it to the
iDRAC. See "Updating the iDRAC Firmware Using SM-CLP" on page 226.
When using the iDRAC Web interface or the CMC Web interface, place the
firmware binary image on a disk that is accessible to the management station
from which you are running the Web interface. See "Updating the iDRAC
Firmware" on page 98.
NOTE: The iDRAC Web interface also allows you to reset the iDRAC configuration
to the factory defaults.
You must use the CMC Web interface to update the firmware when the CMC
detects that the iDRAC firmware is corrupted, as could occur if the iDRAC
firmware update progress is interrupted before it completes. See "Recovering
iDRAC Firmware Using the CMC" on page 99.
The CMC Web interface (CMC 2.0 or later) also provides a One-to-Many Outof-Band iDRAC Firmware update capacity that can be used at any time.
NOTE: After the CMC updates the firmware of the iDRAC, the iDRAC generates
new SHA1 and MD5 keys for the SSL certificate. Because the keys are different
from those in the open Web browser, all browser windows that are connected to
the iDRAC must be closed after the firmware update is complete. If the browser
windows are not closed, an Invalid Certificate error message is displayed.

Configuring the iDRAC

NOTE: If you are backdating your iDRAC firmware from version 1.20 to an earlier
version, you must delete the existing Internet Explorer ActiveX browser plugin on
any Windows-based Management Station to allow the firmware to install a
compatible version of the ActiveX plugin. To delete the ActiveX plugin, navigate to
c:\WINNT\Downloaded Program Files and delete the file DELL IMC KVM Viewer.

Using the DOS Update Utility
To update the iDRAC firmware using the DOS update utility, boot the managed
server to DOS, and execute the idrac16d command. The syntax for the
command is:
idrac16d [-f] [-i=] [-l=]
When executed with no options, the idrac16d command updates the iDRAC
firmware using the firmware image file firmimg.imc in the current directory.
The options are as follows:
-f — forces the update. The -f option can be used to downgrade the firmware
to an earlier image.
-i= — specifies the filename image that contains the firmware
image. This option is required if the firmware filename has been changed from
the default name firmimg.imc.
-l= — logs output from the update activity. This option is used
for debugging.
CAUTION: If you enter incorrect arguments for the idrac16d command or supply
the -h option, you may notice an additional option, -nopresconfig, in the
usage output. This option is used to update the firmware without preserving any
configuration information. You should not use this option unless explicitly told to
do so by a Dell Support Representative because it deletes all of your existing
iDRAC configuration information such as IP addresses, users, and passwords.

Configuring the iDRAC

Verifying the Digital Signature
A digital signature is used to authenticate the identity of the signer of a file and
to certify that the original content of the file has not been modified since it was
signed.
If you do not already have it installed on your system, you must install the Gnu
Privacy Guard (GPG) to verify a digital signature. To use the standard
verification procedure, perform the following steps:
1 Download the Dell Linux public GnuPG key, if you do not already have it, by
navigating to lists.us.dell.com and clicking the Dell Public GPG key link.
Save the file to your local system. The default name is linux-securitypublickey.txt.
2 Import the public key to your gpg trust database by running the following
command:
gpg --import
NOTE: You must have your private key to complete the process.
3 To avoid a distrusted-key warning, change the trust level for the Dell Public
GPG key.
a

Type the following command:
gpg --edit-key 23B66A9D

Within the GPG key editor, type fpr. The following message appears:
pub 1024D/23B66A9D 2001-04-16 Dell, Inc.
(Product Group)
Primary key fingerprint: 4172 E2CE 955A 1776
A5E6 1BB7 CA77 951D 23B6 6A9D
If the fingerprint of your imported key is the same as above, you have a
correct copy of the key.

While still in the GPG key editor, type trust. The following menu
appears:
Please decide how far you trust this user to
correctly verify other users' keys (by looking

Configuring the iDRAC

at passports, checking fingerprints from
different sources, etc.)
1
2
3
4
5
m

=
=
=
=
=
=

I don't know or won't say
I do NOT trust
I trust marginally
I trust fully
I trust ultimately
back to the main menu

Your decision?
d

Type 5 . The following prompt appears:
Do you really want to set this key to ultimate
trust? (y/N)

Type y to confirm your choice.

Type quit to exit the GPG key editor.

You must import and validate the public key only once.
4 Obtain the package you need, for example the Linux DUP or self-extracting
archive) and its associated signature file from the Dell Support website at
support.dell.com/support/downloads.
NOTE: Each Linux Update Package has a separate signature file, which is
shown on the same web page as the Update Package. You need both the
Update Package and its associated signature file for verification. By default,
the signature file is named the same as the DUP filename with a .sign
extension. For example, if a Linux DUP is named PEM600_BIOS_LX_2.1.2.BIN,
its signature filename is PEM600_BIOS_LX_2.1.2.BIN.sign. The iDRAC
firmware image also has an associated .sign file, which is included in the selfextracting archive with the firmware image. To download the files, right-click
on the download link and use the Save Target As… file option.
5 Verify the Update Package:
gpg --verify

Configuring the iDRAC

The following example illustrates the steps that you follow to verify a
PowerEdge M600 BIOS Update Package:
1 Download the following two files from support.dell.com:
•

PEM600_BIOS_LX_2.1.2.BIN.sign

•

PEM600_BIOS_LX_2.1.2.BIN

2 Import the public key by running the following command line:
gpg --import
The following output message appears:
gpg: key 23B66A9D: "Dell Computer Corporation
(Linux Systems Group) " not changed
gpg: Total number processed: 1
gpg: unchanged: 1
3 Set the GPG trust level for the Dell public key. if you haven’t done so
previously.
a

Typing the following command:
gpg --edit-key 23B66A9D

At the command prompt, type the following commands:
fpr
trust

Type 5 to choose I trust ultimately from the menu.

Type y to confirm your choice.

Type quit to exit the GPG key editor.

This completes validation of the Dell public key.
4 Verify the PEM600 BIOS package digital signature by running the following
command:
gpg --verify PEM600_BIOS_LX_2.1.2.BIN.sign
PEM600_BIOS_LX_2.1.2.BIN
The following output message appears:
gpg: Signature made Fri Jul 11 15:03:47 2008
CDT using DSA key ID 23B66A9D
46

Configuring the iDRAC

gpg: Good signature from "Dell, Inc. (Product
Group) "
NOTE: If you have not validated the key as shown in step 3, you will receive
additional messages:

gpg: WARNING: This key is not certified with a
trusted signature!
gpg: There is no indication that the signature
belongs to the owner.
Primary key fingerprint: 4172 E2CE 955A 1776
A5E6 1BB7 CA77 951D 23B6 6A9D

Clear Your Browser’s Cache
To be able to use the features in the latest iDRAC, you must clear the browser’s
cache to remove/delete any old web pages that may be stored on the system.
Internet Explorer

1 Start Internet Explorer.
2 Click Tools, and then click Internet Options.
The Internet Options window appears.
3 Click the General tab.
4 Under Temporary Internet files, click Delete Files.
The Delete Files window appears.
5 Click to check Delete all offline content, and then click OK.
6 Click OK to close the Internet Options window.

Configuring the iDRAC

Firefox

1 Start Firefox.
2 Click Edit→ Preferences.
3 Click the Privacy tab.
4 Click the Clear Cache Now.
5 Click Close.

Configuring iDRAC for Use with IT Assistant
Dell™ OpenManage™ IT Assistant comes preconfigured to discover managed
devices that comply with Simple Network Management Protocol (SNMP)
version 1 and version 2c and Intelligent Platform Management Interface (IPMI)
version 2.0.
The iDRAC complies with IPMI version 2.0. This section describes the steps to
configure an iDRAC for discovery and monitoring by IT Assistant. There are
two ways to accomplish this: through the iDRAC Configuration Utility and
through the iDRAC's graphical Web interface.

Using the iDRAC Configuration Utility to Enable Discovery and
Monitoring
To set up an iDRAC for IPMI discovery and alert trap sending at the iDRAC
configuration utility level, you need to restart your managed server (blade) and
observe its power-up using the iKVM and either a remote monitor and console
keyboard or a Serial-Over-LAN (SOL) connection. When Press
for Remote Access Setup is displayed, press .
When the iDRAC Configuration Utility screen appears, use the arrow keys to
scroll down.
1 Enable IPMI over LAN.
2 Enter your site's RMCP+ Encryption Key, if used.
NOTE: See your senior Network Administrator or CIO to discuss implementing
this option because it adds valuable security protection and must be implemented
site wide in order to function properly.
3 At LAN Parameters, press to enter the sub-screen. Use the uparrow and down-arrow keys to navigate.

Configuring the iDRAC

4 Toggle LAN Alert Enabled to On using the spacebar.
5 Enter the IP address of your Management Station into Alert Destination 1.
6 Enter a name string into iDRAC Name with a consistent naming convention
across your data center. The default is iDRAC-{Service Tag}.
Exit the iDRAC Configuration Utility by pressing , , and then
to save your changes. Your server will now boot into normal operation,
and IT Assistant will discover it during the next scheduled Discovery pass.

Using the iDRAC Web Interface to Enable Discovery and Monitoring
IPMI Discovery can also be enabled through the remote Web Interface:
1 Enter the IP address of your iDRAC into your browser.
2 Log in using a user name and password with Administrator rights.
3 Select iDRAC→Network/Security→Network.
4 Scroll down to IPMI LAN Settings.
5 Make sure Enable IPMI over LAN is selected.
6 Set Channel Level Privileges to Administrator.
7 Enter your site's RMCP+ Encryption Key, if used.
8 Click Apply, if needed.
9 Navigate to System→Alert Management→Platform Events.
10 Enable Alerts for the Platform Event categories for which you wish to set
traps.
11 Click Apply if you've made changes.
12 Click Trap Settings.
13 Enter the IP address of your Management Station in the first available
Destination IP Address textbox.
14 Make sure the Enabled box is selected.
15 Click Apply if you've made changes.
You can now send a test trap by clicking the Send link.
Dell highly recommends that for security purposes you create a separate user
account for IPMI commands with its own user name, IPMI over LAN
privileges, and password.

Configuring the iDRAC

1 Navigate to iDRAC→Network/Security→Users.
2 Click on the number of an undefined User.
3 In the sub-screen, enable the User and enter a Name and Password.
4 Make sure Maximum LAN User Privilege Granted is set to
Administrator.
5 Click Apply to save your changes.

Using the Dell IT Assistant to View iDRAC Status and Events
After Discovery is complete, the iDRACs will show up in the Servers category
of the ITA Devices detail screen, and iDRAC information can be seen by
clicking on the iDRAC name. This is different than DRAC5 systems, where the
management card shows up in the RAC group. This is due to the fact that
iDRAC uses IPMI discovery as opposed to SNMP.
iDRAC error and warning traps can now be seen in the primary Alert Log of IT
Assistant. They will show up in the Unknown category, but the trap description
and severity will be accurate.
For more information on using IT Assistant to manage your data center, please
read the IT Assistant User's Guide.

Configuring the iDRAC

Configuring the Management
Station

A management station is a computer used to monitor and manage the
PowerEdge servers and other modules in the chassis. This section describes
software installation and configuration tasks that set up a management station to
work with the iDRAC. Before you begin configuring the iDRAC, follow the
procedures in this section to ensure that you have installed and configured the
tools you will need.

Management Station Set Up Steps
To set up your Management Station, perform the following steps:
1 Set up the management station network.
2 Install and configure a supported Web browser.
3 Install a Java Runtime Environment (JRE) (optional for Windows).
4 Install telnet or SSH clients, if required.
5 Install a TFTP server, if required.
6 Install Dell OpenManage IT Assistant (optional).

Management Station Network Requirements
To access the iDRAC, the management station must be on the same network as
the CMC RJ45 connection port labelled "GB1". It is possible to isolate the CMC
network from the network the managed server is on, so that your management
station may have LAN access to the iDRAC but not to the managed server.
Using the iDRAC console redirection feature (see "Configuring and Using
Serial Over LAN" on page 141), you can access the managed server’s console
even if you do not have network access to the server’s ports. You can also
Configuring the Management Station

perform several management functions on the managed server, such as
rebooting the computer, using iDRAC facilities. To access network and
application services hosted on the managed server, however, you may need an
additional NIC in the management computer.

Configuring a Supported Web Browser
The following sections provide instructions for configuring the supported Web
browsers for use with the iDRAC Web interface. For a list of supported Web
browsers, see "Supported Web Browsers" on page 27.

Opening Your Web Browser
The iDRAC Web Interface is designed to be viewed in a supported Web browser
at a minimum screen resolution of 800 pixels wide by 600 pixels high. In order
to view the interface and access all features, ensure that your resolution is set to
at least 800 by 600 pixels and/or resize your browser, as needed.
NOTE: In some situations, most often during the first session after a firmware
update, users of Internet Explorer 6 may see the message Done, with errors
displayed in the browser status bar along with a partially rendered page in the main
browser window. This error can also occur if you are experiencing connectivity
problems or have the Windows Firewall enabled. These are known issues with
Internet Explorer 6. Because Internet Explorer 7 does not exhibit these issues, Dell
recommends that you upgrade.

Configuring Your Web Browser to Connect to the Web Interface
If you are connecting to the iDRAC Web interface from a management station
that connects to the Internet through a proxy server, you must configure the Web
browser to access the Internet from this server.
To configure the Internet Explorer Web browser to access a proxy server,
perform the following steps:
1 Open a Web browser window.
2 Click Tools, and click Internet Options.
The Internet Options window appears.
3 Select Tools→Internet Options→Security→Local Network (Internet
Explorer 7) -or- Local Intranet (Internet Explorer 6).
4 Click the Custom Level.
52

Configuring the Management Station

5 Select Medium-Low from the drop-down menu, and click Reset. Click OK
to confirm. You will need to re-enter the Custom Level dialog by clicking its
button.
6 Scroll down to the section labeled ActiveX controls and plug-ins, and check
each setting, as different versions of Internet Explorer have differing settings
in Medium-Low state:
•

Automatic prompting for ActiveX controls: Enable

•

Binary and script behaviors: Enable

•

Download signed ActiveX controls: Prompt

•

Initialize and script ActiveX controls not marked as safe: Prompt

•

Run ActiveX controls and plug-ins: Enable

•

Script ActiveX controls marked safe for scripting: Enable

In the section on Downloads:
•

Automatic prompting for file downloads: Enable

•

File download: Enable

•

Font download: Enable

In the Miscellaneous section:
•

Allow META-REFRESH: Enable

•

Allow scripting of Internet Explorer Web browser control: Enable

•

Allow script-initiated windows without size or position constraints:
Enable

•

Don't prompt for client certificate selection when no certificates or only
one certificate exists: Enable

•

Launching programs and files in an IFRAME: Enable

•

Open files based on content, not file extension: Enable

•

Software channel permissions: Low safety

•

Submit nonencrypted form data: Enable

•

Use Pop-up Blocker: Disable

In the Scripting section:
•

Active scripting: Enable

Configuring the Management Station

•

Allow paste operations via script: Enable

•

Scripting of Java applets: Enable

7 Select Tools→Internet Options→Advanced.
8 Make sure the following items are checked or unchecked:
In the Browsing section:
•

Always send URLs as UTF-8: checked

•

Disable script debugging (Internet Explorer): checked

•

Disable script debugging: (Other): checked

•

Display a notification about every script error: unchecked

•

Enable Install On demand (Other): checked

•

Enable page transitions: checked

•

Enable third-party browser extensions: checked

•

Reuse windows for launching shortcuts: unchecked

In the HTTP 1.1 settings section:
•

Use HTTP 1.1: checked

•

Use HTTP 1.1 through proxy connections: checked

In the Java (Sun) section:
•

Use JRE 1.6.x_yz: checked (optional; version may differ)

In the Multimedia section:
•

Enable automatic image resizing: checked

•

Play animations in web pages: checked

•

Play videos in web pages: checked

•

Show pictures: checked

In the Security section:

•

Check for publishers' certificate revocation: unchecked

•

Check for signatures on downloaded programs: checked

•

Use SSL 2.0: unchecked

•

Use SSL 3.0: checked

Configuring the Management Station

•

Use TLS 1.0: checked

•

Warn about invalid site certificates: checked

•

Warn if changing between secure and not secure mode: checked

•

Warn if forms submittal is being redirected: checked
NOTE: If you choose to alter any of the above settings, first understand the
consequences of doing so. For example, if you choose to block pop-ups,
portions of the iDRAC Web User Interface will not function properly.

9 Click Apply.
10 Click OK.
11 Select the Connections tab.
12 Under Local Area Network (LAN) settings, click LAN Settings.
13 If the Use a proxy server box is selected, select the Bypass proxy server for
local addresses box.
14 Click OK twice.
15 Close and restart your browser to make sure all changes take effect.

Adding iDRAC to the List of Trusted Domains
When you access the iDRAC Web interface through the Web browser, you may
be prompted to add the iDRAC IP address to the list of trusted domains if the IP
address is missing from the list. When completed, click Refresh or relaunch the
Web browser to establish a connection to the iDRAC Web interface.

Viewing Localized Versions of the Web Interface
The iDRAC Web interface is supported on the following operating system
languages:
•

English (en-us)

•

French (fr)

•

German (de)

•

Spanish (es)

•

Japanese (ja)

•

Simplified Chinese (zh-cn)

Configuring the Management Station

The ISO identifiers in parentheses denote the specific language variants which
are supported. Use of the interface with other dialects or languages is not
supported and may not function as intended. For some supported languages,
resizing the browser window to 1024 pixels wide may be necessary in order to
view all features.
The iDRAC Web Interface is designed to work with localized keyboards for the
specific language variants listed above. Some features of the iDRAC Web
Interface, such as Console Redirection, may require additional steps to access
certain functions/letters. For more details on how to use localized keyboards in
these situations, see "Using the Video Viewer" on page 167. Use of other
keyboards is not supported and may cause unexpected problems.
Internet Explorer 6.0 and 7.0 (Windows)

To view a localized version of the iDRAC Web interface in Internet Explorer,
perform the following steps:
1 Click the Tools menu and select Internet Options.
2 In the Internet Options window, click Languages.
3 In the Language Preference window, click Add.
4 In the Add Language window, select a supported language.
To select more than one language, press .
5 Select your preferred language and click Move Up to move the language to
the top of the list.
6 In the Language Preference window, click OK.
7 Click OK.
Firefox 1.5 (Linux)

To view a localized version of the iDRAC Web interface in Firefox 1.5, perform
the following steps:
1 Click Edit→ Preferences, then click the Advanced tab.
2 In the Language section, click Choose.
3 Click Select a language to add….
4 Select a supported language and click Add.

Configuring the Management Station

5 Select your preferred language and click Move Up to move it to the top of
the list.
6 In the Languages menu, click OK.
7 Click OK.
Firefox 2.0 (Linux or Windows)

To view a localized version of the iDRAC Web interface in Firefox 2.0, perform
the following steps:
1 Click Tools→ Options, and then click the Advanced tab.
2 Under Language, click Choose.
The Languages window appears.
3 In the Select a language to add... drop down menu, click to highlight a
supported language, and then click Add.
4 Click to select your preferred language, and then click Move Up until the
language appears a the top of the list.
5 Click OK to close the Languages window.
6 Click OK to close the Options window.

Setting the Locale in Linux
The console redirection viewer requires a UTF-8 character set to display
correctly. If your display is garbled, check your locale and reset the character set
if needed.
The following steps show how to set the character set on a Red Hat® Enterprise
Linux® client with a Simplified Chinese GUI:
1 Open a command terminal.
2 Type locale and press . Output similar to the following output
appears:
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"

Configuring the Management Station

LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=
3 If the values include "zh_CN.UTF-8", no changes are required. If the
values do not include "zh_CN.UTF-8", go to step 4.
4 Edit the /etc/sysconfig/i18n file with a text editor.
5 In the file, apply the following changes:
Current entry:
LANG="zh_CN.GB18030"
SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh"
Updated entry:
LANG="zh_CN.UTF-8"
SUPPORTED="zh_CN.UTF8:zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh"
6 Log out and then log in to the operating system.
When you switch from any other language, ensure that this fix is still valid. If
not, repeat this procedure.

Disabling the Whitelist Feature in Firefox
Firefox has a "whitelist" security feature that requires user permission to install
plugins for each distinct site that hosts a plugin. If enabled, the whitelist feature
requires you to install a console redirection viewer for each iDRAC you visit,
even though the viewer versions are identical.
To disable the whitelist feature and avoid unnecessary plugin installations,
perform the following steps:
1 Open a Firefox Web browser window.
2 In the address field, type about:config and press .

Configuring the Management Station

3 In the Preference Name column, locate and double-click
xpinstall.whitelist.required.
The values for Preference Name, Status, Type, and Value change to bold
text. The Status value changes to user set and the Value value changes to
false.
4 In the Preferences Name column, locate xpinstall.enabled.
Ensure that Value is true. If not, double-click xpinstall.enabled to set Value
to true.

Installing a Java Runtime Environment (JRE)
NOTE: If you use the Internet Explorer browser, an ActiveX control is provided for
the console viewer. You can also use the Java console viewer with Internet
Explorer if you install a JRE and configure the console viewer in iDRAC web
interface before you launch the viewer. See "Configuring Console Redirection in the
iDRAC Web Interface" on page 163 for more information.
You can choose to use the Java viewer instead before you launch the viewer.
If you use the Firefox browser you must install a JRE (or a Java Development
Kit [JDK]) to use the console redirection feature. The console viewer is a Java
application that is downloaded to the management station from the iDRAC Web
interface and then launched with Java Web Start on the management station.
Go to java.sun.com to install a JRE or JDK. Version 1.6 (Java 6.0) or higher is
recommended.
The Java Web Start program is automatically installed with the JRE or JDK. The
file jviewer.jnlp is downloaded to your desktop and a dialog box prompts you
for what action to take. It may be necessary to associate the .jnlp extension type
with the Java Web Start application in your browser. Otherwise, click Open
with and then select the javaws application, which is located in the bin
subdirectory of your JRE installation directory.
NOTE: If the .jnlp file type is not associated with Java Web Start after installing JRE
or JDK, you can set the association manually. For Windows (javaws.exe) click
Start→ Control Panel→ Appearance and Themes→ Folder Options. Under the File
Types tab, highlight .jnlp under Registered file types, and then click Change. For
Linux (javaws), start Firefox, and click Edit→ Preferences→ Downloads, and then
click View and Edit Actions.

Configuring the Management Station

For Linux, once you have installed either JRE or JDK, add a path to the Java bin
directory to the front of your system PATH. For example, if Java is installed in
/usr/java, add the following line to your local .bashrc or /etc/profile:
PATH=/usr/java/bin:$PATH; export PATH
NOTE: There may already be PATH-modification lines in the files. Ensure that the
path information you enter does not create conflicts.

Installing Telnet or SSH Clients
By default, the iDRAC telnet service is disabled and the SSH service is enabled.
Since telnet is an insecure protocol, you should use it only if you cannot install
an SSH client or your network connection is otherwise secured.
NOTE: There can be only one active telnet or SSH connection to the iDRAC at a
time. When there is an active connection, other connection attempts are denied.

