Dell Idrac For Blade Servers Version 1 5 Users Manual 1.5 User's Guide

2014-11-13

: Dell Dell-Idrac-For-Blade-Servers-Version-1-5-Users-Manual-118296 dell-idrac-for-blade-servers-version-1-5-users-manual-118296 dell pdf

Open the PDF directly: View PDF PDF.
Page Count: 408 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Integrated Dell Remote
Access Controller (iDRAC)
Firmware Version 1.5
User Guide
Notes and Cautions
NOTE: A NOTE indicates important information that helps you make better use of
your computer.
CAUTION: A CAUTION indicates potential damage to hardware or loss of data if
instructions are not followed.
___________________
Information in this document is subject to change without notice.
© 2009 Dell Inc. All rights reserved.
Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc.
is strictly forbidden.
Trademarks used in this text: Dell, the DELL logo, OpenManage and PowerEdge, are trademarks of
Dell Inc.; Microsoft, Windows, Windows Server, MS-DOS, Windows Vista, Internet Explorer and Active
Directory are either trademarks or registered trademarks of Microsoft Corporation in the United States
and/or other countries; Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat
Inc. in the United States and other countries; Novell and SUSE are registered trademarks of Novell
Corporation. Intel is a registered trademark of Intel Corporation; UNIX is a registered trademark of
The Open Group in the United States and other countries.
Copyright 1998-2009 The OpenLDAP Foundation. All rights reserved. Redistribution and use in source
and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public
License. A copy of this license is available in the file LICENSE in the top-level directory of the distribution
or, alternatively, at www.OpenLDAP.org/license.html. OpenLDAP is a registered trademark of the
OpenLDAP Foundation. Individual files and/or contributed packages may be copyrighted by other parties
and subject to additional restrictions. This work is derived from the University of Michigan LDAP v3.3
distribution. This work also contains materials derived from public sources. Information about OpenLDAP
can be obtained at www.openldap.org/. Portions Copyright 1998-2004 Kurt D. Zeilenga. Portions
Copyright 1998-2004 Net Boolean Incorporated. Portions Copyright 2001-2004 IBM Corporation. All
rights reserved. Redistribution and use in source and binary forms, with or without modification, are
permitted only as authorized by the OpenLDAP Public License. Portions Copyright 1999-2003 Howard
Y.H. Chu. Portions Copyright 1999-2003 Symas Corporation. Portions Copyright 1998-2003 Hallvard B.
Furuseth. All rights reserved. Redistribution and use in source and binary forms, with or without
modification, are permitted provided that this notice is preserved. The names of the copyright holders may
not be used to endorse or promote products derived from this software without their specific prior written
permission. This software is provided "as is'' without express or implied warranty. Portions Copyright (c)
1992-1996 Regents of the University of Michigan. All rights reserved. Redistribution and use in source
and binary forms are permitted provided that this notice is preserved and that due credit is given to the
University of Michigan at Ann Arbor. The name of the University may not be used to endorse or promote
products derived from this software without specific prior written permission. This software is provided
"as is'' without express or implied warranty. Other trademarks and trade names may be used in this
document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims
any proprietary interest in trademarks and trade names other than its own.
August 2009
Contents 3
Contents
1 iDRAC Overview . . . . . . . . . . . . . . . . . . . 25
iDRAC Management Features . . . . . . . . . . . . . . 26
iDRAC Security Features . . . . . . . . . . . . . . . . 27
iDRAC Firmware Improvements . . . . . . . . . . . . . 28
Supported Platforms . . . . . . . . . . . . . . . . . . . 28
Supported Operating Systems . . . . . . . . . . . . . . 28
Supported Web Browsers . . . . . . . . . . . . . . . . 28
Supported Remote Access Connections . . . . . . . . 29
iDRAC Ports . . . . . . . . . . . . . . . . . . . . . . . 29
Other Documents You May Need . . . . . . . . . . . . 30
2 Configuring the iDRAC. . . . . . . . . . . . . . . 33
Before You Begin . . . . . . . . . . . . . . . . . . . . 33
Interfaces for Configuring the iDRAC . . . . . . . . . . 33
Configuration Tasks . . . . . . . . . . . . . . . . . . . 36
Configure the Management Station . . . . . . . . 36
Configure iDRAC Networking. . . . . . . . . . . . 36
Configure iDRAC Users . . . . . . . . . . . . . . . 37
Configure Active Directory . . . . . . . . . . . . . 37
Configure IP Filtering and IP Blocking . . . . . . . 37
4Contents
Configure Platform Events . . . . . . . . . . . . . 38
Enabling or Disabling Local
Configuration Access . . . . . . . . . . . . . . . . 38
Configure iDRAC Services . . . . . . . . . . . . . 38
Configure Secure Sockets Layer (SSL) . . . . . . . 39
Configure Virtual Media. . . . . . . . . . . . . . . 39
Install the Managed Server Software . . . . . . . 39
Configure the Managed Server for the
Last Crash Screen Feature . . . . . . . . . . . . . 39
Configuring Networking Using the
CMC Web Interface . . . . . . . . . . . . . . . . . . . 40
Viewing FlexAddress Mezzanine
Card Fabric Connections. . . . . . . . . . . . . . . . . 40
FlexAddress MAC for iDRAC . . . . . . . . . . . . 41
Updating the iDRAC Firmware. . . . . . . . . . . . . . 42
Downloading the iDRAC Firmware
or Update Package . . . . . . . . . . . . . . . . . 43
Executing the Firmware Update . . . . . . . . . . 43
Using the DOS Update Utility . . . . . . . . . . . . 44
Verifying the Digital Signature . . . . . . . . . . . 45
Clear Your Browser’s Cache . . . . . . . . . . . . 48
Configuring iDRAC for Use with IT Assistant . . . . . . 49
Using the iDRAC Configuration Utility
to Enable Discovery and Monitoring . . . . . . . . 49
Using the iDRAC Web Interface to
Enable Discovery and Monitoring . . . . . . . . . 50
Using the Dell IT Assistant to View
iDRAC Status and Events . . . . . . . . . . . . . . 51
Contents 5
3 Configuring the Management
Station . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Management Station Set Up Steps . . . . . . . . . . . 53
Management Station Network Requirements . . . . . 53
Configuring a Supported Web Browser . . . . . . . . . 54
Opening Your Web Browser . . . . . . . . . . . . 54
Configuring Your Web Browser to
Connect to the Web Interface . . . . . . . . . . . 54
Adding iDRAC to the List of Trusted
Domains. . . . . . . . . . . . . . . . . . . . . . . 57
Viewing Localized Versions of the
Web Interface . . . . . . . . . . . . . . . . . . . 58
Setting the Locale in Linux . . . . . . . . . . . . . 58
Disabling the Whitelist Feature
in Firefox . . . . . . . . . . . . . . . . . . . . . . 59
Installing a Java Runtime Environment (JRE) . . . . . . 60
Installing Telnet or SSH Clients . . . . . . . . . . . . . 61
Telnet with iDRAC. . . . . . . . . . . . . . . . . . 61
Configuring the Backspace Key
For Your Telnet Session. . . . . . . . . . . . . . . 62
SSH With iDRAC . . . . . . . . . . . . . . . . . . 62
Installing a TFTP Server . . . . . . . . . . . . . . . . . 64
Installing Dell OpenManage IT Assistant . . . . . . . 64
6Contents