Telnet with iDRAC
Telnet is included in Microsoft® Windows® and Linux operating systems and
can be run from a command shell. You may also choose to install a commercial
or freely available telnet client with more convenience features than the standard
version included with your operating system.
If your management station is running Windows XP or Windows 2003, you may
experience an issue with the characters in an iDRAC telnet session.This issue
may occur as a frozen login where the return key does not respond and the
password prompt does not appear.
To fix this issue, download hotfix 824810 from the Microsoft Support website at
support.microsoft.com. See Microsoft Knowledge Base article 824810 for
more information.

Configuring the Backspace Key For Your Telnet Session
Depending on the telnet client, using the key may produce
unexpected results. For example, the session may echo ^h. However, most
Microsoft and Linux telnet clients can be configured to use the
key.
To configure Microsoft telnet clients to use the key, perform the
following steps:

Configuring the Management Station

1 Open a command prompt window (if required).
2 If you are not running a telnet session, type:
telnet
If you are running a telnet session, press <]>.
3 At the prompt, type:
set bsasdel
The following message appears:
Backspace will be sent as delete.
To configure a Linux telnet session to use the key, perform the
following steps:
1 Open a shell and type:
stty erase ^h
2 At the prompt, type:
telnet

SSH With iDRAC
Secure Shell (SSH) is a command line connection with the same capabilities as a
telnet session, but with session negotiation and encryption to improve security.
The iDRAC supports SSH version 2 with password authentication. SSH is
enabled by default on the iDRAC.
You can use PuTTY (Windows) or OpenSSH (Linux) on a management station
to connect to the managed server’s iDRAC. When an error occurs during the
login procedure, the ssh client issues an error message. The message text is
dependent on the client and is not controlled by the iDRAC.
NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on
Windows. Running OpenSSH at the Windows command prompt does not result in
full functionality (that is, some keys do not respond and no graphics are displayed).
Only one telnet or SSH session is supported at any given time. The session
timeout is controlled by the cfgSsnMgtSshIdleTimeout property as
described in "iDRAC Property Database Group and Object Definitions" on
page 305.

Configuring the Management Station

The iDRAC SSH implementation supports multiple cryptography schemes, as
shown in Table 3-1.
NOTE: SSHv1 is not supported.
Table 3-1. Cryptography Schemes
Scheme Type

Scheme

Asymmetric Cryptography

Diffie-Hellman DSA/DSS 512-1024 (random)
bits per NIST specification

Symmetric Cryptography

• AES256-CBC
• RIJNDAEL256-CBC
• AES192-CBC
• RIJNDAEL192-CBC
• AES128-CBC
• RIJNDAEL128-CBC
• BLOWFISH-128-CBC
• 3DES-192-CBC
• ARCFOUR-128

Message Integrity

• HMAC-SHA1-160
• HMAC-SHA1-96
• HMAC-MD5-128
• HMAC-MD5-96

Authentication

• Password

Installing a TFTP Server
NOTE: If you use only the iDRAC Web interface to transfer SSL certificates and
upload new iDRAC firmware, no TFTP server is required.
Trivial File Transfer Protocol (TFTP) is a simplified form of the File Transfer
Protocol (FTP). It is used with the SM-CLP and RACADM command line
interfaces to transfer files to and from the iDRAC.

Configuring the Management Station

The only times when you need to copy files to or from the iDRAC are when you
update the iDRAC firmware or install certificates on the iDRAC. If you choose
to use SM-CLP or RACADM when you perform these tasks, a TFTP server
must be running on a computer the iDRAC can access by IP number or DNS
name.
You can use the netstat -a command on Windows or Linux operating systems to
see if a TFTP server is already listening. Port 69 is the TFTP default port. If no
server is running, you have the following options:
•

Find another computer on the network running a TFTP service

•

If you are using Linux, install a TFTP server from your distribution

•

If you are using Windows, install a commercial or free TFTP server

Installing Dell OpenManage IT Assistant
Your system includes the Dell OpenManage System Management Software Kit.
This kit includes, but is not limited to, the following components:
•

Dell Systems Management Tools and Documentation DVD — Contains all
the latest Dell systems management console products, including Dell
OpenManage IT Assistant; provides the tools you need to configure your
system and delivers firmware, diagnostics, and Dell-optimized drivers for
your system; and helps you stay current with documentation for systems,
systems management software products, peripherals, and RAID controllers.

•

Dell Support website and Readme files — Check Readme files and the Dell
Support website at support.dell.com for the most recent information about
your Dell products.

Use the Dell Systems Management Tools and Documentation DVD to install the
management console software, including Dell OpenManage IT Assistant, on the
management station. For instructions on installing this software, see your Quick
Installation Guide.

Configuring the Management Station

Configuring the Managed Server

This section describes tasks to set up the managed server to enhance your
remote management capabilities. These tasks include installing the Dell Open
Manage Server Administrator software and configuring the managed server to
capture the last crash screen.

Installing the Software on the Managed Server
The Dell management software includes the following features:
•

Local RACADM CLI — allows you to configure and administer the iDRAC
from the managed system. It is a powerful tool for scripting configuration
and management tasks.

•

Server Administrator is required to use the iDRAC last crash screen feature.

•

Server Administrator — a Web interface that allows you to administer the
remote system from a remote host on the network.

•

Server Administrator Instrumentation Service — provides access to detailed
fault and performance information gathered by industry-standard systems
management agents and allows remote administration of monitored systems,
including shutdown, startup, and security.

•

Server Administration Storage Management Service — provides storage
management information in an integrated graphical view.

•

Server Administrator Logs — displays logs of commands issued to or by the
system, monitored hardware events, POST events, and system alerts. You can
view logs on the home page, print or save them as reports, and send them by
e-mail to a designated service contact.

Use the Dell Systems Management Tools and Documentation DVD to install
Server Administrator. For instructions on installing this software, see your Quick
Installation Guide.

Configuring the Managed Server

Configuring the Managed Server to Capture the
Last Crash Screen
The iDRAC can capture the last crash screen so that you can view it in the Web
interface to help troubleshoot the cause of the managed system crash. Follow
these steps to enable the last crash screen feature.
1 Install the managed server software. Dell OpenManage Server Administrator
(OMSA) must be installed. For more information about installing the
managed server software, see the Server Administrator User’s Guide.
2 If you are running a Microsoft® Windows® operating system, ensure that the
Automatically Reboot feature is deselected in the Windows Startup and
Recovery Settings. See "Disabling the Windows Automatic Reboot Option"
on page 67.
3 Enable the Last Crash Screen (disabled by default) in the iDRAC Web
interface.
To enable the Last Crash Screen in the iDRAC Web interface, click
System→ Remote Access→ iDRAC→ Network/Security→ Services, then
check the Enable checkbox under the Automatic System Recovery Agent
Settings heading.
To enable the Last Crash Screen using local RACADM, open a command
prompt on the managed system and type the following command:
racadm config -g cfgRacTuning -o
cfgRacTuneAsrEnable 1
4 In the Server Administrator web-based interface, enable the Auto Recovery
timer and set the Auto Recovery action to Reset, Power Off, or Power
Cycle.
For information about how to configure the Auto Recovery timer, see the
Server Administrator User's Guide. To ensure that the last crash screen can
be captured, the Auto Recovery timer should be set to 60 seconds. The
default setting is 480 seconds.
The last crash screen is not available when the Auto Recovery action is set to
Shutdown or Power Cycle if the managed server is powered off.

Configuring the Managed Server

Disabling the Windows Automatic Reboot Option
To ensure that the iDRAC can capture the last crash screen, disable the
Automatic Reboot option on managed servers running Microsoft Windows
Server® or Windows Vista®.
1 Open the Windows Control Panel and double-click the System icon.
2 Click the Advanced tab.
3 Under Startup and Recovery, click Settings.
4 Deselect the Automatically Reboot check box.
5 Click OK twice.

Configuring the Managed Server

Configuring the iDRAC Using the
Web Interface

The iDRAC provides a Web interface that enables you to configure the iDRAC
properties and users, perform remote management tasks, and troubleshoot a
remote (managed) system for problems. For everyday systems management, use
the iDRAC Web interface. This chapter provides information about how to
perform common systems management tasks with the iDRAC Web interface
and provides links to related information.
Most Web interface configuration tasks can also be performed with local
RACADM commands or with SM-CLP commands.
Local RACADM commands are executed from the managed server. For more
information about local RACADM, see "Using the Local RACADM Command
Line Interface" on page 191.
SM-CLP commands are executed in a shell that can be accessed remotely with a
telnet or SSH connection. For more information about SM-CLP, see "Using the
iDRAC SM-CLP Command Line Interface" on page 215.

Accessing the Web Interface
To access the iDRAC Web interface, perform the following steps:
1 Open a supported Web browser window.
See "Supported Web Browsers" on page 27 for more information.
2 In the Address field, type https:// and press
.
If the default HTTPS port number (port 443) has been changed, type:
https://:

Configuring the iDRAC Using the Web Interface

where iDRAC-IP-address is the IP address for the iDRAC and port-number
is the HTTPS port number.
The iDRAC Login window appears.

Logging In
You can log in as either an iDRAC user or as a Microsoft® Active Directory®
user. The default user name and password are root and calvin, respectively.
You must have been granted Login to iDRAC privilege by the administrator to
log in to the iDRAC.
To log in, perform the following steps:
1 In the Username field, type one of the following:
•

Your iDRAC user name.
The user name for local users is case sensitive. Examples are root,
it_user, or john_doe.

•

Your Active Directory user name.
Active Directory names can be entered in any of the forms
\, /, or @.
They are not case sensitive. Examples are dell.com\john_doe,or
JOHN_DOE@DELL.COM.

2 In the Password field, type your iDRAC user password or Active Directory
user password. Passwords are case sensitive.
3 Click OK or press .

Logging Out
1 In the upper-right corner of the main window, click Logout to close the
session.
2 Close the browser window.
NOTE: The Logout button does not appear until you log in.
NOTE: Closing the browser without gracefully logging out may cause the session
to remain open until it times out. It is strongly recommended that you click the
logout button to end the session; otherwise, the session may remain active until the
session timeout is reached.

Configuring the iDRAC Using the Web Interface

NOTE: Closing the iDRAC Web interface within Microsoft Internet Explorer using
the close button ("x") at the top right corner of the window may generate an
application error. To fix this issue, download the latest Cumulative Security Update
for Internet Explorer from the Microsoft Support website, located at
support.microsoft.com.

Using Multiple Browser Tabs and Windows
Different versions of web browsers exhibit different behaviors when opening
new tabs and windows. Each window is a new session, but each new tab is not.
Microsoft Internet Explorer 6 does not support tabs; therefore, each browser
window opened becomes a new iDRAC Web Interface session. Internet
Explorer 7 has the option to open tabs as well as windows. Each tab inherits the
characteristics of the most recently opened tab. For example, if a user logs in
with Power User privileges on one tab, and then logs in as Administrator on
another tab, both open tabs then have Administrator privileges. Closing any one
tab expires all iDRAC Web Interface tabs.
Tab behavior in Firefox 2 is the same as Internet Explorer 7; new tabs initiate
new sessions. Window behavior in Firefox, however, is different. Firefox
windows will operate with the same privileges as the latest window opened. For
example, if one Firefox window is open with a Power User logged in and
another window is opened with Administrator privileges, both users will now
have Administrator privileges.
Table 5-1. User Privilege Behavior in Supported Browsers
Browser

Tab Behavior

Window Behavior

Microsoft Internet
Explorer 6

Not applicable

New session

Microsoft Internet
Explorer 7

From latest session opened

New session

Firefox 2

From latest session opened

Configuring the iDRAC NIC
This section assumes that the iDRAC has already been configured and is
accessible on the network. See "Configure iDRAC Networking" on page 36 for
help with the initial iDRAC network configuration.

Configuring the iDRAC Using the Web Interface

Configuring the Network and IPMI LAN Settings
NOTE: You must have Configure iDRAC privilege to perform the following steps.
NOTE: Most DHCP servers require a server to store a client identifier token in its
reservations table. The client (iDRAC, for example) must provide this token during
DHCP negotiation. The iDRAC supplies the client identifier option using a one-byte
interface number (0) followed by a six-byte MAC address.
1 Click System→ Remote Access→ iDRAC.
2 Click the Network/Security tab to open the Network Configuration page.
Table 5-2 and Table 5-3 describe the Network Settings and IPMI LAN
Settings on the Network page.
3 When you have completed entering the required settings, click Apply.
4 Click the appropriate button to continue. See Table 5-4.
Table 5-2. Network Settings
Setting

Description

Enable NIC

When checked, indicates that the NIC is enabled and activates the
remaining controls in this group. When a NIC is disabled, all
communication to and from the iDRAC via the network is
blocked.
The default is off.

Media Access
Control (MAC)
Address

Displays the Media Access Control (MAC) address that uniquely
identifies each node in a network. The MAC address cannot be
changed.

Use DHCP (For
NIC IP Address)

Prompts the iDRAC to obtain an IP address for the NIC from the
Dynamic Host Configuration Protocol (DHCP) server. Also
deactivates the Static IP Address, Static Subnet Mask, and
Static Gateway controls.
The default is off.

Static IP Address

Allows you to enter or edit a static IP address for the iDRAC NIC.
To change this setting, deselect the Use DHCP (For NIC IP
Address) checkbox.

Static Subnet Mask Allows you to enter or edit a subnet mask for the iDRAC NIC. To
change this setting, first deselect the Use DHCP (For NIC IP
Address) checkbox.

Configuring the iDRAC Using the Web Interface

Table 5-2. Network Settings (continued)
Setting

Description

Static Gateway

Allows you to enter or edit a static gateway for the iDRAC NIC.
To change this setting, first deselect the Use DHCP (For NIC IP
Address) checkbox.

Use DHCP to
Enable DHCP to obtain DNS server addresses by selecting the
obtain DNS server Use DHCP to obtain DNS server addresses checkbox. When
addresses
not using DHCP to obtain the DNS server addresses, provide the
IP addresses in the Static Preferred DNS Server and Static
Alternate DNS Server fields.
The default is off.

NOTE: When the Use DHCP to obtain DNS server addresses
checkbox is selected, IP addresses cannot be entered into the
Static Preferred DNS Server and Static Alternate DNS Server
fields.
Static Preferred
DNS Server

Allows the user to enter or edit a static IP address for the preferred
DNS server. To change this setting, first deselect the Use DHCP
to obtain DNS server addresses checkbox.

Static Alternate
DNS Server

Uses the secondary DNS server IP address when Use DHCP to
obtain DNS server addresses is not selected. Enter an IP
address of 0.0.0.0 if there is no alternate DNS server.

Register iDRAC on Registers the iDRAC name on the DNS server.
DNS
The default is Disabled.
DNS iDRAC Name Displays the iDRAC name only when Register iDRAC on DNS
is selected. The default name is idrac-service_tag, where
service_tag is the service tag number of the Dell server. For
example: idrac-00002.
Use DHCP for DNS Uses the default DNS domain name. When the box is not selected
Domain Name
and the Register iDRAC on DNS option is selected, modify the
DNS domain name in the DNS Domain Name field.
The default is Disabled.

NOTE: To select the Use DHCP for DNS Domain Name checkbox,
also select the Use DHCP (For NIC IP Address) checkbox.
DNS Domain Name The default DNS Domain Name is blank. When the Use DHCP
for DNS Domain Name checkbox is selected, this option is
grayed out and the field cannot be modified.

Configuring the iDRAC Using the Web Interface

Table 5-2. Network Settings (continued)
Setting

Description

Community String Contains the community string to use in Simple Network
Management Protocol (SNMP) alert traps sent from the iDRAC.
SNMP alert traps are transmitted by the iDRAC when a platform
event occurs. The default is public.
SMTP Server
Address

The IP address of the Simple Mail Transfer Protocol (SMTP)
server that the iDRAC communicates with to send e-mail alerts
when a platform event occurs. The default is 127.0.0.1.

Table 5-3. IPMI LAN Settings
Setting

Description

Enable IPMI Over When checked, indicates that the IPMI LAN channel is enabled.
LAN
The default is off.
Channel Privilege
Level Limit

Configures the maximum privilege level, for the user, that can be
accepted on the LAN channel. Select one of the following
options: Administrator, Operator, or User. The default is
Administrator.

Encryption Key

Configures the encryption key: 0 to 20 hexadecimal characters
(with no blanks allowed). The default is blank.

Table 5-4. Network Configuration Page Buttons
Button

Description

Advanced Settings Opens the Network Security page, allowing the user to enter IP
Range, and IP Blocking attributes.
Print

Prints the Network Configuration values that appear on the
screen.

Refresh

Reloads the Network Configuration page.

Configuring the iDRAC Using the Web Interface

Table 5-4. Network Configuration Page Buttons (continued)
Button

Description

Apply

Saves any new settings made to the network configuration page.

NOTE: Changes to the NIC IP address settings will close all user
sessions and require users to reconnect to the iDRAC Web
interface using the updated IP address settings. All other changes
will require the NIC to be reset, which may cause a brief loss in
connectivity.

Configuring IP Filtering and IP Blocking
NOTE: You must have Configure iDRAC permission to perform the following steps.
1 Click System→ Remote Access→ iDRAC and then click the
Network/Security tab to open the Network Configuration page.
2 Click Advanced Settings to configure the network security settings.
Table 5-5 describes the Network Security page settings.
3 When you have finished configuring the settings, click Apply.
4 Click the appropriate button to continue. See Table 5-6.
Table 5-5. Network Security Page Settings
Settings

Description

IP Range Enabled

Enables the IP Range checking feature, which defines a range of
IP addresses that can access the iDRAC. The default is off.

IP Range Address

Determines the acceptable IP subnet address. The default is
192.168.1.0.

IP Range Subnet
Mask

Defines the significant bit positions in the IP address. The subnet
mask should be in the form of a netmask, where the more
significant bits are all 1's with a single transition to all zeros in the
lower-order bits. The default is 255.255.255.0.

IP Blocking
Enabled

Enables the IP address blocking feature, which limits the number
of failed login attempts from a specific IP address for a
preselected time span. The default is off.

IP Blocking Fail
Count

Sets the number of login failures attempted from an IP address
before the login attempts are rejected from that address. The
default is 10.

Configuring the iDRAC Using the Web Interface

Table 5-5. Network Security Page Settings (continued)
Settings

Description

IP Blocking Fail
Window

Determines the time span in seconds within which IP Block Fail
Count failures must occur to trigger the IP Block Penalty Time.
The default is 3600.

IP Blocking Penalty The time span in seconds that login attempts from an IP address
Time
with excessive failures are rejected. The default is 3600.

Table 5-6. Network Security Page Buttons
Button

Description

Prints the Network Security values that appear on the screen.

Refresh

Reloads the Network Security page.

Apply

Saves any new settings that you made to the Network Security
page.

Go Back to
Network Page

Returns to the Network page.

Configuring Platform Events
Platform event configuration provides a mechanism for configuring the iDRAC
to perform selected actions on certain event messages. The actions include no
action, reboot system, power cycle system, power off system, and generate an
alert (Platform Event Trap [PET] and/or e-mail).
The filterable platform events are listed in Table 5-7.
Table 5-7. Filterable Platform Events
Index

Platform Event

Battery Warning Assert

Battery Critical Assert

Discrete Voltage Critical Assert

Temperature Warning Assert

Temperature Critical Assert

Configuring the iDRAC Using the Web Interface

Table 5-7. Filterable Platform Events
Index

Platform Event

Redundancy Degraded

Redundancy Lost

Processor Warning Assert

Processor Critical Assert

Processor Absent Assert

Event Log Critical Assert

Watchdog Critical Assert

When a platform event occurs (for example, a battery warning assert), a system
event is generated and recorded in the System Event Log (SEL). If this event
matches a platform event filter (PEF) that is enabled and you have configured
the filter to generate an alert (PET or e-mail), then a PET or e-mail alert is sent
to one or more configured destinations.
If the same platform event filter is also configured to perform an action (such as
rebooting the system), the action is performed.

Configuring Platform Event Filters (PEF)
NOTE: Configure platform event filters before you configure the platform event
traps or e-mail alert settings.
1 Log in to the iDRAC Web interface. See "Accessing the Web Interface" on
page 69.
2 Click System and then the Alert Management tab.
3 On the Platform Events page, enable Alert Generation for an event by
clicking the corresponding Generate Alert checkbox for that event.
NOTE: You can enable or disable Alert Generation for all events by clicking the
checkbox next to the Generate Alert column heading.
4 Click the radio button below the action you would like to enable for each
event. Only one action can be set for each event.
5 Click Apply.
NOTE: Generate Alert must be enabled for an alert to be sent to any valid,
configured destination (PET or e-mail).
Configuring the iDRAC Using the Web Interface

Configuring Platform Event Traps (PET)
NOTE: You must have Configure iDRAC permission to add or enable/disable an
SNMP alert. The following options will not be available if you do not have Configure
iDRAC permission.
1 Log in to the remote system using a supported Web browser. See "Accessing
the Web Interface" on page 69.
2 Ensure that you followed the procedures in "Configuring Platform Event
Filters (PEF)" on page 77.
3 Configure your PET destination IP address:
a

Click the Enable checkbox next to the Destination Number you would
like to activate.

Enter an IP address in the Destination IP Address box.
NOTE: The destination community string must be the same as the iDRAC
community string.

Click Apply.
NOTE: To successfully send a trap, configure the Community String value on
the Network Configuration page. The Community String value indicates the
community string to use in a Simple Network Management Protocol (SNMP)
alert trap sent from the iDRAC. SNMP alert traps are transmitted by the iDRAC
when a platform event occurs. The default setting for the Community String is
Public.

Click Send to test the configured alert (if desired).

Repeat step a through step d for any remaining destination numbers.

Configuring E-Mail Alerts
1 Log in to the remote system using a supported Web browser.
2 Ensure that you followed the procedures in "Configuring Platform Event
Filters (PEF)" on page 77.
3 Configure your e-mail alert settings.
a

On the Alert Management tab, click Email Alert Settings.

4 Configure your e-mail alert destination.
a

In the Email Alert Number column, click a destination number. There
are four possible destinations to receive alerts.

Configuring the iDRAC Using the Web Interface

Ensure that the Enabled checkbox is selected.

In the Destination Email Address field, type a valid e-mail address.

Click Apply.
NOTE: To successfully send a test e-mail, the SMTP Server Address must be
configured on the Network Configuration page. The IP address of the SMTP
Server communicates with the iDRAC to send e-mail alerts when a platform
event occurs.

Click Send to test the configured e-mail alert (if desired).

Repeat step a through step e for any remaining e-mail alert settings.

Configuring IPMI
1 Log in to the remote system using a supported Web browser.
2 Configure IPMI over LAN.
a

Click System→ Remote Access→ iDRAC, then click the
Network/Security.

In the Network Configuration page under IPMI LAN Settings, select
Enable IPMI Over LAN.

Update the IPMI LAN channel privileges, if required:
NOTE: This setting determines the IPMI commands that can be executed
from the IPMI over LAN interface. For more information, see the IPMI 2.0
specifications.
Under IPMI LAN Settings, click the Channel Privilege Level Limit
drop-down menu, select Administrator, Operator, or User and click
Apply.

Set the IPMI LAN channel encryption key, if required.
NOTE: The iDRAC IPMI supports the RMCP+ protocol.
NOTE: The encryption key must consist of an even number of hexadecimal
characters with a maximum length of 20 characters.
Under IPMI LAN Settings in the Encryption Key field, type the
encryption key.

Click Apply.

3 Configure IPMI Serial over LAN (SOL).
Configuring the iDRAC Using the Web Interface

Click System→ Remote Access→ iDRAC.

Click the Network Security tab, then click Serial Over LAN.

On the Serial Over LAN Configuration page, click the Enable Serial
Over LAN checkbox to enable Serial over LAN.

Update the IPMI SOL baud rate.
NOTE: To redirect the serial console over the LAN, ensure that the SOL baud
rate is identical to your managed server’s baud rate.
Click the Baud Rate drop-down menu to select a data speed of
19.2 kbps, 57.6 kbps or 115.2 kbps.

Click Apply.

Adding and Configuring iDRAC Users
To manage your system with the iDRAC and maintain system security, create
unique users with specific administrative permissions (or role-based authority).
To add and configure iDRAC users, perform the following steps:
NOTE: You must have Configure iDRAC permission to perform the following steps.
1 Click System→ Remote Access→ iDRAC and then click the
Network/Security tab.
2 Open the Users page to configure users.
The Users page displays each user’s User ID, State, Username, IPMI LAN
Privileges, iDRAC Privileges, and Serial Over LAN.
NOTE: User-1 is reserved for the IPMI anonymous user and is not configurable.
3 In the User ID column, click a user ID number.
4 On the User Configuration page, configure the user’s properties and
privileges.
Table 5-8 describes the General settings for configuring an iDRAC user
name and password.
Table 5-9 describes the IPMI LAN Privileges for configuring the user’s
LAN privileges.
Table 5-10 describes the User Group permissions for the IPMI LAN
Privileges and the iDRAC User Privileges settings.

Configuring the iDRAC Using the Web Interface

Table 5-11 describes the iDRAC Group permissions. If you add an iDRAC
User Privilege to the Administrator, Power User, or Guest User, the
iDRAC Group will change to the Custom group.
5 When completed, click Apply.
6 Click the appropriate button to continue. See Table 5-12.
Table 5-8. General Properties
Property

Description

User ID

Contains one of 16 preset User ID numbers. This field
cannot be edited.

Enable User

When checked, indicates that the user’s access to the
iDRAC is enabled. When unchecked, user access is
disabled.

Username

Specifies an iDRAC user name with up to 16 characters.
Each user must have a unique user name.

NOTE: User names on the iDRAC cannot include the /
(forward slash) or . (period) characters.
NOTE: If the user name is changed, the new name will not
appear in the user interface until the next user login.
Change Password

Enables the New Password and Confirm New Password
fields. When unchecked, the user’s Password cannot be
changed.

New Password

Enables editing the iDRAC user’s password. Enter a
Password with up to 20 characters. The characters will not
display.

Confirm New Password

Retype the iDRAC user’s password to confirm.

Table 5-9. IPMI LAN User Privileges
Property

Description

Maximum LAN User
Privilege Granted

Specifies the user’s maximum privilege on the IPMI LAN
channel to one of the following user groups: None,
Administrator, Operator, or User.

Enable Serial Over LAN Allows the user to use IPMI Serial Over LAN. When
checked, this privilege is enabled.

Configuring the iDRAC Using the Web Interface

Table 5-10. iDRAC User Privileges
Property

Description

iDRAC Group

Specifies the user’s maximum iDRAC user privilege as one
of the following: Administrator, Power User, Guest User,
Custom, or None.
See Table 5-11 for iDRAC Group permissions.

Enables the user to log in to the iDRAC.

Configure iDRAC

Enables the user to configure the iDRAC.

Configure Users

Enables the user to allow specific users to access the
system.

Clear Logs

Enables the user to clear the iDRAC logs.

Execute Server Control
Commands

Enables the user to execute RACADM commands.

Access Console
Redirection

Enables the user to run Console Redirection.

Access Virtual Media

Enables the user to run and use Virtual Media.

Test Alerts

Enables the user to send test alerts (e-mail and PET) to a
specific user.

Execute Diagnostic
Commands

Enables the user to run diagnostic commands.

Table 5-11. iDRAC Group Permissions
User Group

Permissions Granted

Administrator

Login to iDRAC, Configure iDRAC, Configure Users, Clear
Logs, Execute Server Control Commands, Access Console
Redirection, Access Virtual Media, Test Alerts, Execute
Diagnostic Commands

Power User

Login to iDRAC, Clear Logs, Execute Server Control
Commands, Access Console Redirection, Access Virtual
Media, Test Alerts

Guest User

Configuring the iDRAC Using the Web Interface

Table 5-11. iDRAC Group Permissions
User Group

Permissions Granted

Custom

Selects any combination of the following permissions: Login to
iDRAC, Configure iDRAC, Configure Users, Clear Logs,
Execute Server Action Commands, Access Console
Redirection, Access Virtual Media, Test Alerts, Execute
Diagnostic Commands

None

No assigned permissions

Table 5-12. User Configuration Page Buttons
Button

Action

Prints the User Configuration values that appear on the screen.

Refresh

Reloads the User Configuration page.

Apply

Saves any new settings made to the user configuration.

Go Back To Users
Page

Returns to the Users Page.

Securing iDRAC Communications Using SSL and
Digital Certificates
This section provides information about the following data security features that
are incorporated in your iDRAC:
•

Secure Sockets Layer (SSL)

•

Certificate Signing Request (CSR)

•

Accessing the SSL main menu

•

Generating a new CSR

•

Uploading a server certificate

•

Viewing a server certificate

Configuring the iDRAC Using the Web Interface

Secure Sockets Layer (SSL)
The iDRAC includes a Web server that is configured to use the industrystandard SSL security protocol to transfer encrypted data over a network. Built
upon public-key and private-key encryption technology, SSL is a widely
accepted technology for providing authenticated and encrypted communication
between clients and servers to prevent eavesdropping across a network.
An SSL-enabled system can perform the following tasks:
•

Authenticate itself to an SSL-enabled client

•

Allow the client to authenticate itself to the server

•

Allow both systems to establish an encrypted connection

The encryption process provides a high level of data protection. The iDRAC
employs the 128-bit SSL encryption standard, the most secure form of
encryption generally available for Internet browsers in North America.
The iDRAC Web server has a Dell self-signed SSL digital certificate (Server
ID) by default. To ensure high security over the Internet, replace the Web server
SSL certificate with a certificate signed by a well-known certificate authority.
To initiate the process of obtaining a signed certificate, you can use the iDRAC
Web interface to generate a Certificate Signing Request (CSR) with your
company’s information. You can then submit the generated CSR to a CA such as
VeriSign or Thawte.

Certificate Signing Request (CSR)
A CSR is a digital request to a Certificate Authority (CA) for a secure server
certificate. Secure server certificates allow clients of the server to trust the
identity of the server they have connected to and to negotiate an encrypted
session with the server.
A Certificate Authority is a business entity that is recognized in the IT industry
for meeting high standards of reliable screening, identification, and other
important security criteria. Examples of CAs include Thawte and VeriSign.
After the CA receives a CSR, they review and verify the information the CSR
contains. If the applicant meets the CA’s security standards, the CA issues a
digitally-signed certificate that uniquely identifies that applicant for transactions
over networks and on the Internet.

Configuring the iDRAC Using the Web Interface

After the CA approves the CSR and sends the certificate, upload the certificate
to the iDRAC firmware. The CSR information stored on the iDRAC firmware
must match the information contained in the certificate.

Accessing the SSL Main Menu
1 Click System→Remote Access→iDRAC, then click the Network/Security
tab.
2 Click SSL to open the SSL Main Menu page.
Use the SSL Main Menu page to generate a CSR to send to a CA. The CSR
information is stored on the iDRAC firmware.
Table 5-13 describes the options available when generating a CSR.
Table 5-14 describes the available buttons on the SSL Main Menu page.
Table 5-13. SSL Main Menu Options
Field

Description

Generate a New
Certificate Signing
Request (CSR)

Select the option and click Next to open the Generate
Certificate Signing Request (CSR) page.

NOTE: Each new CSR overwrites any previous CSR on the
firmware. For a CA to accept your CSR, the CSR in the
firmware must match the certificate returned from the CA.

Upload Server
Certificate

Select the option and click Next to open the Certificate
Upload page and upload the certificate sent to you by the CA.

NOTE: Only X509, Base 64-encoded certificates are accepted
by the iDRAC. DER-encoded certificates are not accepted.
View Server Certificate Select the option and click Next to open the View Server
Certificate page and view an existing server certificate.

Table 5-14. SSL Main Menu Buttons
Button

Description

Prints the SSL Main Menu values that appear on the screen.

Refresh

Reloads the SSL Main Menu page.

Processes the information on the SSL Main Menu page and
continues to the next step.

Configuring the iDRAC Using the Web Interface

Generating a New Certificate Signing Request
NOTE: Each new CSR overwrites any previous CSR data stored in the firmware.
The CSR in the firmware must match the certificate returned from the CA.
Otherwise, the iDRAC will not accept the certificate.
1 On the SSL Main Menu page, select Generate a New Certificate Signing
Request (CSR) and click Next.
2 On the Generate Certificate Signing Request (CSR) page, enter a value for
each CSR attribute.
Table 5-15 describes the Generate Certificate Signing Request (CSR) page
options.
3 Click Generate to create the CSR.
4 Click Download to save the CSR file to your local computer.
5 Click the appropriate button to continue. See Table 5-16.
Table 5-15. Generate Certificate Signing Request (CSR) Page Options
Field

Description

Common Name

The exact name being certified (usually the Web server's
domain name, for example, www.xyzcompany.com). Only
alphanumeric characters, hyphens, underscores, and periods
are valid. Spaces are not valid.

Organization Name

The name associated with this organization (for example,
XYZ Corporation). Only alphanumeric characters, hyphens,
underscores, periods and spaces are valid.

Organization Unit

The name associated with an organizational unit, such as a
department (for example, Information Technology). Only
alphanumeric characters, hyphens, underscores, periods, and
spaces are valid.

Locality

The city or other location of the entity being certified (for
example, Round Rock). Only alphanumeric characters and
spaces are valid. Do not separate words using an underscore
or other character.

State Name

The state or province where the entity who is applying for a
certification is located (for example, Texas). Only
alphanumeric characters and spaces are valid. Do not use
abbreviations.

Configuring the iDRAC Using the Web Interface

Table 5-15. Generate Certificate Signing Request (CSR) Page Options (continued)
Field

Description

Country Code

The name of the country where the entity applying for
certification is located.

The e-mail address associated with the CSR. Type the
company’s e-mail address, or any e-mail address associated
with the CSR. This field is optional.

Table 5-16. Generate Certificate Signing Request (CSR) Page Buttons
Button

Description

Prints the Generate Certificate Signing Request values that
appear on the screen.

Refresh

Reloads the Generate Certificate Signing Request page.

Generate

Generates a CSR and then prompts the user to save it to a
specified directory.

Download

Downloads the certificate to the local computer.

Go Back to SSL Main
Menu

Returns the user to the SSL Main Menu page.

Uploading a Server Certificate
1 In the SSL Main Menu page, select Upload Server Certificate and click
Next.
The Certificate Upload page appears.
2 In the File Path field, type the path to the certificate or click Browse to
navigate to the certificate file.
NOTE: The File Path value displays the relative file path of the certificate you are
uploading. You must type the absolute file path, which includes the full path and the
complete file name and file extension.
3 Click Apply.
4 Click the appropriate button to continue. See Table 5-17.

Configuring the iDRAC Using the Web Interface

Table 5-17. Certificate Upload Page Buttons
Button

Description

Prints the values that appear on the Certificate Upload page.

Refresh

Reloads the Certificate Upload page.

Apply

Applies the certificate to the iDRAC firmware.

Go Back to SSL Main Returns the user to the SSL Main Menu page.
Menu

Viewing a Server Certificate
1 On the SSL Main Menu page, select View Server Certificate and click
Next.
Table 5-18 describes the fields and associated descriptions listed in the
Certificate window.
2 Click the appropriate button to continue. See Table 5-19.
Table 5-18. Certificate Information
Field

Description

Serial Number

Certificate serial number

Subject Information

Certificate attributes entered by the subject

Issuer Information

Certificate attributes returned by the issuer

Valid From

Issue date of the certificate

Valid To

Expiration date of the certificate

Table 5-19. View Server Certificate Page Buttons
Button

Description

Prints the View Server Certificate values that appear on the
screen.

Refresh

Reloads the View Server Certificate page.

Go Back to SSL Main Return to the SSL Main Menu page.
Menu

Configuring the iDRAC Using the Web Interface

Configuring and Managing Active Directory
Certificates
NOTE: You must have Configure iDRAC permission to configure Active Directory
and upload, download, and view an Active Directory certificate.
NOTE: For more information about Active Directory configuration and how to
configure Active Directory with the standard schema or an extended schema, see
"Using the iDRAC with Microsoft Active Directory" on page 103.
To access the Active Directory Main Menu:
1 Click System→Remote Access→iDRAC, and then click the
Network/Security tab.
2 Click Active Directory to open the Active Directory Main Menu page.
Table 5-20 lists the Active Directory Main Menu page options.
3 Click the appropriate button to continue. See Table 5-20.
Table 5-20. Active Directory Main Menu Page Options
Field

Description

Configure Active
Directory

Configures the Active Directory ROOT Domain Name,
Active Directory Authentication Timeout, Active
Directory Schema Selection, iDRAC Name, iDRAC
Domain Name, Role Groups, Group Name, and Group
Domain settings.

Upload Active
Directory CA
Certificate

Uploads an Active Directory certificate to the iDRAC.

Download iDRAC
Server Certificate

The Windows Download Manager downloads an iDRAC
server certificate to the system.

View Active Directory Displays an Active Directory Certificate that has been
CA Certificate
uploaded to the iDRAC.

Configuring the iDRAC Using the Web Interface

Table 5-21. Active Directory Main Menu Page Buttons
Button

Definition

Prints the Active Directory Main Menu values that appear on
the screen.

Refresh

Reloads the Active Directory Main Menu page.

Processes the information on the Active Directory Main
Menu page and continues to the next step.

Configuring Active Directory (Standard Schema and Extended Schema)
1 On the Active Directory Main Menu page, select Configure Active
Directory and click Next.
2 On the Active Directory Configuration page, enter the Active Directory
settings.
Table 5-22 describes the Active Directory Configuration and
Management page settings.
3 Click Apply to save the settings.
4 Click the appropriate button to continue. See Table 5-23.
5 To configure the Role Groups for Active Directory Standard Schema, click
on the individual Role Group (1-5). See Table 5-24 and Table 5-25.
NOTE: To save the settings on the Active Directory Configuration page, click
Apply before proceeding to the Custom Role Group page.
Table 5-22. Active Directory Configuration Page Settings
Setting

Description

Enable Active
Directory

When checked, enables Active Directory. The default is
disabled.

ROOT Domain Name The Active Directory ROOT domain name. This default is
blank.
The name must be a valid domain name consisting of x.y,
where x is a 1-254 character ASCII string with no spaces
between characters, and y is a valid domain type such as com,
edu, gov, int, mil, net, or org. The default is blank.

Configuring the iDRAC Using the Web Interface

Table 5-22. Active Directory Configuration Page Settings (continued)
Setting

Description

Timeout

The time, in seconds, to wait for Active Directory queries to
complete. Minimum value is equal to or greater than
15 seconds. The default value is 120.

Use Standard Schema Uses standard schema with Active Directory.
Use Extended Schema Uses the extended schema with Active Directory.
iDRAC Name

The name that uniquely identifies the iDRAC in Active
Directory. This default is blank.
The name must be a 1-254 character ASCII string with no
spaces between characters.

iDRAC Domain Name The DNS name of the domain, where the Active Directory
iDRAC object resides. This default is blank.
The name must be a valid domain name consisting of x.y,
where x is a 1-254 character ASCII string with no spaces
between characters, and y is a valid domain type such as com,
edu, gov, int, mil, net, or org.
Role Groups

The list of role groups associated with the iDRAC.
To change the settings for a role group, click their role group
number, in the role groups list.

Group Name

The name that identifies the role group in the Active Directory
associated with the iDRAC. This default is blank.

Group Domain

The domain type where the Role Group resides.

Table 5-23. Active Directory Configuration Page Buttons
Button

Description

Prints the Active Directory Configuration values that appear
on the screen.

Refresh

Reloads the Active Directory Configuration page.

Apply

Saves any new settings made to the Active Directory
Configuration page.

Go Back to Active
Returns to the Active Directory Main Menu page.
Directory Main Menu

Configuring the iDRAC Using the Web Interface

Table 5-24. Role Group Privileges
Setting

Description

Role Group Privilege Level

Specifies the user’s maximum iDRAC user
privilege as one of the following:
Administrator, Power User, Guest User,
None, or Custom.
See Table 5-25 for Role Group permissions.

Allows the group log in access to the iDRAC.

Configure iDRAC

Allows the group permission to configure the
iDRAC.

Configure Users

Allows the group permission to configure users.

Clear Logs

Allows the group permission to clear logs.

Execute Server Control Commands Allows the group permission to execute server
control commands.
Access Console Redirection

Allows the group access to Console Redirection.

Access Virtual Media

Allows the group access to Virtual Media.

Test Alerts

Allows the group to send test alerts (e-mail and
PET) to a specific user.

Execute Diagnostic Commands

Allows the group permission to execute
diagnostic commands.

Table 5-25. Role Group Permissions
Property

Description

Administrator

Login to iDRAC, Configure iDRAC,
Configure Users, Clear Logs, Execute Server
Control Commands, Access Console
Redirection, Access Virtual Media, Test
Alerts, Execute Diagnostic Commands

Power User

Login to iDRAC, Clear Logs, Execute Server
Control Commands, Access Console
Redirection, Access Virtual Media, Test
Alerts

Guest User

Configuring the iDRAC Using the Web Interface

Table 5-25. Role Group Permissions (continued)
Property

Description

Custom

Selects any combination of the following
permissions: Login to iDRAC, Configure
iDRAC, Configure Users, Clear Logs,
Execute Server Action Commands, Access
Console Redirection, Access Virtual Media,
Test Alerts, Execute Diagnostic Commands

None

No assigned permissions

Uploading an Active Directory CA Certificate
1 On the Active Directory Main Menu page, select Upload Active Directory
CA Certificate and click Next.
2 On the Certificate Upload page, type the file path of the certificate in the
File Path field, or click Browse to navigate to the certificate file.
NOTE: The File Path value displays the relative file path of the certificate you are
uploading. You must type the absolute file path, which includes the full path and the
complete file name and file extension.
Ensure that the domain controller’s SSL certificates have been signed by the
same Certificate Authority and that this Certificate is available on the
management station accessing the iDRAC.
3 Click Apply.
4 Click the appropriate button to continue. See Table 5-26.
Table 5-26. Certificate Upload Page Buttons
Button

Description

Prints the Certificate Upload values that appear on the
screen.

Refresh

Reloads the Certificate Upload page.

Apply

Applies the certificate to the iDRAC firmware.

Go Back to Active
Returns to the Active Directory Main Menu page.
Directory Main Menu

Configuring the iDRAC Using the Web Interface

Downloading an iDRAC Server Certificate
1 On the Active Directory Main Menu page, select Download iDRAC
Server Certificate and click Next.
2 Save the file to a directory on your system.
3 In the Download Complete window, click Close.

Viewing an Active Directory CA Certificate
Use the Active Directory Main Menu page to view a CA server certificate for
your iDRAC.
1 On the Active Directory Main Menu page, select View Active Directory
CA Certificate and click Next.
Table 5-27 describes the fields and associated descriptions listed in the
Certificate window.
2 Click the appropriate button to continue. See Table 5-28.
Table 5-27. Active Directory CA Certificate Information
Field

Description

Serial Number

Certificate serial number.

Subject Information

Certificate attributes entered by the subject.

Issuer Information

Certificate attributes returned by the issuer.

Valid From

Certificate issue date.

Valid To

Certificate expiration date.

Table 5-28. View Active Directory CA Certificate Page Buttons
Button

Description

Prints the Active Directory CA Certificate values that
appear on the screen.

Refresh

Reloads the Active Directory CA Certificate page.

Go Back to Active
Returns the user to the Active Directory Main Menu page.
Directory Main Menu

Configuring the iDRAC Using the Web Interface

Enabling or Disabling Local Configuration Access
NOTE: The default setting for local configuration access is Enabled.

Enabling Local Configuration Access
1 Click System→ Remote Access→ iDRAC→ Network/Security.
2 Under Local Configuration, click to uncheck Disable iDRAC local USER
Configuration Updates to enable access.
3 Click Apply.
4 Click the appropriate button to continue.

Disabling Local Configuration Access
1 Click System→ Remote Access→ iDRAC→ Network/Security.
2 Under Local Configuration, click to check Disable iDRAC local USER
Configuration Updates to disable access.
3 Click Apply.
4 Click the appropriate button to continue.

Configuring iDRAC Services
NOTE: To modify these settings, you must have Configure iDRAC permission.
NOTE: When you apply changes to services, the changes take effect immediately.
Existing connections may be terminated without warning.
NOTE: There is a known issue with the Telnet client supplied with Microsoft
Windows communicating with a BMU. Use another Telnet client such as
HyperTerminal or PuTTY.
1 Click System→ Remote Access→ iDRAC, and then click the
Network/Security tab.
2 Click Services to open the Services configuration page.
3 Configure the following services, as required:
•

Web server — see Table 5-29 for Web server settings

•

SSH — see Table 5-30 for SSH settings

•

Telnet — see Table 5-31 for telnet settings

Configuring the iDRAC Using the Web Interface

•

Automated System Recovery Agent — see Table 5-32 for Automated
System Recovery Agent settings

4 Click Apply.
5 Click the appropriate button to continue. See Table 5-33.
Table 5-29. Web Server Settings
Setting

Description

Enabled

Enables or disables the iDRAC web server. When checked,
the checkbox indicates that the web server is enabled. The
default is enabled.

Max Sessions

The maximum number of simultaneous sessions allowed for
this system. This field is not editable. There can be four
simultaneous sessions.

Current Sessions

The number of current sessions on the system, less than or
equal to the Max Sessions. This field is not editable.

Timeout

The time, in seconds, that a connection is allowed to remain
idle. The session is cancelled when the timeout is reached.
Changes to the timeout setting take affect immediately and
will reset the web server. Timeout range is 60 to 10,800
seconds. The default is 1,800 seconds.

HTTP Port Number

The port on which the iDRAC listens for a browser
connection. The default is 80.

HTTPS Port Number

The port on which the iDRAC listens for a secure browser
connection. The default is 443.