4 Configuring the Managed Server . . . . . 67
Installing the Software on the Managed Server . . . . 67
Configuring the Managed Server to
Capture the Last Crash Screen. . . . . . . . . . . . . . 68
Disabling the Windows Automatic
Reboot Option . . . . . . . . . . . . . . . . . . . . . . 69
5 Configuring the iDRAC Using
the Web Interface . . . . . . . . . . . . . . . . . . 71
Accessing the Web Interface . . . . . . . . . . . . . . 71
Logging In . . . . . . . . . . . . . . . . . . . . . . 72
Logging Out . . . . . . . . . . . . . . . . . . . . . 72
Using Multiple Browser Tabs
and Windows . . . . . . . . . . . . . . . . . . . . 73
Configuring the iDRAC NIC . . . . . . . . . . . . . . . 74
Configuring the Network and
IPMI LAN Settings . . . . . . . . . . . . . . . . . 74
Configuring IP Filtering and IP Blocking . . . . . . 77
Configuring Platform Events . . . . . . . . . . . . . . . 79
Configuring Platform Event Filters (PEF) . . . . . . 80
Configuring Platform Event Traps (PET) . . . . . . 80
Configuring E-Mail Alerts . . . . . . . . . . . . . . 81
Configuring IPMI . . . . . . . . . . . . . . . . . . . . 81
Adding and Configuring iDRAC Users . . . . . . . . . . 83
Contents 7
Securing iDRAC Communications
Using SSL and Digital Certificates . . . . . . . . . . . 86
Secure Sockets Layer (SSL) . . . . . . . . . . . . 87
Certificate Signing Request (CSR) . . . . . . . . . 87
Accessing the SSL Main Menu . . . . . . . . . . 88
Generating a New Certificate
Signing Request . . . . . . . . . . . . . . . . . . 89
Uploading a Server Certificate . . . . . . . . . . . 91
Viewing a Server Certificate . . . . . . . . . . . . 91
Configuring and Managing Active
Directory Certificates . . . . . . . . . . . . . . . . . . 92
Configuring Active Directory (Standard
Schema and Extended Schema) . . . . . . . . . . 93
Uploading an Active Directory
CA Certificate . . . . . . . . . . . . . . . . . . . . 96
Downloading an iDRAC Server Certificate . . . . . 97
Viewing an Active Directory CA Certificate . . . . 97
Enabling or Disabling Local
Configuration Access . . . . . . . . . . . . . . . . . . 98
Enabling Local Configuration Access . . . . . . . 98
Disabling Local Configuration Access . . . . . . . 98
Configuring iDRAC Services. . . . . . . . . . . . . . . 99
Updating the iDRAC Firmware. . . . . . . . . . . . . . 102
Recovering iDRAC Firmware
Using the CMC . . . . . . . . . . . . . . . . . . . 103
8Contents
6 Using the iDRAC with Microsoft
Active Directory . . . . . . . . . . . . . . . . . . 105
Advantages and Disadvantages of Extended
Schema and Standard Schema . . . . . . . . . . . . 105
Extended Schema Active Directory Overview . . . . 106
Active Directory Schema Extensions. . . . . . . 106
Overview of the RAC Schema
Extensions. . . . . . . . . . . . . . . . . . . . . 107
Active Directory Object Overview . . . . . . . . 107
Configuring Extended Schema Active
Directory to Access Your iDRAC . . . . . . . . . 111
Extending the Active Directory Schema . . . . . 111
Installing the Dell Extension to the Active
Directory Users and Computers Snap-In . . . . . 117
Adding iDRAC Users and Privileges
to Active Directory . . . . . . . . . . . . . . . . 118
Configuring the iDRAC With Extended
Schema Active Directory Using the
Web Interface. . . . . . . . . . . . . . . . . . . 121
Configuring the iDRAC With Extended
Schema Active Directory Using
RACADM . . . . . . . . . . . . . . . . . . . . . 122
Configuring the iDRAC With Extended
Schema Active Directory and SM-CLP . . . . . . 123
Active Directory Standard Schema Overview. . . . . 125
Configuring Standard Schema Active
Directory to Access Your iDRAC . . . . . . . . . 126
Configuring the iDRAC With Standard