Table 5-30. SSH Settings
Setting

Description

Enabled

Enables or disables SSH. When checked, the checkbox
indicates that SSH is enabled.

Max Sessions

The maximum number of simultaneous sessions allowed for
this system. Only one session is supported.

Active Sessions

The number of current sessions on the system.

Configuring the iDRAC Using the Web Interface

Table 5-30. SSH Settings (continued)
Setting

Description

Timeout

The secure shell idle timeout, in seconds. Timeout range is 60
to 10,800 seconds. Enter 0 seconds to disable the Timeout
feature. The default is 1,800.

Port Number

The port on which the iDRAC listens for an SSH connection.
The default is 22.

Table 5-31. Telnet Settings
Setting

Description

Enabled

Enables or disables telnet. When checked, telnet is enabled.

Max Sessions

The maximum number of simultaneous sessions allowed for
this system. Only one session is supported.

Active Sessions

The number of current sessions on the system.

Timeout

The telnet idle timeout, in seconds. Timeout range is 60 to
10,800 seconds. Enter 0 seconds to disable the Timeout
feature. The default is 1,800.

Port Number

The port on which the iDRAC listens for a telnet connection.
The default is 23.

Table 5-32. Automated System Recovery Agent Setting
Setting

Description

Enabled

Enables the Automated System Recovery Agent.

Table 5-33. Services Page Buttons
Button

Description

Prints the Services page.

Refresh

Refreshes the Services page.

Apply Changes

Applies the Services page settings.

Configuring the iDRAC Using the Web Interface

Updating the iDRAC Firmware
NOTE: If the iDRAC firmware becomes corrupted, as could occur if the iDRAC
firmware update progress is interrupted before it completes, you can recover the
iDRAC using the CMC. See your CMC Firmware User Guide for instructions. The
CMC Web interface (CMC 2.0 or later) also provides a One-to-Many Out-of-Band
iDRAC firmware update capacity that can be used at any time.
NOTE: The firmware update, by default, retains the current iDRAC settings. During
the update process, you have the option to reset the iDRAC configuration to the
factory defaults. If you set the configuration to the factory defaults external network
access will be disabled when the update completes. You must enable and configure
the network using the iDRAC Configuration Utility or the CMC Web interface.
1 Start the iDRAC Web interface.
2 Click System→ Remote Access→ iDRAC, then click the Update tab.
NOTE: To update the firmware, the iDRAC must be placed in an update mode.
Once in this mode, the iDRAC will automatically reset, even if you cancel the
update process.

3 On the Firmware Update page, click Next to start the update process.
4 In the Firmware Update - Upload (page 1 of 4) window, click Browse, or
type the path to the firmware image that you downloaded.
For example:
C:\Updates\V1.0\.
The default firmware image name is firmimg.imc.
5 Click Next.
•

The file will be uploaded to the iDRAC. This may take several minutes
to complete.
OR

•

You can click Cancel at this time, if you would like to end the firmware
upgrade process. Clicking Cancel will reset the iDRAC to normal
operating mode.

Configuring the iDRAC Using the Web Interface

6 In the Firmware Update - Validation (page 2 of 4) window, you will see the
results of the validation performed on the image file you uploaded.
•

If the image file uploaded successfully and passed all verification
checks, a message will appear indicating that the firmware image has
been verified.
OR

•

If the image did not upload successfully, or it did not pass the
verification checks, the firmware update will return to the Firmware
Update - Upload (page 1 of 4) window. You can attempt to upgrade the
iDRAC again or click Cancel to reset the iDRAC to normal operating
mode.

NOTE: If you deselect the Preserve Configuration checkbox, the iDRAC will be
reset to its default settings. In the default settings, the LAN is disabled. You will not
be able to log in to the iDRAC Web interface. You will have to reconfigure the LAN
settings using the CMC Web interface or iKVM using the iDRAC Configuration Utility
during BIOS POST.
7 By default the Preserve Configuration checkbox is checked, to preserve the
current settings on the iDRAC after an upgrade. If you do not want the
settings to be preserved, deselect the Preserve Configuration checkbox.
8 Click Begin Update to start the upgrade process. Do not interrupt the
upgrade process.
9 In the Firmware Update - Updating (page 3 of 4) window, you will see the
status of the upgrade. The progress of the firmware upgrade operation,
measured in percentages, will appear in the Progress column.
10 Once the firmware update is complete, the Firmware Update - Update
Results (page 4 of 4) window will appear and the iDRAC will reset
automatically. You must close the current browser window and reconnect to
the iDRAC using a new browser window.

Recovering iDRAC Firmware Using the CMC
Typically, the iDRAC firmware is updated using iDRAC facilities such as the
iDRAC Web interface, or operating system specific update packages
downloaded from support.dell.com.

Configuring the iDRAC Using the Web Interface

If the iDRAC firmware becomes corrupted, as could occur if the iDRAC
firmware update progress is interrupted before it completes, you can use the
CMC Web interface to update its firmware.
If the CMC detects the corrupted iDRAC firmware, the iDRAC is listed on the
Updatable Components page in the CMC Web interface.
NOTE: See the CMC Firmware User Guide for instructions for using the CMC Web
interface.
To update the iDRAC firmware, perform the following steps:
1 Download the latest iDRAC firmware to your management computer from
support.dell.com.
2 Log in to the CMC Web-based interface.
3 Click Chassis in the system tree.
4 Click the Update tab. The Updatable Components page appears. The server
with the recoverable iDRAC is included in the list if it is able to be recovered
from the CMC.
5 Click server-n, where n is the number of the server whose iDRAC you want
to recover.
6 Click Browse, to browse to the iDRAC firmware image you downloaded,
and click Open.
7 Click Begin Firmware Update.
After the firmware image file has been uploaded to the CMC, the iDRAC will
update itself with the image.

100

Configuring the iDRAC Using the Web Interface

101

102

Configuring the iDRAC Using the Web Interface

Using the iDRAC with Microsoft
Active Directory

A directory service maintains a common database of all information needed for
controlling users, computers, printers, and other devices on a network. If your
company uses the Microsoft® Active Directory® service software, you can
configure the software to provide access to the iDRAC, allowing you to add and
control iDRAC user privileges to your existing users in your Active Directory
software.
NOTE: Using Active Directory to recognize iDRAC users is supported on the
Microsoft Windows® 2000 and Windows Server® 2003 operating systems.
You can use Active Directory to define user access on iDRAC through an
extended schema solution which uses Dell-defined Active Directory objects or a
standard schema solution which uses Active Directory group objects only.

Advantages and Disadvantages of Extended
Schema and Standard Schema
When using Active Directory to configure access to the iDRAC, you must
choose either the extended schema or the standard schema solution.
The advantages of using the extended schema solution are:
•

All of the access control objects are maintained in Active Directory.

•

Maximum flexibility in configuring user access on different iDRACs with
different privilege levels.

The advantages of using the standard schema solution are:
•

No schema extension is required because standard schema uses Active
Directory objects only.

•

Configuration on the Active Directory side is simple.

Using the iDRAC with Microsoft Active Directory

103

Extended Schema Active Directory Overview
There are three ways to enable Active Directory with the extended schema:
•

With the iDRAC Web interface (see "Configuring the iDRAC With Extended
Schema Active Directory Using the Web Interface" on page 119).

•

With the RACADM CLI tool (see "Configuring the iDRAC With Extended
Schema Active Directory Using RACADM" on page 120).

•

With the SM-CLP command line (see "Configuring the iDRAC With
Extended Schema Active Directory and SM-CLP" on page 121).

Active Directory Schema Extensions
The Active Directory data is a distributed database of Attributes and Classes.
The Active Directory schema includes the rules that determine the type of data
that can be added or included in the database. The user class is one example of a
Class that is stored in the database. Some example user class attributes can
include the user’s first name, last name, phone number, and so on. Companies
can extend the Active Directory database by adding their own unique Attributes
and Classes to solve environment-specific needs. Dell has extended the schema
to include the Attributes and Classes to support remote management
Authentication and Authorization.
Each Attribute or Class that is added to an existing Active Directory Schema
must be defined with a unique ID. To maintain unique IDs across the industry,
Microsoft maintains a database of Active Directory Object Identifiers (OIDs) so
that when companies add extensions to the schema, they can be guaranteed to be
unique and not to conflict with each other. To extend the schema in Microsoft
Active Directory, Dell received unique OIDs, unique name extensions, and
uniquely linked attribute IDs for the attributes and classes we added to the
directory service, as shown in Table 6-1.
Table 6-1. Dell Active Directory Object Identifiers
Active Directory Service Class

Active Directory OID

Dell extension

dell

Dell base OID

1.2.840.113556.1.8000.1280

RAC LinkID range

12070 to 12079

104

Using the iDRAC with Microsoft Active Directory

Overview of the RAC Schema Extensions
To provide the greatest flexibility in the multitude of customer environments,
Dell provides a group of properties that can be configured by the user depending
on the desired results. Dell has extended the schema to include an Association,
Device, and Privilege property. The Association property is used to link together
the users or groups with a specific set of privileges to one or more RAC devices.
This model provides an Administrator maximum flexibility over the different
combinations of users, RAC privileges, and RAC devices on the network
without adding too much complexity.

Active Directory Object Overview
For each of the physical RACs on the network that you want to integrate with
Active Directory for Authentication and Authorization, create at least one
Association Object and one RAC Device Object. You can create multiple
Association Objects, and each Association Object can be linked to as many
users, groups of users, or RAC Device Objects as required. The users and RAC
Device Objects can be members of any domain in the enterprise.
However, each Association Object can be linked (or, may link users, groups of
users, or RAC Device Objects) to only one Privilege Object. This example
allows an Administrator to control each user’s privileges on specific RACs.
The RAC Device object is the link to the RAC firmware for querying Active
Directory for authentication and authorization. When a RAC is added to the
network, the Administrator must configure the RAC and its device object with
its Active Directory name so users can perform authentication and authorization
with Active Directory. The Administrator must add the RAC to at least one
Association Object in order for users to authenticate.
Figure 6-1 illustrates that the Association Object provides the connection that is
needed for all of the Authentication and Authorization.

Using the iDRAC with Microsoft Active Directory

105

Figure 6-1. Typical Setup for Active Directory Objects

Association Object

User(s) Group(s)

Privilege Object

RAC Device Object(s)

RAC Privilege Object

NOTE: The RAC privilege object applies to both DRAC 4 and iDRAC.
You can create as many or as few association objects as required. However, you
must create at least one Association Object, and you must have one RAC Device
Object for each RAC (iDRAC) on the network that you want to integrate with
Active Directory for Authentication and Authorization with the RAC (iDRAC).
The Association Object allows for as many or as few users and/or groups as well
as RAC Device Objects. However, the Association Object only includes one
Privilege Object per Association Object. The Association Object connects the
"Users" who have "Privileges" on the RACs.
You can configure Active Directory objects in a single domain or in multiple
domains. For example, you have two iDRACs (RAC1 and RAC2) and three
existing Active Directory users (user1, user2, and user3). You want to give user1
and user2 an Administrator privilege to both iDRACs and give user3 a login
privilege to the RAC2. Figure 6-2 shows how you set up the Active Directory
objects in this scenario.

106

Using the iDRAC with Microsoft Active Directory

When adding Universal Groups from separate domains, create an Association
Object with Universal Scope. The Default Association objects created by the
Dell Schema Extender Utility are Domain Local Groups and will not work with
Universal Groups from other domains.
Figure 6-2. Setting Up Active Directory Objects in a Single Domain

AO1

Group1

User1

User2

AO2

Priv1

User3

Priv2

RAC1

RAC2

To configure the objects for the single domain scenario, perform the following
tasks:
1 Create two Association Objects.
2 Create two RAC Device Objects, RAC1 and RAC2, to represent the two
iDRACs.
3 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all
privileges (Administrator) and Priv2 has login privileges.
4 Group user1 and user2 into Group1.
5 Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege
Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1.
6 Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege
Objects in AO2, and RAC2 as RAC Devices in AO2.

Using the iDRAC with Microsoft Active Directory

107

See "Adding iDRAC Users and Privileges to Active Directory" on page 116 for
detailed instructions.
Figure 6-3 provides an example of Active Directory objects in multiple
domains. In this scenario, you have two iDRACs (RAC1 and RAC2) and three
existing Active Directory users (user1, user2, and user3). User1 is in Domain1,
and user2 and user 3 are in Domain2. In this scenario, configure user1 and user2
with Administrator privileges to both iDRACs and configure user3 with login
privileges to the RAC2.
Figure 6-3. Setting Up Active Directory Objects in Multiple Domains
Domain1

Domain2
AO1

Group1

User1

User2

AO2

Priv1

User3

Priv2

RAC1

RAC2

To configure the objects for the multiple domain scenario, perform the following
tasks:
1 Ensure that the domain forest function is in Native or Windows 2003 mode.
2 Create two Association Objects, AO1 (of Universal scope) and AO2, in any
domain.
Figure 6-3 shows the objects in Domain2.
3 Create two RAC Device Objects, RAC1 and RAC2, to represent the two
iDRACs.

108

Using the iDRAC with Microsoft Active Directory

4 Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all
privileges (Administrator) and Priv2 has login privileges.
5 Group user1 and user2 into Group1. The group scope of Group1 must be
Universal.
6 Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege
Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1.
7 Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege
Objects in AO2, and RAC2 as RAC Devices in AO2.

Configuring Extended Schema Active Directory to Access Your iDRAC
Before using Active Directory to access your iDRAC, configure the Active
Directory software and the iDRAC by performing the following steps in order:
1 Extend the Active Directory schema (see "Extending the Active Directory
Schema" on page 109).
2 Extend the Active Directory Users and Computers Snap-in (see "Installing
the Dell Extension to the Active Directory Users and Computers Snap-In" on
page 115).
3 Add iDRAC users and their privileges to Active Directory (see "Adding
iDRAC Users and Privileges to Active Directory" on page 116).
4 Enable SSL on each of your domain controllers (see "Enabling SSL on a
Domain Controller" on page 129).
5 Configure the iDRAC Active Directory properties using either the iDRAC
Web interface or the RACADM (see "Configuring the iDRAC With
Extended Schema Active Directory Using the Web Interface" on page 119 or
"Configuring the iDRAC With Extended Schema Active Directory Using
RACADM" on page 120).

Extending the Active Directory Schema
Extending your Active Directory schema adds a Dell organizational unit,
schema classes and attributes, and example privileges and association objects to
the Active Directory schema. Before you extend the schema, ensure that you
have Schema Admin privileges on the Schema Master Flexible Single Master
Operation (FSMO) Role Owner of the domain forest.
You can extend your schema using one of the following:

Using the iDRAC with Microsoft Active Directory

109

•

Dell Schema Extender utility

•

LDIF script file

If you use the LDIF script file, the Dell organizational unit will not be added to
the schema.
The LDIF files and Dell Schema Extender are located on your Dell Systems
Management Tools and Documentation DVD in the following respective
directories:
•

DVD drive:\support\OMActiveDirectory Tools\RAC4-5\LDIF_Files

•

DVD drive:\support\OMActiveDirectory Tools\RAC45\Schema_Extender

To use the LDIF files, see the instructions in the readme included in the
LDIF_Files directory. To use the Dell Schema Extender to extend the Active
Directory Schema, see "Using the Dell Schema Extender" on page 110.
You can copy and run the Schema Extender or LDIF files from any location.
Using the Dell Schema Extender

NOTE: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To ensure
that the Dell Schema Extender utility functions properly, do not modify the name of
this file.
1 In the Welcome screen, click Next.
2 Read and understand the warning and click Next.
3 Select Use Current Log In Credentials or enter a user name and password
with schema Administrator rights.
4 Click Next to run the Dell Schema Extender.
5 Click Finish.
The schema is extended. To verify the schema extension, use the Microsoft
Management Console (MMC) and the Active Directory Schema snap-in to
verify that the following exist:
•

Classes (see Table 6-2 through Table 6-7)

•

Attributes (Table 6-8)

See your Microsoft documentation for more information on how to enable
and use the Active Directory Schema snap-in in the MMC.

110

Using the iDRAC with Microsoft Active Directory

Table 6-2. Class Definitions for Classes Added to the Active Directory Schema
Class Name

Assigned Object Identification Number (OID)

dellRacDevice

1.2.840.113556.1.8000.1280.1.1.1.1

dellAssociationObject

1.2.840.113556.1.8000.1280.1.1.1.2

dellRACPrivileges

1.2.840.113556.1.8000.1280.1.1.1.3

dellPrivileges

1.2.840.113556.1.8000.1280.1.1.1.4

dellProduct

1.2.840.113556.1.8000.1280.1.1.1.5

Table 6-3. dellRacDevice Class
OID

1.2.840.113556.1.8000.1280.1.1.1.1

Description

Represents the Dell RAC device. The RAC device must be
configured as dellRacDevice in Active Directory. This
configuration enables the iDRAC to send Lightweight Directory
Access Protocol (LDAP) queries to Active Directory.

Class Type

Structural Class

SuperClasses

dellProduct

Attributes

dellSchemaVersion
dellRacType

Table 6-4. dellAssociationObject Class
OID

1.2.840.113556.1.8000.1280.1.1.1.2

Description

Represents the Dell Association Object. The Association Object
provides the connection between the users and the devices.

Class Type

Structural Class

SuperClasses

Group

Attributes

dellProductMembers
dellPrivilegeMember

Using the iDRAC with Microsoft Active Directory

111

Table 6-5. dellRAC4Privileges Class
OID

1.2.840.113556.1.8000.1280.1.1.1.3

Description

Used to define the privileges (Authorization Rights) for the iDRAC
device.

Class Type

Auxiliary Class

SuperClasses

None

Attributes

dellIsLoginUser
dellIsCardConfigAdmin
dellIsUserConfigAdmin
dellIsLogClearAdmin
dellIsServerResetUser
dellIsConsoleRedirectUser
dellIsVirtualMediaUser
dellIsTestAlertUser
dellIsDebugCommandAdmin

Table 6-6. dellPrivileges Class
OID

1.2.840.113556.1.8000.1280.1.1.1.4

Description

Used as a container Class for the Dell Privileges (Authorization
Rights).

Class Type

Structural Class

SuperClasses

User

Attributes

dellRAC4Privileges

Table 6-7. dellProduct Class
OID

1.2.840.113556.1.8000.1280.1.1.1.5

Description

The main class from which all Dell products are derived.

Class Type

Structural Class

112

Using the iDRAC with Microsoft Active Directory

Table 6-7. dellProduct Class (continued)
OID

1.2.840.113556.1.8000.1280.1.1.1.5

SuperClasses

Computer

Attributes

dellAssociationMembers

Table 6-8. List of Attributes Added to the Active Directory Schema
Attribute Name/Description

Assigned OID/Syntax Object
Identifier

Single Valued

dellPrivilegeMember

1.2.840.113556.1.8000.1280.1.1.2.1

FALSE

List of dellPrivilege Objects that Distinguished Name
belong to this Attribute.
(LDAPTYPE_DN
1.3.6.1.4.1.1466.115.121.1.12)
dellProductMembers

1.2.840.113556.1.8000.1280.1.1.2.2

List of dellRacDevices Objects
that belong to this role. This
attribute is the forward link to
the dellAssociationMembers
backward link.

Distinguished Name
(LDAPTYPE_DN
1.3.6.1.4.1.1466.115.121.1.12)

FALSE

Link ID: 12070
dellIsLoginUser

1.2.840.113556.1.8000.1280.1.1.2.3

TRUE if the user has Login
rights on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellIsCardConfigAdmin

1.2.840.113556.1.8000.1280.1.1.2.4

TRUE if the user has Card
Configuration rights on the
device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellIsUserConfigAdmin

1.2.840.113556.1.8000.1280.1.1.2.5

TRUE if the user has User
Configuration rights on the
device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

delIsLogClearAdmin

1.2.840.113556.1.8000.1280.1.1.2.6

TRUE if the user has Log
Clearing rights on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

TRUE

Using the iDRAC with Microsoft Active Directory

113

Table 6-8. List of Attributes Added to the Active Directory Schema (continued)
Attribute Name/Description

Assigned OID/Syntax Object
Identifier

Single Valued

dellIsServerResetUser

1.2.840.113556.1.8000.1280.1.1.2.7

TRUE

TRUE if the user has Server
Reset rights on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellIsConsoleRedirectUser

1.2.840.113556.1.8000.1280.1.1.2.8

TRUE

TRUE if the user has Console
Boolean (LDAPTYPE_BOOLEAN
Redirection rights on the device. 1.3.6.1.4.1.1466.115.121.1.7)
dellIsVirtualMediaUser

1.2.840.113556.1.8000.1280.1.1.2.9

TRUE if the user has Virtual
Media rights on the device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellIsTestAlertUser

1.2.840.113556.1.8000.1280.1.1.2.10 TRUE

TRUE

TRUE if the user has Test Alert Boolean (LDAPTYPE_BOOLEAN
User rights on the device.
1.3.6.1.4.1.1466.115.121.1.7)
dellIsDebugCommandAdmin

1.2.840.113556.1.8000.1280.1.1.2.11 TRUE

TRUE if the user has Debug
Command Admin rights on the
device.

Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)

dellSchemaVersion

1.2.840.113556.1.8000.1280.1.1.2.12 TRUE

The Current Schema Version is
used to update the schema.

Case Ignore String
(LDAPTYPE_CASEIGNORESTRI
NG
1.2.840.113556.1.4.905)

dellRacType

1.2.840.113556.1.8000.1280.1.1.2.13 TRUE

This attribute is the Current Rac
Type for the dellRacDevice
object and the backward link to
the
dellAssociationObjectMembers
forward link.

Case Ignore String
(LDAPTYPE_CASEIGNORESTRI
NG
1.2.840.113556.1.4.905)

114

Using the iDRAC with Microsoft Active Directory

Table 6-8. List of Attributes Added to the Active Directory Schema (continued)
Attribute Name/Description

Assigned OID/Syntax Object
Identifier

Single Valued

dellAssociationMembers

1.2.840.113556.1.8000.1280.1.1.2.14 FALSE

List of
Distinguished Name
dellAssociationObjectMembers (LDAPTYPE_DN
that belong to this Product. This 1.3.6.1.4.1.1466.115.121.1.12)
attribute is the backward link to
the dellProductMembers Linked
attribute.
Link ID: 12071

Installing the Dell Extension to the Active Directory Users and
Computers Snap-In
When you extend the schema in Active Directory, you must also extend the
Active Directory Users and Computers snap-in so the administrator can manage
RAC (iDRAC) devices, Users and User Groups, RAC Associations, and RAC
Privileges.
When you install your systems management software using the Dell Systems
Management Tools and Documentation DVD, you can extend the snap-in by
selecting the Dell Extension to the Active Directory User’s and Computers
Snap-In option during the installation procedure. See the Dell OpenManage
Software Quick Installation Guide for additional instructions about installing
systems management software.
For more information about the Active Directory User’s and Computers snap-in,
see your Microsoft documentation.
Installing the Administrator Pack

You must install the Administrator Pack on each system that is managing the
Active Directory iDRAC Objects. If you do not install the Administrator Pack,
you cannot view the Dell RAC Object in the container.
See "Opening the Active Directory Users and Computers Snap-In" on page 116
for more information.

Using the iDRAC with Microsoft Active Directory

115

Opening the Active Directory Users and Computers Snap-In

To open the Active Directory Users and Computers snap-in, perform the
following steps:
1 If you are logged into the domain controller, click Start→ Admin Tools→
Active Directory Users and Computers.
If you are not logged into the domain controller, you must have the
appropriate Microsoft Administrator Pack installed on your local system. To
install this Administrator Pack, click Start→ Run, type MMC, and press
Enter.
The Microsoft Management Console (MMC) appears.
2 In the Console 1 window, click File (or Console on systems running
Windows 2000).
3 Click Add/Remove Snap-in.
4 Select the Active Directory Users and Computers snap-in and click Add.
5 Click Close and click OK.

Adding iDRAC Users and Privileges to Active Directory
Using the Dell-extended Active Directory Users and Computers snap-in, you
can add iDRAC users and privileges by creating RAC, Association, and
Privilege objects. To add each object type, perform the following procedures:
•

Create a RAC device Object

•

Create a Privilege Object

•

Create an Association Object

•

Add objects to an Association Object

Creating a RAC Device Object

1 In the MMC Console Root window, right-click a container.
2 Select New→ Dell RAC Object.
The New Object window appears.
3 Type a name for the new object. The name must be identical to the iDRAC
Name that you will type in step a of "Configuring the iDRAC With Extended
Schema Active Directory Using the Web Interface" on page 119.

116

Using the iDRAC with Microsoft Active Directory

4 Select RAC Device Object.
5 Click OK.
Creating a Privilege Object

NOTE: A Privilege Object must be created in the same domain as the related
Association Object.
1 In the Console Root (MMC) window, right-click a container.
2 Select New→ Dell RAC Object.
The New Object window appears.
3 Type a name for the new object.
4 Select Privilege Object.
5 Click OK.
6 Right-click the privilege object that you created, and select Properties.
7 Click the RAC Privileges tab and select the privileges that you want the user
to have (for more information, see "iDRAC User Privileges" on page 82).
Creating an Association Object

The Association Object is derived from a Group and must contain a Group Type.
The Association Scope specifies the Security Group Type for the Association
Object. When you create an Association Object, choose the Association Scope
that applies to the type of objects you intend to add.
For example, if you select Universal, the association objects are only available
when the Active Directory Domain is functioning in Native Mode or above.
1 In the Console Root (MMC) window, right-click a container.
2 Select New→ Dell RAC Object.
This opens the New Object window.
3 Type a name for the new object.
4 Select Association Object.
5 Select the scope for the Association Object.
6 Click OK.

Using the iDRAC with Microsoft Active Directory

117

Adding Objects to an Association Object

Using the Association Object Properties window, you can associate users or
user groups, privilege objects, and RAC devices or RAC device groups. If your
system is running Windows 2000 mode or higher, use Universal Groups to span
domains with your user or RAC objects.
You can add groups of Users and RAC devices. The procedure for creating Dellrelated groups and non-Dell-related groups is identical.
Adding Users or User Groups

1 Right-click the Association Object and select Properties.
2 Select the Users tab and click Add.
3 Type the user or User Group name and click OK.
Click the Privilege Object tab to add the privilege object to the association that
defines the user’s or user group’s privileges when authenticating to a RAC
device. Only one privilege object can be added to an Association Object.
Adding Privileges

1 Select the Privileges Object tab and click Add.
2 Type the Privilege Object name and click OK.
Click the Products tab to add one or more RAC devices to the association. The
associated devices specify the RAC devices connected to the network that are
available for the defined users or user groups. Multiple RAC devices can be
added to an Association Object.
Adding RAC Devices or RAC Device Groups

To add RAC devices or RAC device groups:
1 Select the Products tab and click Add.
2 Type the RAC device or RAC device group name and click OK.
3 In the Properties window, click Apply and click OK.

118

Using the iDRAC with Microsoft Active Directory

Configuring the iDRAC With Extended Schema Active Directory Using
the Web Interface
1 Open a supported Web browser window.
2 Log in to the iDRAC Web interface.
3 Click System→ Remote Access.
4 Click the Configuration tab and select Active Directory.
5 On the Active Directory Main Menu page, select Configure Active
Directory and click Next.
6 In the Common Settings section:
a

Select the Enable Active Directory check box.

Type the Root Domain Name. The Root Domain Name is the fully
qualified root domain name for the forest.

Type the Timeout time in seconds.

7 Click Use Extended Schema in the Active Directory Schema Selection
section.
8 In the Extended Schema Settings section:
a

Type the DRAC Name. This name must be the same as the common
name of the new RAC object you created in your Domain Controller (see
step 3 of "Creating a RAC Device Object").

Type the DRAC Domain Name (for example, iDRAC.com). Do not
use the NetBIOS name. The DRAC Domain Name is the fully qualified
domain name of the sub-domain where the RAC Device Object is
located.

9 Click Apply to save the Active Directory settings.
10 Click Go Back To Active Directory Main Menu.
11 Upload your domain forest Root CA certificate into the iDRAC.
a

Select the Upload Active Directory CA Certificate radio button and
then click Next.

In the Certificate Upload page, type the file path of the certificate or
browse to the certificate file.

Using the iDRAC with Microsoft Active Directory

119

NOTE: The File Path value displays the relative file path of the certificate you
are uploading. You must type the absolute file path, which includes the full
path and the complete file name and file extension.
The domain controllers’ SSL certificates should have been signed by the
root CA. Have the root CA certificate available on your management
station accessing the iDRAC (see "Exporting the Domain Controller
Root CA Certificate" on page 130).
c

Click Apply.
The iDRAC Web server automatically restarts after you click Apply.

12 Log out and then log in to the iDRAC to complete the iDRAC Active
Directory feature configuration.
13 Click System→ Remote Access.
14 Click the Configuration tab and click Network.
15 If Use DHCP (for NIC IP Address) is selected under Network Settings,
then select Use DHCP to obtain DNS server address.
To manually input a DNS server IP address, deselect Use DHCP to obtain
DNS server addresses and type your primary and alternate DNS server IP
addresses.
16 Click Apply Changes.
The iDRAC Extended Schema Active Directory feature configuration is
complete.

Configuring the iDRAC With Extended Schema Active Directory Using
RACADM
Use the following commands to configure the iDRAC Active Directory feature
with the extended schema using the RACADM CLI tool instead of the Web
interface.
1 Open a command prompt and type the following RACADM commands:
racadm config -g cfgActiveDirectory -o cfgADEnable
1
racadm config -g cfgActiveDirectory -o cfgADType 1
racadm config -g cfgActiveDirectory -o
cfgADRacDomain
120

Using the iDRAC with Microsoft Active Directory

racadm config -g cfgActiveDirectory -o
cfgADRootDomain
racadm config -g cfgActiveDirectory -o
cfgADRacName
racadm sslcertupload -t 0x2 -f
racadm sslcertdownload -t 0x1 -f
2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by
the DHCP server, type the following RACADM command:
racadm config -g cfgLanNetworking -o
cfgDNSServersFromDHCP 1
3 If DHCP is disabled on the iDRAC or you want to manually input your DNS
IP addresses, type the following RACADM commands:
racadm config -g cfgLanNetworking -o
cfgDNSServersFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServer1

racadm config -g cfgLanNetworking -o cfgDNSServer2

4 Press Enter to complete the iDRAC Active Directory feature configuration.

Configuring the iDRAC With Extended Schema Active Directory and
SM-CLP
NOTE: You must have a TFTP server running from which you can retrieve the root
CA certificate and to which you can save the iDRAC server certificate.
Use the following commands to configure the iDRAC Active Directory feature
with the extended schema using SM-CLP.
1 Log in to the iDRAC using telnet or SSH and enter the following SM-CLP
commands:
cd /system/sp1/oemdell_adservice1
set enablestate=1
Using the iDRAC with Microsoft Active Directory

121

set oemdell_schematype=1
set oemdell_adracdomain=
set oemdell_adrootdomain=
set oemdell_adracname=
set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD
load -source /system1/sp1/oemdell_ssl1
set /system1/sp1/oemdell_ssl1 oemdell_certtype=SSL
dump -destination /system1/sp1/oemdell_ssl1
2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by
the DHCP server, type the following SM-CLP command:
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1 oemdell_serversfromdhcp=1
3 If DHCP is disabled on the iDRAC or you want to manually enter your DNS
IP address, type the following SM-CLP commands:
set /system1/sp1/enetport1/lanendpt1/\
ipendpt1/dnsendpt1 oemdell_serversfromdhcp=0
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1/remotesap1 dnsserveraddress=
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1/remotesap1 dnsserveraddress=

Active Directory Standard Schema Overview
As shown in Figure 6-4, using standard schema for Active Directory integration
requires configuration on both Active Directory and the iDRAC. On the Active
Directory side, a standard group object is used as a role group. A user who has
iDRAC access will be a member of the role group. To give this user access to a
specific iDRAC, the role group name and its domain name need to be
configured on the specific iDRAC. Unlike the extended schema solution, the
122

Using the iDRAC with Microsoft Active Directory

role and the privilege level is defined on each iDRAC, not in the Active
Directory. Up to five role groups can be configured and defined in each iDRAC.
Table 5-11 on page 82 shows the privileges level of the role groups and
Table 6-9 shows the default role group settings.
Figure 6-4. Configuration of iDRAC with Microsoft Active Directory and the Standard
Schema
Configuration on Active
Directory Side

Configuration on
iDRAC Side

Role
Group Name
and Domain
Name

Role
Group

Role
Definition

User

Table 6-9. Default Role Group Privileges
Default
Privilege Level

Permissions Granted

Bit Mask

Administrator

Login to iDRAC, Configure iDRAC, Configure
Users, Clear Logs, Execute Server Control
Commands, Access Console Redirection, Access
Virtual Media, Test Alerts, Execute Diagnostic
Commands

0x000001ff

Power User

Login to iDRAC, Clear Logs, Execute Server
Control Commands, Access Console Redirection,
Access Virtual Media, Test Alerts

0x000000f9

Guest User

0x00000001

Using the iDRAC with Microsoft Active Directory

123

Table 6-9. Default Role Group Privileges (continued)
Default
Privilege Level

Permissions Granted

Bit Mask

None

No assigned permissions

0x00000000

None

No assigned permissions

0x00000000

NOTE: The Bit Mask values are used only when setting up the standard schema
with the RACADM.
There are two ways to enable the standard schema in Active Directory:
•

With the iDRAC Web user interface. See "Configuring the iDRAC With
Standard Schema Active Directory and the Web Interface" on page 124.

•

With the RACADM CLI tool. See "Configuring the iDRAC With Standard
Schema Active Directory and RACADM" on page 126.

Configuring Standard Schema Active Directory to Access Your iDRAC
You need to perform the following steps to configure the Active Directory
before an Active Directory user can access the iDRAC:
1 On an Active Directory server (domain controller), open the Active Directory
Users and Computers Snap-in.
2 Create a group or select an existing group. The name of the group and the
name of this domain will need to be configured on the iDRAC with the Web
interface, RACADM, or SM-CLP (see "Configuring the iDRAC With
Standard Schema Active Directory and the Web Interface" on page 124 or
"Configuring the iDRAC With Standard Schema Active Directory and
RACADM" on page 126).
3 Add the Active Directory user as a member of the Active Directory group to
access the iDRAC.

Configuring the iDRAC With Standard Schema Active Directory and the
Web Interface
1 Open a supported Web browser window.
2 Log in to the iDRAC Web interface.
3 Click System→ Remote Access→ iDRAC, then click the Configuration
tab.
124

Using the iDRAC with Microsoft Active Directory

4 Select Active Directory to open the Active Directory Main Menu page.
5 On the Active Directory Main Menu page, select Configure Active
Directory and click Next.
6 In the Common Settings section:
a

Select the Enable Active Directory check box.

Type the Root Domain Name. The Root Domain Name is the fully
qualified root domain name for the forest.

Type the Timeout time in seconds.

7 Click Use Standard Schema in the Active Directory Schema Selection
section.
8 Click Apply to save the Active Directory settings.
9 In the Role Groups column of the Standard Schema settings section, click a
Role Group.
The Configure Role Group page appears, which includes a role group’s
Group Name, Group Domain, and Role Group Privileges.
10 Type the Group Name. The group name identifies the role group in the
Active Directory associated with the iDRAC.
11 Type the Group Domain. The Group Domain is the fully qualified root
domain name for the forest.
12 In the Role Group Privileges page, set the group privileges.
Table 5-11 on page 82 describes the Role Group Privileges.
If you modify any of the permissions, the existing Role Group Privilege
(Administrator, Power User, or Guest User) will change to either the
Custom group or the appropriate Role Group Privilege based on the
permissions modified.
13 Click Apply to save the Role Group settings.
14 Click Go Back To Active Directory Configuration and Management.
15 Click Go Back To Active Directory Main Menu.
16 Upload your domain forest Root CA certificate into the iDRAC.
a

Select the Upload Active Directory CA Certificate radio button and
then click Next.

Using the iDRAC with Microsoft Active Directory

125

In the Certificate Upload page, type the file path of the certificate or
browse to the certificate file.
NOTE: The File Path value displays the relative file path of the certificate you
are uploading. You must type the absolute file path, which includes the full
path and the complete file name and file extension.
The domain controllers’ SSL certificates should have been signed by the
root CA. Have the root CA certificate available on your management
station accessing the iDRAC (see "Exporting the Domain Controller
Root CA Certificate" on page 130).

Click Apply.
The iDRAC Web server automatically restarts after you click Apply.

17 Log out and then log in to the iDRAC to complete the iDRAC Active
Directory feature configuration.
18 Click System→ Remote Access.
19 Click the Configuration tab and then click Network.
20 If Use DHCP (for NIC IP Address) is selected under Network Settings,
select Use DHCP to obtain DNS server address.
To manually input a DNS server IP address, deselect Use DHCP to obtain
DNS server addresses and type your primary and alternate DNS server IP
addresses.
21 Click Apply Changes.
The iDRAC standard schema Active Directory feature configuration is
complete.

Configuring the iDRAC With Standard Schema Active Directory and
RACADM
Using the following commands to configure the iDRAC Active Directory
feature with the standard schema using the RACADM CLI instead of the Web
interface.
1 Open a command prompt and type the following RACADM commands:
racadm config -g cfgActiveDirectory -o cfgADEnable
1
racadm config -g cfgActiveDirectory -o cfgADType 2
126

Using the iDRAC with Microsoft Active Directory

racadm config -g cfgActiveDirectory -o
cfgADRootDomain
racadm config -g cfgStandardSchema -i -o
cfgSSADRoleGroupName
racadm config -g cfgStandardSchema -i -o
cfgSSADRoleGroupDomain
racadm config -g cfgStandardSchema -i -o
cfgSSADRoleGroupPrivilege
racadm sslcertupload -t 0x2 -f
racadm sslcertdownload -t 0x1 -f
NOTE: For bit mask values, see Table B-1.
2 If DHCP is enabled on the iDRAC and you want to use the DNS provided by
the DHCP server, type the following RACADM commands:
racadm config -g cfgLanNetworking -o
cfgDNSServersFromDHCP 1
3 If DHCP is disabled on the iDRAC or you want to input your DNS IP
addresses manually, type the following RACADM commands:
racadm config -g cfgLanNetworking -o
cfgDNSServersFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServer1

racadm config -g cfgLanNetworking -o cfgDNSServer2

Configuring the iDRAC With Standard Schema Active Directory and
SM-CLP
NOTE: You cannot upload certificates using SM-CLP. Instead, use the iDRAC Web
interface or local RACADM commands.

Using the iDRAC with Microsoft Active Directory

127

Use the following commands to configure the iDRAC Active Directory Feature
with the standard schema using SM-CLP.
1 Log in to the iDRAC using telnet or SSH and enter the following SM-CLP
commands:
cd /system/sp1/oemdell_adservice1
set enablestate=1
set oemdell_schematype=2
set oemdell_adracdomain=
2 Enter the following commands for each of the five Active Directory role
groups:
set /system1/sp1/groupN oemdell_groupname=
set /system1/sp1/groupN oemdell_groupdomain=
set /system1/sp1/groupN oemdell_groupprivilege=

where N is a number from 1 to 5.
3 Enter the following commands to set up the Active Directory SSL
certifications.
set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD
load -source /system1/sp1/oemdell_ssl1
set /system1/sp1/oemdell_ssl1 oemdell_certtype=SSL
dump -destination /system1/sp1/oemdell_ssl1
4 If DHCP is enabled on the iDRAC and you want to use the DNS provided by
the DHCP server, type the following SM-CLP command:
set /system1/sp1/enetport1/lanendpt1/\
ipendpt1/dnsendpt1 oemdell_serversfromdhcp=1

128

Using the iDRAC with Microsoft Active Directory

5 If DHCP is disabled on the iDRAC or you want to manually enter your DNS
IP addresses, type the following SM-CLP commands:
set /system1/sp1/enetport1/lanendpt1/\
ipendpt1/dnsendpt1 oemdell_serversfromdhcp=0
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1/remotesap1 dnsserveraddress=
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1/remotesap1 dnsserveraddress=

Enabling SSL on a Domain Controller
If you are using Microsoft Enterprise Root CA to automatically assign all your
domain controllers to an SSL certificate, perform the following steps to enable
SSL on each domain controller.
1 Install a Microsoft Enterprise Root CA on a Domain Controller.
a

Select Start→ Control Panel→ Add or Remove Programs.

Select Add/Remove Windows Components.

In the Windows Components Wizard, select the Certificate Services
check box.

Select Enterprise root CA as CA Type and click Next.

Enter Common name for this CA, click Next, and click Finish.

2 Enable SSL on each of your domain controllers by installing the SSL
certificate for each controller.
a

Click Start→ Administrative Tools→ Domain Security Policy.

Expand the Public Key Policies folder, right-click Automatic
Certificate Request Settings and click Automatic Certificate
Request.

In the Automatic Certificate Request Setup Wizard, click Next and
select Domain Controller.

Click Next and click Finish.

Using the iDRAC with Microsoft Active Directory

129

Exporting the Domain Controller Root CA Certificate
NOTE: If your system is running Windows 2000, the following steps may vary.
1 Locate the domain controller that is running the Microsoft Enterprise CA
service.
2 Click Start→ Run.
3 In the Run field, type mmc and click OK.
4 In the Console 1 (MMC) window, click File (or Console on Windows 2000
machines) and select Add/Remove Snap-in.
5 In the Add/Remove Snap-In window, click Add.
6 In the Standalone Snap-In window, select Certificates and click Add.
7 Select Computer account and click Next.
8 Select Local Computer and click Finish.
9 Click OK.
10 In the Console 1 window, expand the Certificates folder, expand the
Personal folder, and click the Certificates folder.
11 Locate and right-click the root CA certificate, select All Tasks, and click
Export….
12 In the Certificate Export Wizard, click Next, and select No do not export
the private key.
13 Click Next and select Base-64 encoded X.509 (.cer) as the format.
14 Click Next and save the certificate to a directory on your system.
15 Upload the certificate you saved in step 14 to the iDRAC.
To upload the certificate using RACADM, see "Configuring the iDRAC
With Extended Schema Active Directory Using the Web Interface" on
page 119.
To upload the certificate using the Web interface, perform the following
procedure:

130

Open a supported Web browser window.

Click System→ Remote Access, then click the Configuration tab.

Click Security to open the Security Certificate Main Menu page.
Using the iDRAC with Microsoft Active Directory

In the Security Certificate Main Menu page, select Upload Server
Certificate and click Apply.

In the Certificate Upload screen, perform one of the following
procedures:

•

Click Browse and select the certificate.

•

In the Value field, type the path to the certificate.

Click Apply.

Importing the iDRAC Firmware SSL Certificate
Use the following procedure to import the iDRAC firmware SSL certificate to
all domain controller trusted certificate lists.
NOTE: If your system is running Windows 2000, the following steps may vary.
NOTE: If the iDRAC firmware SSL certificate is signed by a well-known CA, you are
not required to perform the steps in this section.
The iDRAC SSL certificate is the identical certificate used for the iDRAC Web
server. All iDRACs are shipped with a default self-signed certificate.
To access the certificate using the iDRAC Web interface, select
Configuration→ Active Directory→ Download iDRAC Server Certificate.
1 On the domain controller, open an MMC Console window and select
Certificates→ Trusted Root Certification Authorities.
2 Right-click Certificates, select All Tasks and click Import.
3 Click Next and browse to the SSL certificate file.
4 Install the RAC SSL Certificate in each domain controller’s Trusted Root
Certification Authority.
If you have installed your own certificate, ensure that the CA signing your
certificate is in the Trusted Root Certification Authority list. If the
Authority is not in the list, you must install it on all your Domain Controllers.
5 Click Next and select whether you would like Windows to automatically
select the certificate store based on the type of certificate, or browse to a store
of your choice.
6 Click Finish and click OK.

Using the iDRAC with Microsoft Active Directory

131

Using Active Directory to Log In To the iDRAC
You can use Active Directory to log in to the iDRAC using the Web interface.
Use one of the following formats to enter your username:

or
\
or
/
where username is an ASCII string of 1–256 bytes.
White space and special characters (such as \, /, or @) cannot be used in the user
name or the domain name.
NOTE: You cannot specify NetBIOS domain names, such as Americas, as these
names cannot be resolved.

Frequently Asked Questions
Table 6-10 lists frequently asked questions and answers.
Table 6-10. Using iDRAC With Active Directory: Frequently Asked
Questions
Question

Answer

Can I log into the iDRAC using
Active Directory across multiple
trees?

Yes. The iDRAC’s Active Directory querying
algorithm supports multiple trees in a single
forest.

Does the log in to the iDRAC using
Active Directory work in mixed mode
(that is, the domain controllers in the
forest run different operating systems,
such as Microsoft Windows NT® 4.0,
Windows 2000, or Windows Server
2003)?

Yes. In mixed mode, all objects used by the
iDRAC querying process (among user, RAC
Device Object, and Association Object) have to
be in the same domain.

132

The Dell-extended Active Directory Users and
Computers snap-in checks the mode and limits
users in order to create objects across domains if
in mixed mode.

Using the iDRAC with Microsoft Active Directory

Table 6-10. Using iDRAC With Active Directory: Frequently Asked
Questions (continued)
Question

Answer

Does using the iDRAC with Active
Directory support multiple domain
environments?

Yes. The domain forest function level must be in
Native mode or Windows 2003 mode. In
addition, the groups among Association Object,
RAC user objects, and RAC Device Objects
(including Association Object) must be
universal groups.

Can these Dell-extended objects (Dell
Association Object, Dell RAC
Device, and Dell Privilege Object) be
in different domains?

The Association Object and the Privilege Object
must be in the same domain. The Dell-extended
Active Directory Users and Computers snap-in
forces you to create these two objects in the
same domain. Other objects can be in different
domains.