Schema Active Directory and the
Web Interface. . . . . . . . . . . . . . . . . . . 127
Configuring the iDRAC With Standard
Schema Active Directory and RACADM . . . . . 129
Configuring the iDRAC With Standard
Schema Active Directory and SM-CLP . . . . . . 130
Contents 9
Enabling SSL on a Domain Controller . . . . . . . . . . 131
Exporting the Domain Controller
Root CA Certificate . . . . . . . . . . . . . . . . . 132
Importing the iDRAC Firmware
SSL Certificate . . . . . . . . . . . . . . . . . . . 133
Using Active Directory to Log
In To the iDRAC . . . . . . . . . . . . . . . . . . . . . 134
Frequently Asked Questions. . . . . . . . . . . . . . . 135
7 Viewing the Configuration
and Health of the Managed
Server . . . . . . . . . . . . . . . . . . . . . . . . . . 139
System Summary. . . . . . . . . . . . . . . . . . . . . 139
Main System Enclosure. . . . . . . . . . . . . . . 139
Integrated Dell Remote Access
Controller . . . . . . . . . . . . . . . . . . . . . . 140
WWN/MAC Summary . . . . . . . . . . . . . . . . . . 141
System Health . . . . . . . . . . . . . . . . . . . . . . 141
iDRAC . . . . . . . . . . . . . . . . . . . . . . . . 142
CMC. . . . . . . . . . . . . . . . . . . . . . . . . 142
Batteries . . . . . . . . . . . . . . . . . . . . . . 142
Temperatures . . . . . . . . . . . . . . . . . . . . 142
Voltages. . . . . . . . . . . . . . . . . . . . . . . 142
Power Monitoring . . . . . . . . . . . . . . . . . 142
CPU . . . . . . . . . . . . . . . . . . . . . . . . . 143
POST . . . . . . . . . . . . . . . . . . . . . . . . 143
Misc Health . . . . . . . . . . . . . . . . . . . . . 143
10 Contents
8 Configuring and Using
Serial Over LAN . . . . . . . . . . . . . . . . . . . 145
Enabling Serial Over LAN in the BIOS. . . . . . . . . 145
Configuring Serial Over LAN in
the iDRAC Web GUI . . . . . . . . . . . . . . . . . . 146
Using Serial Over LAN (SOL). . . . . . . . . . . . . . 149
Model for Redirecting SOL Over
Telnet or SSH . . . . . . . . . . . . . . . . . . . 149
Model for the SOL Proxy . . . . . . . . . . . . . 150
Model for Redirecting SOL Over
IMPItool . . . . . . . . . . . . . . . . . . . . . . 150
Disconnecting an SOL Session in
SM-CLP . . . . . . . . . . . . . . . . . . . . . . 151
Using SOL Over PuTTY . . . . . . . . . . . . . . 151
Using SOL Over Telnet With Linux . . . . . . . . 152
Using SOL Over OpenSSH with Linux. . . . . . . 152
Using SOL Over IPMItool . . . . . . . . . . . . . 153
Opening SOL With SOL Proxy. . . . . . . . . . . 153
Operating System Configuration . . . . . . . . . . . . 159
Linux Enterprise Operating System . . . . . . . . 159
Windows 2003 Enterprise . . . . . . . . . . . . . 164
9 Using GUI Console Redirection . . . . . . . 167
Overview . . . . . . . . . . . . . . . . . . . . . . . . 167
Using Console Redirection . . . . . . . . . . . . . . 167
Supported Screen Resolutions
and Refresh Rates . . . . . . . . . . . . . . . . 168
Configuring Your Management Station . . . . . . 168
Configuring Console Redirection
in the iDRAC Web Interface . . . . . . . . . . . 169
Contents 11
Opening a Console Redirection Session . . . . . . 172
Using the Video Viewer . . . . . . . . . . . . . . . . . 174
Synchronizing the Mouse Pointers. . . . . . . . . 178
Disabling or Enabling Local Console . . . . . . . . 178
Frequently Asked Questions. . . . . . . . . . . . . . . 179
10 Configuring and Using
Virtual Media . . . . . . . . . . . . . . . . . . . . 185
Overview . . . . . . . . . . . . . . . . . . . . . . . . . 185
Windows-Based Management Station . . . . . . 187
Linux-Based Management Station . . . . . . . . . 188
Configuring Virtual Media . . . . . . . . . . . . . . . . 188