Are there any restrictions on Domain Yes. All Active Directory servers’ SSL
Controller SSL configuration?
certificates in the forest must be signed by the
same root CA since iDRAC only allows
uploading one trusted CA SSL certificate.
I created and uploaded a new RAC
If you use Microsoft Certificate Services to
certificate and now the Web interface generate the RAC certificate, one possible cause
does not launch.
of this is you inadvertently chose User
Certificate instead of Web Certificate when
creating the certificate.
To recover, generate a CSR and then create a
new web certificate from Microsoft Certificate
Services and load it using the RACADM CLI
from the managed server by using the following
RACADM commands:
racadm sslcsrgen [-g] [-u] [-f
{filename}]
racadm sslcertupload -t 1 -f
{web_sslcert}

Using the iDRAC with Microsoft Active Directory

133

Table 6-10. Using iDRAC With Active Directory: Frequently Asked
Questions (continued)
Question

Answer

What can I do if I cannot log into the
iDRAC using Active Directory
authentication? How do I troubleshoot
the issue?

1 Ensure that you use the correct user domain

name during a login and not the NetBIOS
name.
2 If you have a local iDRAC user account, log
into the iDRAC using your local credentials.
After you are logged in, perform the following
steps:
a Ensure that you have checked the Enable
Active Directory box on the iDRAC Active
Directory Configuration page.
b Ensure that the DNS setting is correct on the
iDRAC Networking Configuration page.
c Ensure that you have uploaded the Active
Directory certificate from your Active
Directory root CA to the iDRAC.
d Check the Domain Controller SSL
certificates to ensure that they have not
expired.
e Ensure that your DRAC Name, Root
Domain Name, and DRAC Domain Name
match your Active Directory environment
configuration.
f Ensure that the iDRAC password has a
maximum of 127 characters. While the
iDRAC can support passwords of up to 256
characters, Active Directory only supports
passwords that have a maximum length of
127 characters.

134

Using the iDRAC with Microsoft Active Directory

Viewing the Configuration and
Health of the Managed Server

System Summary
Click System→ Properties→ Summary to obtain information about the Main
System Enclosure and the Integrated Dell Remote Access Controller.

Main System Enclosure
System Information

This section of the iDRAC Web interface provides the following basic
information about the managed server:
•

Description — The model number or name of the managed server.

•

BIOS Version — The version number of the managed server's BIOS.

•

Service Tag — The Service Tag number of the managed server.

•

Host Name — The DNS hostname associated with the managed server.

•

OS Name — The name of the operating system installed on the managed
server.

I/O Mezzanine Card

This section of the iDRAC Web interface provides the following information
about the I/O Mezzanine cards installed on the managed server:
•

Connection — Lists the I/O Mezzanine card(s) installed on the managed
server.

•

Card Type — The physical type of the installed Mezzanine card/connection.

Viewing the Configuration and Health of the Managed Server

135

•

Model Name — The model number, type, or description of the installed
Mezzanine card(s).

Integrated Storage Card

This section of the iDRAC Web Interface provides information about the
integrated Storage Controller Card installed on the Managed Server:
•

Card Type — shows the model name of the installed storage card.

Auto Recovery

This section of the iDRAC Web interface details the current mode of operation
of the Auto Recovery feature of the managed server as set by Open Manage
Server Administrator:
•

Recovery Action — Action to be performed when a system fault or hang is
detected. Available actions are No Action, Hard Reset, Power Down, or
Power Cycle.

•

Initial Countdown — The amount of time (in seconds) after a system hang is
detected at which time the iDRAC performs a recovery action.

•

Present Countdown — The current value (in seconds) of the countdown
timer.

Integrated Dell Remote Access Controller
iDRAC Information

This section of the iDRAC Web interface provides the following information
about the iDRAC itself:

136

•

Date/Time — The current date and time (as of last page refresh) of the
iDRAC.

•

Firmware Version — The current version of iDRAC firmware installed on
the managed server.

•

Firmware Updated — The date and time of the last successful iDRAC
firmware update.

•

Hardware Version — The version number of the primary planar (circuit
board) of the managed server.

•

IP Address — The IP address associated with the iDRAC (not the managed
server).
Viewing the Configuration and Health of the Managed Server

•

Gateway — The IP address of the network gateway configured for the
iDRAC.

•

Subnet Mask — The TCP/IP Subnet Mask configured for iDRAC.

•

MAC Address — The MAC address associated with the LOM (LAN on
Motherboard) Network Interface Controller of the iDRAC.

•

DHCP Enabled — Enabled if the iDRAC is set to fetch its IP address and
associated info from a DHCP server.

•

Preferred DNS Address 1 — Set to the currently active primary DNS server.

•

Alternate DNS Address 2 — Set to the alternate DNS server address.
NOTE: This information is also available at iDRAC→ Properties→ iDRAC
Information.

WWN/MAC Summary
Click System→ Properties→ WWN/MAC to view the current configuration of
installed I/O Mezzanine cards and their associated network fabrics. If the
FlexAddress feature is enabled, the globally assigned (Chassis-Assigned)
persistent MAC addresses supersede the hardwired values of each LOM.

System Health
Click System→ Properties→ Health to view important information about the
health of the iDRAC and components monitored by the iDRAC. The Severity
column shows the status for each component. For a list of status icons and their
meaning, see Table 15-3. Click the component name in the Component column
for more detailed information about the component.
NOTE: Component information can also be obtained by clicking the component
name in the left pane of the window. Components remain visible in the left pane
independent of the tab/screen that is selected.

iDRAC
The iDRAC Information page lists a number of important details about the
iDRAC, such as health status, name, firmware revision, and network
parameters. Additional details are available by clicking the appropriate tab at the
top of the page.

Viewing the Configuration and Health of the Managed Server

137

CMC
The CMC page displays the health status, firmware revision, and IP address of
the Chassis Management Controller. You can also launch the CMC Web
Interface by clicking the Launch the CMC Web Interface button.

Batteries
The Batteries page displays the status and values of the system board coin-cell
battery that maintains the Real-Time Clock (RTC) and CMOS configuration
data storage of the managed system.

Temperatures
The Temperature Probes Information page displays the status and readings of
the on-board ambient temperature probe. Minimum and maximum temperature
thresholds for warning or failure states are shown, along with the current health
status of the probe.

Voltages
The Voltage Probes Information page displays the status and reading of the
Voltage probes, providing such information as the status of the on-board voltage
rail and CPU core sensors.
NOTE: Depending on the model of your server, temperature thresholds for warning
or failure states and/or the health status of the probe may not be displayed.

Power Monitoring
The Power Monitoring page enables you to view the following monitoring and
power statistics information:

138

•

Power Monitoring — Displays the amount of power being used (in watts) by
the server as reported by the System Board Current Monitor.

•

Power Tracking Statistics — Displays information about the amount of
power used by the system since the Measurement Start Time was last reset.

•

Peak Statistics — Displays information about the peak amount of power used
by the system since the Measurement Start Time was last reset.

Viewing the Configuration and Health of the Managed Server

CPU
The CPU Information page reports the health of each CPU on the managed
server. This health status is a roll-up of a number of individual thermal, power,
and functional tests.

POST
The Post Code page displays the last system post code (in hexadecimal) prior to
booting the operating system of the managed server.

Misc Health
The Misc Health page provides access to the following system logs:
System Event Log — Displays system-critical events that occur on the managed
system.
Post Code — Displays the last system post code (in hexadecimal) prior to
booting the operating system of the managed server.
Last Crash — Displays the most recent crash screen and time.
Boot Capture — Provides playback of the last three boot screens.
NOTE: This information is also available at System→ Properties→ Logs.

Viewing the Configuration and Health of the Managed Server

139

140

Viewing the Configuration and Health of the Managed Server

Configuring and Using Serial Over
LAN

Serial Over LAN (SOL) is an IPMI feature that allows a managed server’s textbased console data that would traditionally be sent to the serial I/O port to be
redirected over the iDRAC’s dedicated Out-of-Band Ethernet management
network. The SOL out-of-band console enables system administrators to
remotely manage the blade server’s text-based console from any location with
network access. With SOL, you can:
•

Remotely access operating systems with no timeout.

•

Diagnose host systems on Emergency Management Services (EMS) or
Special Administrator Console (SAC) for Windows or in a Linux shell.

•

View the progress of a blade server during POST and reconfigure the BIOS
setup program (while redirected to a serial port).

Enabling Serial Over LAN in the BIOS
To properly configure a server for Serial Over LAN, the following configuration
steps are required and will be explained in detail:
1 Configure Serial Over LAN in BIOS (disabled by default)
2 Configure the iDRAC for Serial Over LAN
3 Select a method to initialize Serial Over LAN (SSH, telnet, SOL Proxy, or
IPMI Tool)
4 Configure the operating system for SOL
Serial communication is off by default in BIOS. To redirect the host text console
data to Serial over LAN, you must enable console redirection via COM1. To
change the BIOS setting, perform the following steps:
1 Boot the managed server.

Configuring and Using Serial Over LAN

141

2 Press to enter the BIOS setup utility during POST.
3 Scroll down to Serial Communication and press .
In the pop-up window, the serial communication list is presented with the
following options:
•

Off

•

On without console redirection

•

On with console redirection via COM1

Use the arrow keys to navigate between options.
4 Ensure that On with console redirection via COM1 is enabled.
5 Ensure that the Failsafe Baud Rate is identical to SOL baud rate that is
configured on iDRAC. The default value for both the failsafe baud rate and
the iDRAC’s SOL baud rate setting is 115.2 kbps.
6 Enable the Redirection After Boot (the default value is DISABLED). This
option enables BIOS SOL redirection across subsequent reboots.
7 Save the changes and exit.
The managed server reboots.

Configuring Serial Over LAN in the iDRAC Web
GUI
1 Open the Serial Over LAN Configuration page by selecting
System→Remote Access→iDRAC→Network/Security→Serial Over
LAN.
2 Ensure the Enable Serial Over LAN option is selected (enabled). By default
it is enabled.
3 Update the IPMI SOL baud rate by selecting a data speed from the Baud
Rate drop-down menu. The options are 19.2 kbps, 57.6 kbps, and 115.2
kbps. The default value is 115.2 kbps.
NOTE: Ensure that the SOL baud rate is identical to the Failsafe Baud Rate
that was set in BIOS.
4 Click Apply if you made any changes.

142

Configuring and Using Serial Over LAN

Table 8-1. Serial Over LAN Configuration Page Settings
Setting

Description

Enable Serial Over
LAN

When selected, the checkbox indicates that Serial Over LAN
is enabled.

Baud Rate

Indicates the data speed. Select a data speed of 19.2 kbps,
57.6 kbps, or 115.2 kbps.

Table 8-2. Serial Over LAN Configuration Page Buttons
Button

Description

Prints the Serial Over LAN Configuration values that
appear on the screen.

Refresh

Reloads the Serial Over LAN Configuration page.

Advanced Settings

Opens the Serial Over LAN Configuration Advanced
Settings page.

Apply

Supplies any new settings that you make while viewing the
Serial Over LAN Configuration page.

5 Change the configuration on the Advanced Settings page, if necessary. Dell
recommends using the default values. Advanced Settings allows you to
adjust SOL performance by changing the Character Accumulate Interval
and Character Send Threshold values. For optimal performance, use the
default settings of 10 milliseconds and 250 characters, respectively.
Table 8-3. Serial Over LAN Configuration Advanced Settings Page Settings
Setting

Description

Character Accumulate The typical amount of time the iDRAC waits before sending a
Interval
partial SOL data packet. This parameter is specified in
milliseconds and increments by 10 milliseconds.

Configuring and Using Serial Over LAN

143

Table 8-3. Serial Over LAN Configuration Advanced Settings Page Settings
Setting

Description

Character Send
Threshold

Specifies the number of characters per SOL data packet. As
soon as the number of characters accepted by the iDRAC is
equal to or greater than the Character Send Threshold value,
the iDRAC starts transmitting SOL data packets that contain
numbers of characters equal to or less than the Character
Send Threshold value. If a packet contains fewer characters
than this value, it is defined to be a partial SOL data packet.

NOTE: If you change these values to lower values, the console redirection
feature of SOL may experience a reduction in performance. Furthermore, the
SOL session must wait to receive an acknowledgement for each packet
before sending the next packet. As a result, the performance is significantly
reduced.
Table 8-4. Serial Over LAN Configuration Advanced Settings Page Buttons
Button

Description

Prints the Serial Over LAN Configuration Advanced
Settings values that appear on the screen.

Refresh

Reloads the Serial Over LAN Configuration Advanced
Settings page.

Apply

Saves any new settings that you make while viewing the
Serial Over LAN Configuration Advanced Settings page.

Go Back To Serial
Over LAN
Configuration Page

Returns the user to the Serial Over LAN Configuration
page.

6 Configure SSH/Telnet for SOL at System→Remote Access→iDRAC→
Network/Security→Services.
NOTE: Each blade server only supports one active SOL session through SSH
or Telnet protocol.
NOTE: SSH protocol is enabled by default. Telnet protocol is disabled by
default.

7 Click Services to open the SSH and Telnet Configuration page.
NOTE: SSH and Telnet programs both provide access on a remote system.
144

Configuring and Using Serial Over LAN

8 Click Enable on either SSH or Telnet as required. SSH is on by default.
9 Click Apply.
NOTE: SSH is recommended due to better security and encryption
mechanisms.
NOTE: SSH/Telnet session duration can be infinite as long as the timeout
value is set to 0. The default timeout value is 1800 seconds.
10 Enable iDRAC Out-of-Band interface (IPMI over LAN) by selecting
System→Remote Access→iDRAC→Network/Security→Network.
11 Enable the IPMI Over LAN option under IPMI LAN Settings. IPMI Over
LAN functionality is disabled by default.
12 Click Apply.

Using Serial Over LAN (SOL)
This section provides several methods to initialize a Serial-Over-LAN session
including a Telnet program, an SSH client, IPMItool, and SOL Proxy. The
purpose of the Serial Over LAN feature is to redirect the serial port of the
managed server through iDRAC into the console of your management station.

Model for Redirecting SOL Over Telnet or SSH
Telnet (port 23)/ SSH (port 22) client←→WAN connection←→iDRAC
server
The IMPI-based SOL over SSH/Telnet implementation eliminates the need for
an additional utility because the serial to network translation happens within the
iDRAC. The SSH or Telnet console that you use should be able to interpret and
respond to the data arriving from the managed server's serial port. The serial
port usually attaches to a shell that emulates an ANSI- or VT100- terminal. The
serial console is automatically redirected to your SSH or Telnet console. The
SOL redirection can then be started from the /system/soll target.
See "Installing Telnet or SSH Clients" on page 60 for more information about
using Telnet and SSH clients with iDRAC.

Model for the SOL Proxy
Telnet Client (port 623)←→WAN connection←→SOL Proxy←→iDRAC
server

Configuring and Using Serial Over LAN

145

When the SOL Proxy communicates with the Telnet client on a management
station, it uses the TCP/IP protocol. However, SOL proxy communicates with
the managed system's iDRAC over the RMCP/IPMI/SOL protocol, which is a
UDP-based protocol. Therefore, if you communicate with your managed
system's iDRAC from SOL Proxy over a WAN connection, you may experience
network performance issues. The recommended usage model is to have the SOL
Proxy and the iDRAC server on the same LAN. The management station with
the Telnet client can then connect to the SOL Proxy over a WAN connection. In
this usage model, SOL Proxy will function as desired.

Model for Redirecting SOL Over IMPItool
IPMItool←→WAN connection←→iDRAC server
The IPMI-based SOL utility, IPMItool, uses RMCP+ protocol delivered using
UDP datagrams to port 623. iDRAC requires this RMCP+ connection to be
encrypted. The encryption key (KG key) must contains characters of zero or
NULL that can be configured in the iDRAC Web GUI or in the iDRAC
Configuration Utility. You can also wipe out the encryption key by pressing the
backspace key so that iDRAC will provide NULL characters as the encryption
key by default. The advantage of using RMCP+ is improved authentication, data
integrity checks, encryption, and the ability to carry multiple types of payloads.
Please refer to "Using SOL Over IPMItool" on page 148 or the IPMItool main
page for more information: http://ipmitool.sourceforge.net/manpage.html.

Disconnecting an SOL Session in SM-CLP
When using SSH or Telnet protocols to access Serial Over LAN functionality,
you will first connect to the iDRAC’s SM-CLP service, from which you will
launch the SOL session with an SM-CLP command (start
/system1/sol1). Thus, users wanting to disconnect an SOL session must
first terminate the SOL session from SM-CLP.
Commands to disconnect a SOL session are utility oriented. Please read this
section carefully; only when a SOL session is fully terminated can you exit the
utility.
When you are ready to quit SOL redirection from SM-CLP, press ,
, and then (press the keys in sequence, one after the other). The SOL
session will close.

146

Configuring and Using Serial Over LAN

NOTE: If a SOL session is not closed successfully in the utility, more SOL sessions
may not be available. The way to resolve this situation is to delete the SMASH
console in the web GUI under System→Remote Access→iDRAC→
Network/Security→Sessions.

Using SOL Over PuTTY
To start SOL from PuTTY on a Windows management station, follow these
steps:
NOTE: If required, you can change the default SSH/telnet timeout at System →
Remote Access→ iDRAC → Network/Security → Services.
1 Connect to the iDRAC by entering the following command in the command
prompt:
putty.exe [-ssh | -telnet] @
2 Enter the following command in the SM-CLP prompt to start SOL:
start /system1/sol1
NOTE: This connects you to the managed server's serial port. The SM-CLP
commands are no longer available to you. You cannot return to SM-CLP once
you have started SOL. You must quit the SOL session using the command
sequence detailed in "Disconnecting an SOL Session in SM-CLP" on page 146,
and start a new one to use SM-CLP.

Using SOL Over Telnet With Linux
To start SOL from Telnet on a Linux management station, follow these steps:
NOTE: If required, you can change the default Telnet timeout at System→ Remote
Access→iDRAC→ Network/Security →Services.
1 Start a shell.
2 Connect to the iDRAC with the following command:
telnet
NOTE: If you have changed the port number for the Telnet service from the
default (port 23), add the port number to the end of the telnet command.
3 Input iDRAC's username and password in order to connect to iDRAC SMCLP.
4 Enter the following command in the SM-CLP prompt to start SOL:
Configuring and Using Serial Over LAN

147

start /system1/sol1
5 To quit a SOL session from Telnet on Linux, type <]> (press and hold
the control key and enter a right square bracket). A Telnet prompt displays.
Type quit to exit telnet.

Using SOL Over OpenSSH with Linux
OpenSSH is an open source utility for using the SSH protocol. To start SOL
from OpenSSH on a Linux management station, follow these steps:
NOTE: If required, you can change the default SSH session timeout at System→
Remote Access→iDRAC→ Network/Security →Services.
1 Start a shell.
2 Connect to the iDRAC with the following command:
ssh -l
3 Enter the following command in the SM-CLP prompt to start SOL:
start /system1/sol1
NOTE: This connects you to the managed server's serial port. The SM-CLP
commands are no longer available to you. You cannot return to SM-CLP once
you have started SOL. You must quit the SOL session (refer to "Disconnecting
SOL session in SM-CLP" on page 146 to close an active SOL session), and start
a new one to use SM-CLP.

Using SOL Over IPMItool
The Dell Systems Management Tolls and Documentation DVD provides
IPMItool, which can be installed on various operating systems. To start SOL
with IPMItool on a management station, follow these steps:
NOTE: If required, you can change the default SOL timeout at System→ Remote
Access→iDRAC→Network/Security→Services.
1 Locate the IPMItool.exe under the proper directory.
The default path for Windows is C:\Program Files\Dell\SysMgt\bmc.
2 Ensure the Encryption key contains all zeroes on the following page:
System→Remote
Access→iDRAC→Network/Security→Network→IPMI LAN Settings.

148

Configuring and Using Serial Over LAN

3 Enter the following command in the Windows command prompt or in the
Linux shell prompt to start SOL via iDRAC:
ipmitool -H -I lanplus -U
-P sol activate
This connects you to the managed server's serial port.
4 To quit a SOL session from IPMItool, press <~> and <.> (press the tilde and
period keys in sequence, one after the other). The SOL session will close.
NOTE: If a user does not terminate the SOL session correctly, issue the
following command to reboot iDRAC. Please allow the iDRAC 1-2 minutes to
complete booting. Refer to "RACADM Subcommands" on page 192 for more
details.
racadm racreset

Opening SOL With SOL Proxy
Serial-Over-LAN Proxy (SOL Proxy) is a telnet daemon that allows LAN-based
administration of remote systems using the Serial Over LAN (SOL) and IPMI
protocols. Any standard telnet client application, such as HyperTerminal on
Windows or telnet on Linux, can be used to access the daemon's features. SOL
can be used either in the menu mode or command mode. The SOL protocol
coupled with the remote system's BIOS console redirection allows
administrators to remotely view and change a managed system's BIOS settings
over a LAN. The Linux serial console and Microsoft's EMS/SAC interfaces can
also be accessed over a LAN using SOL.
NOTE: All versions of the Windows operating system include HyperTerminal
terminal emulation software. However, the included version does not provide many
functions required during console redirection. Instead, you can use any terminal
emulation software that supports VT100 or ANSI emulation mode. One example of a
full VT100 or ANSI terminal emulator that supports console redirection on your
system is HyperTerminal Private Edition 6.1 or later.
NOTE: See your system's User's Guide for more information about console
redirection, including hardware and software requirements and instructions for
configuring host and client systems to use console redirection.
NOTE: HyperTerminal and telnet settings must be consistent with the settings on
the managed system. For example, the baud rates and terminal modes should
match.

Configuring and Using Serial Over LAN

149

NOTE: The Windows telnet command that is run from an MS-DOS prompt
supports ANSI terminal emulation. The BIOS must be set for ANSI emulation to
display all the screens correctly.
Before Using SOL Proxy

Before using SOL proxy, refer to the Baseboard Management Controller
Utilities User's Guide to learn how to configure your management stations. By
default, BMC Management Utility is installed in the following directory on
Windows operating systems:
C:\Program Files\Dell\SysMgt\bmc
The installation program copies the files to the following locations on Linux
Enterprise Operating Systems:
/etc/init.d/SOLPROXY.cfg
/etc/SOLPROXY.cfg
/usr/sbin/dsm_bmu_solproxy32d
/usr/sbin/solconfig
/usr/sbin/impish
Initiating the SOL Proxy Session

To connect and use SOL Proxy:
•

For Windows 2003:
To start the SOL Proxy service on a Windows system after installation, you
can reboot the system (SOL Proxy automatically starts on a reboot). Or, you
can start the SOL Proxy service manually by completing the following steps:

1 Right-click My Computer and click Manage.
The Computer Management window appears.
2 Click Services and Applications, and then click Services.
Available services are displayed to the right.
3 Locate DSM_BMU_SOLProxy in the list of services, and right-click to start
the service.

150

Configuring and Using Serial Over LAN

Depending on the console you use, there are different steps for accessing
SOL Proxy. Throughout this section, the management station where the SOL
Proxy is running is referred as the SOL Proxy Server.
•

For Linux Enterprise Operating Systems:
The SOL Proxy will start automatically during system startup. Alternatively,
you can go to directory /etc/init.d and use the following commands to
manage the SOL Proxy service:
solproxy status
dsm_bmu_solproxy32d start
dsm_bmu_solproxy32d stop
solproxy restart

Using Telnet With SOL Proxy

NOTE: This assumes that the SOL Proxy service is already up and running on the
management station.
For Windows 2003:
1 Open the command prompt on your management station.
2 Enter the telnet command in the command line, and provide
localhost as the IP address if the SOL Proxy server is running on the
same system and the port number that you specified in the SOL Proxy
installation (the default value is 623). For example:
telnet localhost 623
For Linux Enterprise Operating Systems:
1 Open a Linux shell on your management station.
2 Enter the telnet command, and provide localhost as the IP address of
the SOL Proxy server and the port number that you specified in the SOL
Proxy installation (the default value is 623). For example:
telnet localhost 623
NOTE: Whether your host operating system is Windows or Linux, if the SOL Proxy
server is running on a different system than your management station, input the SOL
Proxy server IP address instead of localhost.
telnet 623

Configuring and Using Serial Over LAN

151

Using HyperTerminal With SOL Proxy

1 From the remote station, open HyperTerminal.exe.
2 Choose TCPIP(Winsock).
3 Enter host address localhost and port number 623.
Connecting to the Remote Managed System's BMC

After a SOL Proxy session is successfully established, you are presented with
the following choices:
1. Connect to the Remote Server's BMC
2. Configure the Serial-Over-LAN for the Remote
Server
3. Activate Console Redirection
4. Reboot and Activate Console Redirection
5. Help
6. Exit
NOTE: While multiple SOL sessions can be active at the same time, only one
console redirection session can be active at any given time for a managed system.
NOTE: To exit an active SOL session, press the <~><.> keys. This sequence
terminates SOL and returns you to the top-level menu.
1 Select option 1 in the main menu.
2 Enter the iDRAC IP Address of the remote managed system.
3 Provide the iDRAC Username and Password for the iDRAC on the
managed system. The iDRAC username and password must be assigned and
stored in the iDRAC non-volatile storage.
NOTE: Only one SOL console redirection session with iDRAC is permitted at
one time.
NOTE: If required, extend the SOL session duration to infinite by changing the
Telnet timeout value to zero on the iDRAC Web GUI page under System→
Remote Access→iDRAC→Network/Security →Services.

4 Provide the IPMI encryption key if it was configured in the iDRAC.

152

Configuring and Using Serial Over LAN

NOTE: You can locate the IPMI encryption key in the iDRAC GUI at System→
Remote Access→iDRAC→Network/Security→Network→IPMI LAN
Settings→ Encryption Key.

NOTE: The default IPMI encryption key is all zeros. If you press for
the encryption option, iDRAC will use this default encryption key.
5 Select option 2 in the main menu.
The SOL configuration menu appears. According to the current SOL status,
the content of the SOL configuration menu varies:
•

If SOL is already enabled, the current settings appear, and you are
presented with three choices:
1. Disable Serial-Over-LAN
2. Change Serial-Over-LAN settings
3. Cancel

•

If SOL is enabled, ensure that the SOL baud rate is consistent with the
iDRAC's baud rate. A minimum iDRAC user privilege level of
Administrator is required for activating console redirection.

•

If SOL is currently disabled, type Y to enable SOL or N to keep SOL
disabled.

6 Select option 3 in the main menu.
The remote managed system's text console is redirected to your management
station.
7 Select option 4 in the main menu (optional).
The power state of the remote managed system is confirmed. If power is on,
you are asked to decide between a graceful or forceful shutdown.
The power state is monitored until the state changes to On. Console
redirection begins, and the remote managed system text console is redirected
to your management station.
While the managed system reboots, you can enter the BIOS system setup
program to view or configure BIOS settings.
8 Select option 5 in the main menu to display a detailed description for each
option.

Configuring and Using Serial Over LAN

153

9 Select option 6 in the main menu to end your telnet session and disconnect
from SOL Proxy.
NOTE: If a user does not terminate the SOL session correctly, issue the
following command to reboot iDRAC. Please allow the iDRAC 1-2 minutes to
complete booting. Refer to "RACADM Subcommands" on page 192 for more
details.
racadm racreset

Operating System Configuration
Complete the steps below to configure generic UNIX®-like operating systems.
This configuration is based on default installations of Red Hat Enterprise Linux
5.0, SUSE Linux Enterprise Server 10 SP1, and Windows 2003 Enterprise.

Linux Enterprise Operating System
1 Edit the /etc/inittab file to enable hardware flow control and allow users to
log in through the SOL console. Add the line below to the end of the #Run
gettys in standard runlevels section.
7:2345:respawn:/sbin/agetty -h 115200 ttyS0 vt220
Example of original /etc/inittab:
______________________________________________________________
#
# inittab

This file describes how the INIT process should set up

the system in a certain run-level.

#
SKIP this part of file
# Run gettys in standard runlevels
1:2345:respawn:/sbin/migetty tty1
2:2345:respawn:/sbin/migetty tty1
3:2345:respawn:/sbin/migetty tty1
4:2345:respawn:/sbin/migetty tty1
5:2345:respawn:/sbin/migetty tty1
6:2345:respawn:/sbin/migetty tty1

154

Configuring and Using Serial Over LAN

# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm -nodaemon

______________________________________________________________
Example of modified /etc/inittab:
______________________________________________________________
#
# inittab

This file describes how the INIT process should set up

the system in a certain run-level.

______________________________________________________________
2 Edit the /etc/securetty file to allow users to log in as a root user through the
SOL console. Add the following line after console:
ttyS0
Example of original /etc/securetty:
______________________________________________________________
console
vc/1
vc/2

Configuring and Using Serial Over LAN

155

vc/3
vc/4
SKIP the rest of file

______________________________________________________________
Example of modified /etc/securetty:
______________________________________________________________
Console
ttyS0
vc/1
vc/2
vc/3
vc/4
SKIP the rest of file

______________________________________________________________
3 Edit the /boot/grub/grub.conf or /boot/grub/menu.list file to add boot
options for SOL:
a

Comment out the graphical display lines in the various UNIX-like
operating systems:
•

splashimage=(had0,0)/grub/splash.xpm.gz in
RHEL 5

•

gfxmenu (hda0,5)/boot/message in SLES 10

Add the following line before the first title= … line:

# Redirect OS boot via SOL
c

Append the following entry to the first title= … line:

SOL redirection
d

Append the following text to the kernel/… line of the first title=
…:

console=tty1 console=ttyS0,115200
NOTE: /boot/grub/grub.conf in Red Hat Enterprise Linux 5 is a symbolic link to
/boot/grub/menu.list. You can change the settings in either one of them.

156

Configuring and Using Serial Over LAN

Example of original /boot/grub/grub.conf in Red Hat Enterprise Linux 5:
______________________________________________________________
# grub.conf generated by anaconda
#
# Note that you do not have to return grub after making changes
to this
# file
# NOTICE: You have a /boot partition. This means that
#
eg.

all kernel and initrd paths are relative to /boot/,

root (hd0,0)

#
kernel /vmlinux-version ro root=
/dev/VolGroup00/LogVol00
#

initrd /initrd-version.img

#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm/gz
hiddenmenu
title Red Hat Enterprise Linux 5
root (hd0,0)
kernel /vmlinuz-2.6.18-8.el5 ro root=
/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-8.el5.img

______________________________________________________________
Example of modified /boot/grub/grub.conf:
______________________________________________________________
# grub.conf generated by anaconda
#
# Note that you do not have to return grub after making changes
to this
# file
# NOTICE: You have a /boot partition. This means that

Configuring and Using Serial Over LAN

157

#
eg.

all kernel and initrd paths are relative to /boot/,

root (hd0,0)

#
kernel /vmlinux-version ro root=
/dev/VolGroup00/LogVol00
#

initrd /initrd-version.img

#boot=/dev/sda
default=0
timeout=5
#splashimage=(hd0,0)/grub/splash.xpm/gz
hiddenmenu
# Redirect the OS boot via SOL
title Red Hat Enterprise Linux 5 SOL redirection
root (hd0,0)
kernel /vmlinuz-2.6.18-8.el5 ro root=
/dev/VolGroup00/LogVol00 rhgb quiet console=tty1 console=
ttyS0,115200
initrd /initrd-2.6.18-8.el5.img

______________________________________________________________
Example of original /boot/grub/menu.list in SUSE Linux Enterprise Server 10:
______________________________________________________________
#Modified by YaST2. Last modification on Sat Oct 11 21:52:09
UTC 2008
Default 0
Timeout 8
gfxmenu (hd0.5)/boot/message
###Don't change this comment - YaST2 identifier: Original name:
linux###
title SUSE Linux Enterprise Server 10 SP1
root (hd0,5)
kernel /boot/vmlinux-2.6.16-46-0.12-bigsmp root=
/dev/disk/by-id/scsi-35000c5000155c resume=/dev/sda5
splash=silent showopts
initrd /boot/initrd-2.6.16.46-0.12-bigsmp

158

Configuring and Using Serial Over LAN

______________________________________________________________
Example of modified /boot/grub/menu.list in SLES 10:
______________________________________________________________
#Modified by YaST2. Last modification on Sat Oct 11 21:52:09
UTC 2008
Default 0
Timeout 8
#gfxmenu (hd0.5)/boot/message
###Don't change this comment - YaST2 identifier: Original name:
linux###
title SUSE Linux Enterprise Server 10 SP1 SOL redirection
root (hd0,5)
kernel /boot/vmlinux-2.6.16-46-0.12-bigsmp root=
/dev/disk/by-id/scsi-35000c5000155c resume=/dev/sda5
splash=silent showopts console=tty1 console=ttyS0,115200
initrd /boot/initrd-2.6.16.46-0.12-bigsmp

______________________________________________________________

Windows 2003 Enterprise
1 Determine the boot entry ID by entering bootcfg in the Windows
command prompt. Locate the boot entry ID for the section Windows Server
2003 Enterprise. Press to display the boot options on the
management station.
2 Enable EMS at a Windows command prompt by entering:
bootcfg /EMS ON /PORT COM1 /BAUD 115200 /ID
NOTE: is the boot entry ID from step 1.
3 Press to verify that the EMS console setting takes effect.
Example of original bootcfg setting:
______________________________________________________________
Boot Loader Settings
-------------------timeout:30

Configuring and Using Serial Over LAN

159

default:multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
Boot Entries
-----------Boot entry ID:

OS Friendly Name: Winodws Server 2003, Enterprise
Path:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

OS Load Options:
/redirect

/nonexecute=optout /fastdetect /usepmtimer

______________________________________________________________
Example of modified bootcfg setting:
______________________________________________________________
Boot Loader Settings
-------------------timeout:

default:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

redirect:

COM1

redirectbaudrate:115200
Boot Entries
-----------Boot entry ID:

Os Friendly Name: Windows Server 2003, Enterprise
Path:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

OS Load Options:
/redirect

/nonexecute=optout /fastdetect /usepmtimer

______________________________________________________________

160

Configuring and Using Serial Over LAN

Using GUI Console Redirection

This section provides information about using the iDRAC console redirection
feature.

Overview
The iDRAC console redirection feature enables you to access the local console
remotely in either graphic or text mode. Using console redirection, you can
control one or more iDRAC-enabled systems from one location.
You do not have to sit in front of each server to perform all the routine
maintenance. You can instead manage the servers from wherever you are, from
your desktop or laptop computer. You can also share the information with
others—remotely and instantly.

Using Console Redirection
NOTE: When you open a console redirection session, the managed server does not
indicate that the console has been redirected.
The Console Redirection page enables you to manage the remote system by
using the keyboard, video, and mouse on your local management station to
control the corresponding devices on a remote managed server. This feature can
be used in conjunction with the Virtual Media feature to perform remote
software installations.
The following rules apply to a console redirection session:
•

A maximum of two simultaneous console redirection sessions are supported.
Both sessions view the same managed server console simultaneously.

•

A console redirection session should not be launched from a web browser on
the managed system.

•

A minimum available network bandwidth of 1 MB/sec is required.

Using GUI Console Redirection

161

If a second user requests a console redirection session, the first user is notified
and is given the option to refuse access, allow only video, or allow full shared
access. The second user is notified that another user has control. The first user
must respond within thirty seconds or full access is automatically granted to the
second user. During the time that two sessions are concurrently active, each user
sees a message in the upper-right corner of the screen that identifies the other
user with an active session. A third active session is not permitted. If a third user
requests a console redirection session, access is denied without interruption to
the first or second user’s session.
If the neither the first or second user has administrator privileges, termination of
the first user's active session automatically results in termination of the second
user's session.

Supported Screen Resolutions and Refresh Rates
Table 9-1 lists the supported screen resolutions and corresponding refresh rates
for a console redirection session that is running on the managed server.
Table 9-1. Supported Screen Resolutions and Refresh Rates
Screen Resolution

Refresh Rate (Hz)

720x400

640x480

60, 72, 75, 85

800x600

60, 70, 72, 75, 85

1024x768

60, 70, 72, 75, 85

1280x1024

Configuring Your Management Station
To use Console Redirection on your management station, perform the following
procedures:
1 Install and configure a supported Web browser. See the following sections for
more information:

162

•

"Supported Web Browsers" on page 27

•

"Configuring a Supported Web Browser" on page 52

Using GUI Console Redirection

2 If you are using Firefox or want to use the Java Viewer with Internet
Explorer, install a Java Runtime Environment (JRE). See "Installing a Java
Runtime Environment (JRE)" on page 59.
3 It is recommended that you configure your monitor display resolution to
1280x1024 pixels or higher.
NOTE: If you have an active console redirection session and a lower resolution
monitor is connected to the iKVM, the server console resolution may reset if the
server is selected on the local console. If the server is running a Linux operating
system, an X11 console may not be viewable on the local monitor. Pressing
at the iKVM will switch Linux to a text console.

Configuring Console Redirection in the iDRAC Web Interface
To configure console redirection in the iDRAC Web interface, perform the
following steps:
1 Click System and then click the Console tab.
2 Click Configuration to open the Console Redirection Configuration page.
3 Configure the console redirection properties. Table 9-2 describes the settings
for console redirection.
4 When completed, click Apply.
5 Click the appropriate button to continue. See Table 9-3.
Table 9-2. Console Redirection Configuration Properties
Property

Description

Enabled

Click to enable or disable Console Redirection.
Checked indicates that Console Redirection is enabled.
Unchecked indicates that Console Redirection is
disabled.
The default is enabled.

Max Sessions

Displays the maximum number of Console Redirection
sessions that are possible, 1 or 2. Use the drop-down menu
to change the maximum number of Console Redirection
sessions allowed. The default is 2.

Using GUI Console Redirection

163

Table 9-2. Console Redirection Configuration Properties (continued)
Property

Description

Active Sessions

Displays the number of Active Console sessions. This
field is read-only.

Keyboard and Mouse Port The network port number used for connecting to the
Number
Console Redirection Keyboard/Mouse option. This traffic
is always encrypted. You may need to change this number
if another program is using the default port. The default is
5900.
Video Port Number

The network port number used for connecting to the
Console Redirection Screen service. You may need to
change this setting if another program is using the default
port. The default is 5901.

Video Encryption Enabled Checked indicates that video encryption is enabled. All
traffic going to the video port is encrypted.
Unchecked indicates that video encryption is disabled.
Traffic going to the video port is not encrypted.
The default is Encrypted. Disabling encryption can
improve performance on slower networks.
Mouse Mode

Choose Windows if the managed server is running on a
Windows operating system.
Choose Linux if your server is running on Linux.
Choose None if your server is not running on a Windows
or Linux operating system.
The default is Windows.

Console Plug-In Type for
IE

When using Internet Explorer on a Windows operating
system, you can choose from the following viewers:
ActiveX - The ActiveX Console Redirection viewer
Java - Java Console Redirection viewer

NOTE: Depending on your version of Internet Explorer,
additional security restrictions may need to be turned off
(see "Configuring and Using Virtual Media" on page 177).

NOTE: You must have the Java runtime environment
installed on your client system to use the Java viewer.

164

Using GUI Console Redirection

Table 9-2. Console Redirection Configuration Properties (continued)
Property

Description

Disable Local Console

Checked indicates that output to the iKVM monitor is
disabled during console redirection. This ensures that the
tasks you perform using Console Redirection will not be
visible on the managed server’s local monitor.

NOTE: For information about using Virtual Media with Console Redirection, see
"Configuring and Using Virtual Media" on page 177.
The buttons in Table 9-5 are available on the Console Redirection
Configuration page.
Table 9-3. Console Redirection Configuration Page Buttons
Button

Definition

Prints the Console Redirection Configuration page

Refresh

Reloads the Console Redirection Configuration page

Apply

Saves any new settings made to the console redirection.

Configuring Console Redirection in the SM-CLP Command Line Interface
Opening a Console Redirection Session
When you open a console redirection session, the Dell Virtual KVM Viewer
Application starts and the remote system’s desktop appears in the viewer. Using
the Virtual KVM Viewer Application, you can control the remote system’s
mouse and keyboard functions from your local management station.
To open a console redirection session in the Web interface, perform the
following steps:
1 Click System and then click the Console tab.
2 In the Console Redirection page, use the information in Table 9-4 to ensure
that a console redirection session is available.
If you wish to reconfigure any of the property values displayed, see
"Configuring Console Redirection in the iDRAC Web Interface" on
page 163.

Using GUI Console Redirection

165

Table 9-4. Console Redirection Page Information
Property

Description

Console Redirection
Enabled

Yes/No

Video Encryption Enabled Yes/No
Max Sessions

Displays the maximum number of supported console
redirection sessions

Current Sessions

Displays the current number of active console redirection
sessions

Mouse Mode

Displays the mouse acceleration currently in effect.
Mouse Acceleration mode should be chosen based on the
type of operating system installed on the managed server.

Console Plug-in Type

Shows the plug-in type currently configured.
ActiveX — An Active-X viewer will be launched. ActiveX viewer will only work on Internet Explorer while
running on a Windows Operating System.
Java — A Java viewer will be launched. The Java viewer
can be used on any browser including Internet Explorer. If
your client runs on an operating system other than
Windows, then you must use the Java Viewer. If you are
accessing the iDRAC using Internet Explorer while
running on a Windows operating system, you may choose
either Active-X or Java as the plug-in type.

Local Console

Unchecked if the local console has not been disabled. If
checked the console cannot be accessed by anyone using
the iKVM connection on the chassis.

NOTE: For information about using Virtual Media with Console Redirection, see
"Configuring and Using Virtual Media" on page 177.

166

Using GUI Console Redirection

The buttons in Table 9-5 are available on the Console Redirection page.
Table 9-5. Console Redirection Page Buttons
Button

Definition

Refresh

Reloads the Console Redirection Configuration page

Launch Viewer

Opens a console redirection session on the targeted remote
system

Prints the Console Redirection Configuration page

3 If a console redirection session is available, click Launch Viewer.
NOTE: Multiple message boxes may appear after you launch the application.
To prevent unauthorized access to the application, you must navigate through
these message boxes within three minutes. Otherwise, you will be prompted
to relaunch the application.
NOTE: If one or more Security Alert windows appear in the following steps,
read the information in the window and click Yes to continue.

The management station connects to the iDRAC and the remote system’s
desktop appears in the Dell Digital KVM Viewer Application.
4 Two mouse pointers appear in the viewer window: one for the remote system
and one for your local system. You must synchronize the two mouse pointers
so that the remote mouse pointer follows your local mouse pointer. See
"Synchronizing the Mouse Pointers" on page 170.

Using the Video Viewer
The Video Viewer provides a user interface between the management station
and the managed server, allowing you to see the managed server’s desktop and
control its mouse and keyboard functions from your management station. When
you connect to the remote system, the Video Viewer starts in a separate window.
The Video Viewer provides various control adjustments such as color mode,
mouse synchronization, snapshots, keyboard macros, and access to Virtual
Media. Click Help for more information on these functions.
When you start a console redirection session and the Video Viewer appears, you
may need to adjust the color mode and synchronize the mouse pointers.
Table 9-6 describes the menu options that are available for use in the viewer.
Using GUI Console Redirection

167

Table 9-6. Viewer Menu Bar Selections
Menu Item

Item

Description

Video

Pause

Temporarily pauses console redirection.

Resume

Resumes console redirection.

Refresh

Redraws the viewer screen image.

Capture Current Captures the current remote system screen to a .bmp
Screen
file on Windows or a .png file on Linux. A dialog box
is displayed that allows you to save the file to a
specified location.

168

Full Screen

To make the Video Viewer expand into full screen
mode, select Full Screen from the Video menu.

Exit

When you have finished using the Console and have
logged out (using the remote system's logout
procedure), select Exit from the Video menu to close
the Video Viewer window.

Using GUI Console Redirection

Table 9-6. Viewer Menu Bar Selections (continued)
Menu Item

Item

Description

Keyboard

Hold Right Alt
Key

Select this item before typing keys you want to
combine with the right key.

Hold Left Alt
Key

Select this item before typing keys you want to
combine with the left key.

Left Windows
Key

Select Hold Down before typing characters you want
to combine with the left Windows key. Select Press
and Release to send a left Windows key keystroke.

Right Windows Select Hold Down before typing characters you want
Key
to combine with the right Windows key. Select Press
and Release to send a right Windows key keystroke.
Macros

When you select a macro, or type the hotkey specified
for the macro, the action is executed on the remote
system. The Video Viewer provides the following
macros:
• Ctrl-Alt-Del
• Alt-Tab
• Alt-Esc
• Ctrl-Esc
• Alt-Space
• Alt-Enter
• Alt-Hyphen
• Alt-F4
• PrtScn
• Alt-PrtScn
• F1
• Pause
• Alt+m

Keyboard Pass- The Keyboard pass-through mode allows all keyboard
through
functions on the client to be redirected to the server.

Using GUI Console Redirection

169

Table 9-6. Viewer Menu Bar Selections (continued)
Menu Item

Item

Description

Mouse

Synchronize
Cursor

The Mouse menu enables you to synchronize the
cursor so that the mouse on the client is redirected to
the mouse on the server.

Options

Color Mode

Allows you to select a color depth to improve
performance over the network. For example, if you are
installing software from virtual media, you can choose
the lowest color depth (3-bit gray), so that less network
bandwidth is used by the console viewer leaving more
bandwidth for transferring data from the media.
The color mode can be set to 15-bit color, 7-bit color,
4-bit color, 4-bit gray, and 3-bit gray.

Media

Virtual Media
Wizard

The Media menu provides access to the Virtual Media
Wizard, which allows you to redirect to a device or
image such as a:
• Floppy drive
• CD
• DVD
• Image in ISO format
• USB Flash drive
For information about the Virtual Media feature, see
"Configuring and Using Virtual Media" on page 177.
You must keep the Console Viewer window active
when using Virtual Media.

Help

N/A

Activates the Help menu.