Running Virtual Media. . . . . . . . . . . . . . . . . . 190
Booting From Virtual Media . . . . . . . . . . . . 192
Installing Operating Systems
Using Virtual Media . . . . . . . . . . . . . . . . 192
Using Virtual Media When the
Server’s Operating System Is Running . . . . . . . 193
Frequently Asked Questions. . . . . . . . . . . . . . . 194
12 Contents
11 Using the Local RACADM
Command Line Interface . . . . . . . . . . . . 199
Using the RACADM Command . . . . . . . . . . . . . 199
RACADM Subcommands. . . . . . . . . . . . . . . . 200
Using the RACADM Utility to
Configure the iDRAC . . . . . . . . . . . . . . . . . . 201
Displaying Current iDRAC Settings . . . . . . . . 201
Managing iDRAC Users with RACADM. . . . . . 202
Adding an iDRAC User . . . . . . . . . . . . . . 203
Enabling an iDRAC User With Permissions. . . . 203
Removing an iDRAC User . . . . . . . . . . . . . 204
Testing E-mail Alerting . . . . . . . . . . . . . . 205
Testing the iDRAC SNMP Trap
Alert Feature . . . . . . . . . . . . . . . . . . . 205
Configuring iDRAC Network Properties . . . . . 205
Configuring IPMI . . . . . . . . . . . . . . . . . 206
Configuring PEF . . . . . . . . . . . . . . . . . . 208
Configuring PET . . . . . . . . . . . . . . . . . . 209
Configuring IP Filtering (IpRange) . . . . . . . . 211
Configuring IP Filtering . . . . . . . . . . . . . . 212
Configuring IP Blocking . . . . . . . . . . . . . . 213
Configuring iDRAC Telnet and SSH
Services Using Local RACADM. . . . . . . . . . 215
Using an iDRAC Configuration File . . . . . . . . . . 216
Creating an iDRAC Configuration File. . . . . . . 216
Configuration File Syntax . . . . . . . . . . . . . 217
Modifying the iDRAC IP Address
in a Configuration File. . . . . . . . . . . . . . . 219
Contents 13
Loading the Configuration File
Into the iDRAC . . . . . . . . . . . . . . . . . . . 220
Configuring Multiple iDRACs . . . . . . . . . . . . . . 221
12 Using the iDRAC SM-CLP
Command Line Interface . . . . . . . . . . . . 223
System Management With SM-CLP . . . . . . . . . . . 223
iDRAC SM-CLP Support . . . . . . . . . . . . . . . . . 224
SM-CLP Features . . . . . . . . . . . . . . . . . . . . 224
Navigating the MAP Address Space . . . . . . . . . . 227
Targets . . . . . . . . . . . . . . . . . . . . . . . 228
Using the Show Verb . . . . . . . . . . . . . . . . . . 228
Using the -display Option . . . . . . . . . . . . . . 229
Using the -level Option . . . . . . . . . . . . . . . 229
Using the -output Option . . . . . . . . . . . . . . 229
iDRAC SM-CLP Examples . . . . . . . . . . . . . . . . 230
Server Power Management . . . . . . . . . . . . 230
. . . . . . . . . . . . . . . . . . . . . . . . . . . 230
SEL Management . . . . . . . . . . . . . . . . . . 231
MAP Target Navigation. . . . . . . . . . . . . . . 232
Setting the iDRAC IP Address,
Subnet Mask, and Gateway Address . . . . . . . 233
Updating the iDRAC Firmware
Using SM-CLP . . . . . . . . . . . . . . . . . . . 234
14 Contents
13 Deploying Your Operating
System Using iVM-CLI . . . . . . . . . . . . . . 237
Before You Begin. . . . . . . . . . . . . . . . . . . . 237
Remote System Requirements . . . . . . . . . . 237
Network Requirements . . . . . . . . . . . . . . 237
Creating a Bootable Image File . . . . . . . . . . . . 238
Creating an Image File for
Linux Systems . . . . . . . . . . . . . . . . . . . 238
Creating an Image File for
Windows Systems . . . . . . . . . . . . . . . . 238
Preparing for Deployment . . . . . . . . . . . . . . . 238
Configuring the Remote Systems . . . . . . . . . 238
Deploying the Operating System. . . . . . . . . . . . 239
Using the Virtual Media Command
Line Interface Utility . . . . . . . . . . . . . . . . . . 240