Synchronizing the Mouse Pointers
When you connect to a remote PowerEdge system using Console Redirection,
the mouse acceleration speed on the remote system may not synchronize with
the mouse pointer on your management station, causing two mouse pointers to
appear in the Video Viewer window.
To synchronize the mouse pointers click Mouse→ Synchronize cursor or press
.

170

Using GUI Console Redirection

The Synchronize cursor menu item is a toggle. Ensure that there is a check mark
next to the item in the menu so that the mouse synchronization is active.
When using Red Hat® Linux® or Novell® SUSE® Linux, be sure to configure
the mouse mode for Linux before you launch the viewer. See "Configuring
Console Redirection in the iDRAC Web Interface" on page 163 for help with
configuration. The operating system’s default mouse settings are used to control
the mouse arrow in the iDRAC Console Redirection screen.

Disabling or Enabling Local Console
You can configure the iDRAC to disallow iKVM connections using the iDRAC
Web interface. When the local console is disabled, a yellow status dot appears in
the list of servers (OSCAR) to indicate that the console is locked in the iDRAC.
When the local console is enabled, the status dot is green.
If you want to have ensure that you have exclusive access to the managed server
console, you must disable the local console and reconfigure the Max Sessions
to 1 on the Console Redirection Page.
NOTE: The local console feature is supported on all x9xx PowerEdge systems
except PowerEdge SC1435 and 6950.
NOTE: By disabling (turning off) the local video on the server, the monitor,
keyboard, and mouse connected to the iKVM are disabled.
To disable or enable the local console, perform the following procedure:
1 On your management station, open a supported Web browser and log into the
iDRAC. See "Accessing the Web Interface" on page 69 for more
information.
2 Click System, click the Console tab, and then click Configuration.
3 If you want to disable (turn off) local video on the server, in the Console
Redirect Configuration page, select the Disable Local Console checkbox
and then click Apply. The default value is OFF.
4 If you want to enable (turn on) local video on the server, in the Console
Redirect Configuration page, deselect the Disable Local Console
checkbox and then click Apply.
The Console Redirection page displays the status of the Local Server Video.

Using GUI Console Redirection

171

Frequently Asked Questions
Table 9-7 lists frequently asked questions and answers.
Table 9-7. Using Console Redirection: Frequently Asked Questions
Question

Answer

Can a new remote
console video session
be started when the
local video on the
server is turned off?

Yes.

Why does it take
It gives a local user an opportunity to take any action before the
15 seconds to turn off video is switched off.
the local video on the
server after requesting
to turn off the local
video?
Is there a time delay
when turning on the
local video?

No, once a local video turn ON request is received by iDRAC
the video is turned on instantly.

Can the local user also Yes, a local user can use the local RACADM CLI to turn off
turn off the video?
the video.
Can the local user also No. Once the local console is disabled, the local user’s
turn on the video?
keyboard and mouse are disabled and they are unable to change
any settings.
Does switching off the Yes.
local video also switch
off the local keyboard
and mouse?
Does turning off the
No, turning the local video on or off is independent of the
local console turn off remote console session.
the video on the remote
console session?
What privileges are
Any user with iDRAC configuration privileges can turn the
needed for an iDRAC local console on or off.
user to turn on or off
the local server video?

172

Using GUI Console Redirection

Table 9-7. Using Console Redirection: Frequently Asked Questions (continued)
Question

Answer

How can I get the
current status of the
local server video?

The status is displayed on the Console Redirection
Configuration page of the iDRAC Web interface.
The RACADM CLI command racadm getconfig –g
cfgRacTuning displays the status in the object
cfgRacTuneLocalServerVideo.
The status is also seen on the iKVM OSCAR display. When the
local console is enabled, a green status appears next to the
server name. When disabled, a yellow dot indicates that the
local console is locked by the iDRAC.

I cannot see the bottom Ensure that the management station’s monitor resolution is set
to 1280x1024.
of the system screen
from the Console
Redirection window.
The console window is The console viewer on Linux requires a UTF-8 character set.
garbled.
Check your locale and reset the character set if needed. See
"Setting the Locale in Linux" on page 57 for more information.
Why do I get a blank
The managed server does not have the correct ATI video driver.
screen on the managed You must update the video driver by using the Dell Systems
server when loading
Management Tools and Documentation DVD.
the Windows 2000
operating system?
Why doesn’t the mouse
sync in DOS when
performing Console
Redirection?

The Dell BIOS is emulating the mouse driver as a PS/2 mouse.
By design, the PS/2 mouse uses relative position for the mouse
pointer, which causes the lag in syncing. iDRAC has a USB
mouse driver, which allows absolute position and closer
tracking of the mouse pointer. Even if iDRAC passes the USB
absolute mouse position to the Dell BIOS, the BIOS emulation
would convert it back to relative position and the behavior
would remain. To fix this problem, set the mouse mode to
NONE in the Console Redirection configuration.

Why doesn’t the mouse Virtual KVM requires the USB mouse driver, but the USB
sync under the Linux mouse driver is available only under the X-Window operating
text console?
system.

Using GUI Console Redirection

173

Table 9-7. Using Console Redirection: Frequently Asked Questions (continued)
Question

Answer

I am still having issues Ensure that the correct mouse is selected for your operating
with mouse
system before starting a console redirection session.
synchronization.
Ensure that Synchronize Mouse is checked in the Mouse
menu. Press or select Mouse→ Synchronize
mouse to toggle mouse synchronization. When
synchronization is enabled, a check mark appears next to the
selection in the Mouse menu.
Why can't I use a
keyboard or mouse
while installing
Windows remotely by
using iDRAC Console
Redirection?

When you remotely install a supported Microsoft operating
system on a system with Console Redirection enabled in the
BIOS, you receive an EMS Connection Message that requires
that you select OK before you can continue. You cannot use
the mouse to select OK remotely. You must either select OK
on the local system or restart the remotely managed server,
reinstall, and then turn Console Redirection off in the BIOS.
This message is generated by Microsoft to alert the user that
Console Redirection is enabled. To ensure that this message
does not appear, always turn off Console Redirection in the
BIOS before installing an operating system remotely.

Why doesn’t the Num
Lock indicator on my
management station
reflect the status of the
Num Lock on the
remote server?

When accessed through the iDRAC, the Num Lock indicator
on the management station does not necessarily coincide with
the state of the Num Lock on the remote server. The state of the
Num Lock is dependent on the setting on the remote server
when the remote session is connected, regardless of the state of
the Num Lock on the management station.

Why do multiple
You are configuring a console redirection session from the
Session Viewer
local system. This is not supported.
windows appear when I
establish a console
redirection session
from the local host?
If I am running a
No. If a local user accesses the system, you both have control
console redirection
of the system.
session and a local user
accesses the managed
server, do I receive a
warning message?

174

Using GUI Console Redirection

Table 9-7. Using Console Redirection: Frequently Asked Questions (continued)
Question

Answer

How much bandwidth
do I need to run a
console redirection
session?

Dell recommends a 5 MB/sec connection for good
performance. A 1 MB/sec connection is required for minimal
performance.

What are the minimum The management station requires an Intel® Pentium III
system requirements
500 MHz processor with at least 256 MB of RAM.
for my management
station to run console
redirection?

Using GUI Console Redirection

175

176

Using GUI Console Redirection

Configuring and Using Virtual
Media
Overview

The Virtual Media feature, accessed through the console redirection viewer,
provides the managed server access to media connected to a remote system on
the network. Figure 10-1 shows the overall architecture of Virtual Media.
Figure 10-1. Overall Architecture of Virtual Media
Managed Server

Management Station

Modular Server
Remote CD/DVD/USB

Network
Remote Floppy

Configuring and Using Virtual Media

177

Using Virtual Media, administrators can remotely boot their managed servers,
install applications, update drivers, or even install new operating systems
remotely from the virtual CD/DVD and diskette drives.
NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps.
Virtual media defines two devices for the managed server’s operating system
and BIOS: a floppy disk device and an optical disk device.
The management station provides the physical media or image file across the
network. When Virtual Media is connected, all virtual CD/floppy drive access
requests from the managed server are directed to the management station across
the network. Connecting Virtual Media appears the same as inserting media
into physical devices. When virtual media is not connected, virtual devices on
the managed server appear as two drives without media installed in the drives.
Table 10-1 lists the supported drive connections for virtual floppy and virtual
optical drives.
NOTE: Changing Virtual Media while connected could stop the system boot
sequence.
Table 10-1. Supported Drive Connections
Supported Virtual Floppy Drive
Connections

Supported Virtual Optical Drive
Connections

Legacy 1.44 floppy drive with a 1.44
floppy diskette

CD-ROM, DVD, CDRW, combination drive
with CD-ROM media

USB floppy drive with a 1.44 floppy
diskette

CD-ROM/DVD image file in the ISO9660
format

1.44 floppy image

USB CD-ROM drive with CD-ROM media

USB removable disk (minimum size
128 MB)

Windows-Based Management Station
To run the Virtual Media feature on a management station running the
Microsoft® Windows® operating system, install a supported version of Internet
Explorer with the ActiveX Control plug-in (see "Supported Web Browsers" on
page 27). Set the browser security to Medium or a lower setting to enable
Internet Explorer to download and install signed ActiveX controls.

178

Configuring and Using Virtual Media

Depending on your version of Internet Explorer, a custom security setting for
ActiveX may be required:
1 Start Internet Explorer.
2 Click Tools→ Internet Options, and then click the Security tab.
3 Under Select a Web content zone to specify its security settings, click to
select the desired zone.
4 Under Security level for this zone, click Custom Level.
The Security Settings window appears.
5 Under ActiveX controls and plugins, ensure that the following settings are
set to Enable:
•

Allow Scriptlets

•

Automatic prompting for ActiveX controls

•

Download signed ActiveX controls

•

Download unsigned ActiveX controls

6 Click OK to save any changes and close the Security Settings window.
7 Click OK to close the Internet Options window.
8 Restart Internet Explorer.
You must have administrator rights to install ActiveX. Before installing the
ActiveX control, Internet Explorer may display a security warning. To complete
the ActiveX control installation procedure, accept the ActiveX control when
Internet Explorer prompts you with a security warning.

Linux-Based Management Station
To run the virtual media feature on a management station running the Linux
operating system, install a supported version of Firefox. See "Supported Web
Browsers" on page 27 for more information.
A Java Runtime Environment (JRE) is required is required to run the console
redirection plugin. You can download a JRE from java.sun.com. JRE
version 1.6 or above is recommended.

Configuring Virtual Media
1 Log in to the iDRAC Web interface.
Configuring and Using Virtual Media

179

2 Select System in the navigation tree and click the Console tab.
3 Click Configuration→ Virtual Media to configure the Virtual Media
settings.
Table 10-2 describes the Virtual Media configuration values.
4 When you have finished configuring the settings, click Apply.
5 Click the appropriate button to continue. See Table 10-3.
Table 10-2. Virtual Media Configuration Values
Attribute

Value

Attach Virtual Media

Attach - Immediately attaches Virtual Media to
the server.
Detach - Immediately detaches Virtual Media
from the server.
Auto-Attach - Attaches Virtual Media to the
server only when a virtual media session is started.

Maximum Sessions

Displays the maximum number of Virtual Media
sessions allowed. This is always 1.

Active Sessions

Displays the current number of Virtual Media
sessions.

Virtual Media Encryption
Enabled

Click the checkbox to enable or disable encryption
on Virtual Media connections. Checked enables
encryption; unchecked disables encryption.

Virtual Media Port Number

The network port number used for connecting to
the Virtual Media service without encryption.
Two consecutive ports starting from the port
number specified are used to connect to the Virtual
Media service. The port number following the
specified port must not be configured for any other
iDRAC service. The default is 3668.

180

Configuring and Using Virtual Media

Table 10-2. Virtual Media Configuration Values (continued)
Attribute

Value

Virtual Media SSL Port Number The network port number used for encrypted
connections to the Virtual Media service. Two
consecutive ports starting from the port number
specified are used to connect to the Virtual Media
service. The port number following the specified
port must not be configured for any other iDRAC
service. The default is 3670.
Floppy Emulation

Indicates whether the Virtual Media appears as a
floppy drive or as a USB key to the server. If
Floppy Emulation is checked, the Virtual Media
device appears as a floppy device on the server. If it
is unchecked, it appears as a USB Key drive.

Enable Boot Once

Check this box to enable the boot once option. This
option automatically terminates the Virtual Media
session after the server has booted once. This
option is useful for automated deployments.

Table 10-3. Virtual Media Configuration Page Buttons
Button

Description

Prints the Console Configuration values that appear on the
screen.

Refresh

Reloads the Console Configuration page.

Apply

Saves any new settings made to the Console Configuration page.

Running Virtual Media
NOTE: Do not issue a racreset command when running a Virtual Media session.
Otherwise, undesirable results may occur, including loss of data.
NOTE: The Console Viewer window application must remain active while you
access the virtual media.
1 Open a supported Web browser on your management station. See "Supported
Web Browsers" on page 27.
2 Start the iDRAC Web interface. "Accessing the Web Interface" on page 69.
Configuring and Using Virtual Media

181

3 Select System in the navigation tree and click the Console tab.
The Console Redirection page appears. If you want to change the values of
any of the displayed attributes, see "Configuring Virtual Media" on page 180.
NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear,
as this device can be virtualized as a virtual floppy. You can select one optical
drive and one floppy at the same time, or a single drive.
NOTE: The virtual device drive letters on the managed server do not coincide
with the physical drive letters on the management station.

NOTE: Virtual Media may not function properly on Windows operating system
clients that are configured with Internet Explorer Enhanced Security. To
resolve this issue, see your Microsoft operating system documentation or
contact your administrator.

4 Click Launch Viewer.
NOTE: On Linux, the file jviewer.jnlp is downloaded to your desktop and a
dialog box will ask what to do with the file. Choose the option to Open with
program and then select the javaws application, which is located in the bin
subdirectory of your JRE installation directory.
The iDRACView application launches in a separate window.
5 Click Media→ Virtual Media Wizard….
The Media Redirection wizard appears.
6 View the Status window. If media is connected, you must disconnect it before
connecting a different media source. Click the Disconnect button to the right
of the media you wish to disconnect.
7 Select the radio button next to the media types you wish to connect.
You can select one radio button in the Floppy/USB Drive section and one in
the CD/DVD Drive section.
If you want to connect a Floppy image or ISO image, enter the path (on your
local computer) to the image, or click the Browse button and browse to the
image.
8 Click the Connect button next to each selected media type.
The media is connected and the Status window is updated.
9 Click the Close button.

182

Configuring and Using Virtual Media

Disconnecting Virtual Media

1 Click Media→ Virtual Media Wizard….
2 Click Disconnect next to the media you wish to disconnect.
The media is disconnected and the Status window is updated.
3 Click Close.

Booting From Virtual Media
The system BIOS enables you to boot from virtual optical drives or virtual
floppy drives. During POST, enter the BIOS setup window and verify that the
virtual drives are enabled and listed in the correct order.
To change the BIOS setting, perform the following steps:
1 Boot the managed server.
2 Press to enter the BIOS setup window.
3 Scroll to the boot sequence and press .
In the pop-up window, the virtual optical drives and virtual floppy drives are
listed with the standard boot devices.
4 Ensure that the virtual drive is enabled and listed as the first device with
bootable media. If required, follow the on-screen instructions to modify the
boot order.
5 Save the changes and exit.
The managed server reboots.
The managed server attempts to boot from a bootable device based on the
boot order. If the virtual device is connected and a bootable media is present,
the system boots to the virtual device. Otherwise, the system overlooks the
device—similar to a physical device without bootable media.

Installing Operating Systems Using Virtual Media
This section describes a manual, interactive method to install the operating
system on your management station that may take several hours to complete. A
scripted operating system installation procedure using Virtual Media may take
less than 15 minutes to complete. See "Deploying the Operating System" on
page 231 for more information.
1 Verify the following:
Configuring and Using Virtual Media

183

•

The operating system installation CD is inserted in the management
station’s CD drive.

•

The local CD drive is selected.

•

You are connected to the virtual drives.

2 Follow the steps for booting from the virtual media in the "Booting From
Virtual Media" section to ensure that the BIOS is set to boot from the CD
drive that you are installing from.
3 Follow the on-screen instructions to complete the installation.

Using Virtual Media When the Server’s Operating System Is Running
Windows-Based Systems

On Windows systems, the virtual media drives are automounted if they are
attached and configured with a drive letter.
Using the virtual drives from within Windows is similar to using your physical
drives. When you connect to the media using the Virtual Media wizard, the
media is available at the system by clicking the drive and browsing its content.
Linux-Based Systems

Depending on the configuration of the software on your system, the virtual
media drives may not be automounted. If your drives are not automounted,
manually mount the drives using the Linux mount command.

184

Configuring and Using Virtual Media

Frequently Asked Questions
Table 10-4 lists frequently asked questions and answers.
Table 10-4. Using Virtual Media: Frequently Asked Questions
Question

Answer

Sometimes, I notice my Virtual Media When a network time-out occurs, the iDRAC
client connection drop.
firmware drops the connection, disconnecting
Why?
the link between the server and the Virtual
Drive.
If the Virtual Media configuration settings are
changed in the iDRAC Web interface or by local
RACADM commands, any connected media is
disconnected when the configuration change is
applied.
To reconnect to the Virtual Drive, use the Virtual
Media wizard.
Which operating systems support the See "Supported Operating Systems" on page 26
iDRAC?
for a list of supported operating systems.
Which Web browsers support the
iDRAC?

See "Supported Web Browsers" on page 27 for a
list of supported Web browsers.

Configuring and Using Virtual Media

185

Table 10-4. Using Virtual Media: Frequently Asked Questions (continued)
Question

Answer

Why do I sometimes lose my client
connection?

• You can sometimes lose your client connection
if the network is slow or if you change the CD
in the client system CD drive. For example, if
you change the CD in the client system’s CD
drive, the new CD might have an autostart
feature. If this is the case, the firmware can
time out and the connection can be lost if the
client system takes too long before it is ready to
read the CD. If a connection is lost, reconnect
from the GUI and continue the previous
operation.
• When a network timeout occurs, the iDRAC
firmware drops the connection, disconnecting
the link between the server and the Virtual
Drive. Also, someone may have altered the
Virtual Media configuration settings in the
Web interface or by entering RADACM
commands. To reconnect to the Virtual Drive,
use the Virtual Media feature.

An installation of the Windows
operating system seems to take too
long. Why?

If you are installing the Windows operating
system using the Dell Systems Management
Tools and Documentation DVD and a slow
network connection, the installation procedure
may require an extended amount of time to
access the iDRAC Web interface due to network
latency. While the installation window does not
indicate the installation progress, the installation
procedure is in progress.

I am viewing the contents of a floppy
drive or USB memory key. If I try to
establish a Virtual Media connection
using the same drive, I receive a
connection failure message and am
asked to retry. Why?

Simultaneous access to Virtual Floppy drives is
not allowed. Close the application used to view
the drive contents before you attempt to
virtualize the drive.

186

Configuring and Using Virtual Media

Table 10-4. Using Virtual Media: Frequently Asked Questions (continued)
Question

Answer

How do I configure my virtual device On the managed server, access the BIOS Setup
as a bootable device?
and navigate to the boot menu. Locate the virtual
CD, Virtual Floppy, or Virtual Flash and change
the device boot order as needed. For example, to
boot from a CD drive, configure the CD drive as
the first drive in the boot order.
What types of media can I boot from? The iDRAC allows you to boot from the
following bootable media:
• CDROM/DVD Data media
• ISO 9660 image
• 1.44 Floppy disk or floppy image
• A USB key that is recognized by the operating
system as a removable disk (minimum size 128
MB)
• A USB key image
How can I make my USB key
bootable?

Search support.dell.com for the Dell Boot
Utility, a Windows program you can use to make
your Dell USB key bootable.
You can also boot with a Windows 98 startup
disk and copy system files from the startup disk
to your USB key. For example, from the DOS
prompt, type the following command:

sys a: x: /s
where x: is the USB key you want to make
bootable.
You can also use the Dell boot utility to create a
bootable USB key. This utility is only
compatible with Dell-branded USB keys. To
download the utility, open a Web browser,
navigate to the Dell Support website located at
support.dell.com, and search for R122672.exe.

Configuring and Using Virtual Media

187

Table 10-4. Using Virtual Media: Frequently Asked Questions (continued)
Question

Answer

I cannot locate my Virtual Floppy
device on a system running Red Hat®
Enterprise Linux® or the SUSE®
Linux operating system. My Virtual
Media is attached and I am connected
to my remote floppy. What should I
do?

Some Linux versions do not automount the
Virtual Floppy Drive and the Virtual CD drive in
a similar manner. To mount the Virtual Floppy
Drive, locate the device node that Linux assigns
to the Virtual Floppy Drive. Perform the
following steps to correctly find and mount the
Virtual Floppy Drive:
1 Open a Linux command prompt and run the
following command:
grep "Virtual Floppy"
/var/log/messages
2 Locate the last entry to that message and note
the time.
3 At the Linux prompt, run the following
command:
grep "hh:mm:ss"
/var/log/messages
where:
hh:mm:ss is the time stamp of the
message returned by grep in step 1.
4 In step 3, read the result of the grep command
and locate the device name that is given to the
Dell Virtual Floppy.
5 Ensure that you are attached and connected to
the Virtual Floppy Drive.
6 At the Linux prompt, run the following
command:
mount /dev/sdx /mnt/floppy
where:
/dev/sdx is the device name found in
step 4
/mnt/floppy is the mount point.

188

Configuring and Using Virtual Media

Table 10-4. Using Virtual Media: Frequently Asked Questions (continued)
Question

Answer

What file system types are supported Your Virtual Floppy Drive supports FAT16 or
on my Virtual Floppy Drive?
FAT32 file systems.
When I performed a firmware update
remotely using the iDRAC Web
interface, my virtual drives at the
server were removed. Why?

Firmware updates cause the iDRAC to reset,
drop the remote connection, and unmount the
virtual drives. The drives will reappear when the
iDRAC reset is complete.

Configuring and Using Virtual Media

189

190

Configuring and Using Virtual Media

Using the Local RACADM Command
Line Interface
The local RACADM command line interface (CLI) provides access to the
iDRAC management features from the managed server. RACADM provides
access to the same features as the iDRAC Web interface. However, RACADM
can be used in scripts to ease configuration of multiple servers and iDRACs,
where the Web interface is more useful for interactive management.

Local RACADM commands do not use network connections to access the
iDRAC from the managed server. This means that you can use local RACADM
commands to configure the initial iDRAC networking.
For more information about configuring multiple iDRACs, see "Configuring
Multiple iDRACs" on page 212.
This section provides the following information:
•

Using RACADM from a command prompt

•

Configuring your iDRAC using the racadm command

•

Using the RACADM configuration file to configure multiple iDRACs

Using the RACADM Command
You run RACADM commands locally (on the managed server) from a
command prompt or shell prompt.
Log into the managed server, start a command shell, and enter local RACADM
commands in the following format:
racadm -g -o

Dell Idrac For Blade Servers Version 1 4 Owners Manual 1.4 User Guide

Navigation menu

Versions of this User Manual:

Views

Navigation