Installing the iVM-CLI Utility . . . . . . . . . . . 241
Command Line Options . . . . . . . . . . . . . . 242
iVM-CLI Parameters . . . . . . . . . . . . . . . 242
iVM-CLI Operating System
Shell Options . . . . . . . . . . . . . . . . . . . 245
14 Using the iDRAC Configuration
Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Overview . . . . . . . . . . . . . . . . . . . . . . . . 247
Starting the iDRAC Configuration Utility . . . . . . . 248
Using the iDRAC Configuration Utility. . . . . . . . . 248
LAN . . . . . . . . . . . . . . . . . . . . . . . . 249
IPMI Over LAN (On/Off) . . . . . . . . . . . . . . 249
Contents 15
LAN Parameters . . . . . . . . . . . . . . . . . . 250
Virtual Media . . . . . . . . . . . . . . . . . . . . 252
LAN User Configuration . . . . . . . . . . . . . . 252
Reset to Default. . . . . . . . . . . . . . . . . . . 253
System Event Log Menu . . . . . . . . . . . . . . 253
Exiting the iDRAC Configuration Utility . . . . . . . 254
15 Recovering and Troubleshooting
the Managed Server . . . . . . . . . . . . . . . 255
Safety First – For You and Your System . . . . . . . . . 255
Trouble Indicators . . . . . . . . . . . . . . . . . . . . 256
LED Indicators . . . . . . . . . . . . . . . . . . . 256
Hardware Trouble Indicators. . . . . . . . . . . . 257
Other Trouble Indicators . . . . . . . . . . . . . . 257
Problem Solving Tools . . . . . . . . . . . . . . . . . . 258
Checking the System Health . . . . . . . . . . . . 258
Checking the System Event Log (SEL) . . . . . . . 259
Checking the Post Codes . . . . . . . . . . . . . . 260
Viewing the Last System Crash Screen . . . . . . 260
Viewing the Most Recent Boot Sequences . . . . 261
Checking the Server Status Screen
for Error Messages . . . . . . . . . . . . . . . . . 262
Viewing the iDRAC Log . . . . . . . . . . . . . . . 270
Viewing System Information . . . . . . . . . . . . 271
Identifying the Managed Server
in the Chassis . . . . . . . . . . . . . . . . . . . . 273
Using the Diagnostics Console . . . . . . . . . . . 274
Managing Power on a Remote System. . . . . . . 275
Troubleshooting and Frequently
Asked Questions . . . . . . . . . . . . . . . . . . . . . 277
16 Contents
A RACADM Subcommand
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
help . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
config . . . . . . . . . . . . . . . . . . . . . . . . . . 284
getconfig . . . . . . . . . . . . . . . . . . . . . . . . 286
getssninfo . . . . . . . . . . . . . . . . . . . . . . . 288
getsysinfo. . . . . . . . . . . . . . . . . . . . . . . . 290
getractime . . . . . . . . . . . . . . . . . . . . . . . 292
setniccfg . . . . . . . . . . . . . . . . . . . . . . . . 293
getniccfg . . . . . . . . . . . . . . . . . . . . . . . . 295
getsvctag . . . . . . . . . . . . . . . . . . . . . . . . 296
racreset. . . . . . . . . . . . . . . . . . . . . . . . . 296
racresetcfg . . . . . . . . . . . . . . . . . . . . . . . 297
serveraction . . . . . . . . . . . . . . . . . . . . . . 298
getraclog . . . . . . . . . . . . . . . . . . . . . . . . 299
clrraclog . . . . . . . . . . . . . . . . . . . . . . . . 300
getsel . . . . . . . . . . . . . . . . . . . . . . . . . . 301
clrsel . . . . . . . . . . . . . . . . . . . . . . . . . . 302
gettracelog . . . . . . . . . . . . . . . . . . . . . . . 302
sslcsrgen . . . . . . . . . . . . . . . . . . . . . . . . 304
sslcertupload. . . . . . . . . . . . . . . . . . . . . . 305
sslcertdownload . . . . . . . . . . . . . . . . . . . . 306
Contents 17
sslcertview. . . . . . . . . . . . . . . . . . . . . . . . 307
testemail . . . . . . . . . . . . . . . . . . . . . . . . . 309
testtrap . . . . . . . . . . . . . . . . . . . . . . . . . . 311
clearasrscreen. . . . . . . . . . . . . . . . . . . . . . 312
B iDRAC Property Database
Group and Object Definitions . . . . . . . . . . . 313
Displayable Characters . . . . . . . . . . . . . . . . . 313
idRacInfo . . . . . . . . . . . . . . . . . . . . . . . . . 313
idRacProductInfo (Read Only) . . . . . . . . . . . 314
idRacDescriptionInfo (Read Only) . . . . . . . . . 314
idRacVersionInfo (Read Only) . . . . . . . . . . . 314
idRacBuildInfo (Read Only) . . . . . . . . . . . . . 315
idRacName (Read Only) . . . . . . . . . . . . . . 315
idRacType (Read Only) . . . . . . . . . . . . . . . 315
cfgLanNetworking . . . . . . . . . . . . . . . . . . . . 316
cfgDNSDomainNameFromDHCP
(Read/Write) . . . . . . . . . . . . . . . . . . . . 316
cfgDNSDomainName (Read/Write) . . . . . . . . 316
cfgDNSRacName (Read/Write) . . . . . . . . . . 317
cfgDNSRegisterRac (Read/Write) . . . . . . . . . 317
cfgDNSServersFromDHCP (Read/Write). . . . . . 317
cfgDNSServer1 (Read/Write). . . . . . . . . . . . 318
cfgDNSServer2 (Read/Write). . . . . . . . . . . . 318
cfgNicEnable (Read/Write) . . . . . . . . . . . . . 318
cfgNicIpAddress (Read/Write) . . . . . . . . . . . 319
cfgNicNetmask (Read/Write). . . . . . . . . . . . 319
cfgNicGateway (Read/Write). . . . . . . . . . . . 320
cfgNicUseDhcp (Read/Write) . . . . . . . . . . . 320
18 Contents
cfgNicMacAddress (Read Only) . . . . . . . . . 321
cfgNicVLanEnable (Read/Write) . . . . . . . . . 321
cfgNicVLanId (Read/Write) . . . . . . . . . . . . 321
cfgNicVLanPriority (Read/Write) . . . . . . . . . 322
cfgUserAdmin . . . . . . . . . . . . . . . . . . . . . 322
cfgUserAdminIpmiLanPrivilege
(Read/Write) . . . . . . . . . . . . . . . . . . . 322
cfgUserAdminPrivilege (Read/Write). . . . . . . 323
cfgUserAdminUserName (Read/Write). . . . . . 324
cfgUserAdminPassword (Write Only) . . . . . . 324
cfgUserAdminEnable . . . . . . . . . . . . . . . 325
cfgUserAdminSolEnable . . . . . . . . . . . . . 325
cfgEmailAlert. . . . . . . . . . . . . . . . . . . . . . 326
cfgEmailAlertIndex (Read Only) . . . . . . . . . 326
cfgEmailAlertEnable (Read/Write) . . . . . . . . 326
cfgEmailAlertAddress. . . . . . . . . . . . . . . 326
cfgEmailAlertCustomMsg. . . . . . . . . . . . . 327
cfgSessionManagement . . . . . . . . . . . . . . . . 327
cfgSsnMgtConsRedirMaxSessions
(Read/Write) . . . . . . . . . . . . . . . . . . . 327
cfgSsnMgtWebserverTimeout (Read/Write) . . . 328
cfgSsnMgtSshIdleTimeout (Read/Write) . . . . . 328
cfgSsnMgtTelnetIdleTimeout (Read/Write). . . . 329
cfgSerial . . . . . . . . . . . . . . . . . . . . . . . . 329
cfgSerialSshEnable (Read/Write). . . . . . . . . 329
cfgSerialTelnetEnable (Read/Write) . . . . . . . 330
Contents 19
cfgRacTuning . . . . . . . . . . . . . . . . . . . . . . 330
cfgRacTuneHttpPort (Read/Write) . . . . . . . . . 330
cfgRacTuneHttpsPort (Read/Write) . . . . . . . . 331
cfgRacTuneIpRangeEnable. . . . . . . . . . . . . 331
cfgRacTuneIpRangeAddr. . . . . . . . . . . . . . 331
cfgRacTuneIpRangeMask . . . . . . . . . . . . . 332
cfgRacTuneIpBlkEnable . . . . . . . . . . . . . . 332
cfgRacTuneIpBlkFailCount . . . . . . . . . . . . . 332
cfgRacTuneIpBlkFailWindow. . . . . . . . . . . . 333
cfgRacTuneIpBlkPenaltyTime . . . . . . . . . . . 333
cfgRacTuneSshPort (Read/Write) . . . . . . . . . 333
cfgRacTuneTelnetPort (Read/Write) . . . . . . . . 334
cfgRacTuneConRedirEncryptEnable
(Read/Write) . . . . . . . . . . . . . . . . . . . . 334
cfgRacTuneConRedirPort (Read/Write) . . . . . . 334
cfgRacTuneConRedirVideoPort
(Read/Write) . . . . . . . . . . . . . . . . . . . . 335
cfgRacTuneAsrEnable (Read/Write) . . . . . . . . 335
cfgRacTuneWebserverEnable (Read/Write) . . . . 335
cfgRacTuneLocalServerVideo (Read/Write) . . . . 336
cfgRacTuneLocalConfigDisable
(Read/Write) . . . . . . . . . . . . . . . . . . . . 336
ifcRacManagedNodeOs . . . . . . . . . . . . . . . . . 337
ifcRacMnOsHostname (Read/Write) . . . . . . . . 337
ifcRacMnOsOsName (Read/Write). . . . . . . . . 337
cfgRacSecurity. . . . . . . . . . . . . . . . . . . . . . 337
cfgSecCsrCommonName (Read/Write) . . . . . . 338
cfgSecCsrOrganizationName
(Read/Write) . . . . . . . . . . . . . . . . . . . . 338
cfgSecCsrOrganizationUnit (Read/Write) . . . . . 338
cfgSecCsrLocalityName (Read/Write) . . . . . . . 339
cfgSecCsrStateName (Read/Write) . . . . . . . . 339
cfgSecCsrCountryCode (Read/Write) . . . . . . . 339
20 Contents
cfgSecCsrEmailAddr (Read/Write) . . . . . . . . 340
cfgSecCsrKeySize (Read/Write) . . . . . . . . . 340
cfgRacVirtual. . . . . . . . . . . . . . . . . . . . . . 340
cfgVirMediaAttached (Read/Write) . . . . . . . 340
cfgVirAtapiSrvPort (Read/Write) . . . . . . . . . 341
cfgVirAtapiSrvPortSsl (Read/Write) . . . . . . . 341
cfgVirMediaBootOnce (Read/Write) . . . . . . . 342
cfgFloppyEmulation (Read/Write). . . . . . . . . 342
cfgActiveDirectory . . . . . . . . . . . . . . . . . . . 342
cfgADRacDomain (Read/Write). . . . . . . . . . 343
cfgADRacName (Read/Write) . . . . . . . . . . 343
cfgADEnable (Read/Write) . . . . . . . . . . . . 343
cfgADAuthTimeout (Read/Write) . . . . . . . . . 344
cfgADRootDomain (Read/Write) . . . . . . . . . 344
cfgADSpecifyServerEnable
(Read/Write) . . . . . . . . . . . . . . . . . . . 344
cfgADDomainController (Read/Write) . . . . . . 345
cfgADGlobalCatalog (Read/Write) . . . . . . . . 345
cfgADType (Read/Write) . . . . . . . . . . . . . 345
cfgStandardSchema . . . . . . . . . . . . . . . . . . 346
cfgSSADRoleGroupIndex (Read Only) . . . . . . 346
cfgSSADRoleGroupName (Read/Write) . . . . . 346
cfgSSADRoleGroupDomain
(Read/Write) . . . . . . . . . . . . . . . . . . . 346
cfgSSADRoleGroupPrivilege
(Read/Write) . . . . . . . . . . . . . . . . . . . 347
cfgIpmiSol . . . . . . . . . . . . . . . . . . . . . . . 347
cfgIpmiSolEnable (Read/Write). . . . . . . . . . 348
cfgIpmiSolBaudRate (Read/Write) . . . . . . . . 348
cfgIpmiSolMinPrivilege (Read/Write) . . . . . . 348
cfgIpmiSolAccumulateInterval
(Read/Write) . . . . . . . . . . . . . . . . . . . 349
Contents 21
cfgIpmiSolSendThreshold
(Read/Write) . . . . . . . . . . . . . . . . . . . . 349
cfgIpmiLan . . . . . . . . . . . . . . . . . . . . . . . . 349
cfgIpmiLanEnable (Read/Write) . . . . . . . . . . 349
cfgIpmiLanPrivLimit (Read/Write) . . . . . . . . . 350
cfgIpmiLanAlertEnable (Read/Write). . . . . . . . 350
cfgIpmiEncryptionKey (Read/Write) . . . . . . . . 351
cfgIpmiPetCommunityName (Read/Write) . . . . . 351
cfgIpmiPef . . . . . . . . . . . . . . . . . . . . . . . . 351
cfgIpmiPefName (Read Only). . . . . . . . . . . . 351
cfgIpmiPefIndex (Read Only) . . . . . . . . . . . . 352
cfgIpmiPefAction (Read/Write). . . . . . . . . . . 352
cfgIpmiPefEnable (Read/Write) . . . . . . . . . . 352
cfgIpmiPet . . . . . . . . . . . . . . . . . . . . . . . . 353
cfgIpmiPetIndex (Read/Write) . . . . . . . . . . . 353
cfgIpmiPetAlertDestIpAddr (Read/Write) . . . . . 353
cfgIpmiPetAlertEnable (Read/Write) . . . . . . . . 354
C iDRAC SMCLP Property
Database . . . . . . . . . . . . . . . . . . . . . . . . . . 355
/system1/sp1/account<1-16>. . . . . . . . . . . . . . . 355
userid (Read Only) . . . . . . . . . . . . . . . . . 355
username (Read/Write). . . . . . . . . . . . . . . 355
oemdell_ipmilanprivileges (Read/Write) . . . . . . 356
password (Write Only) . . . . . . . . . . . . . . . 356
enabledstate (Read/Write) . . . . . . . . . . . . . 357
solenabled (Read/Write) . . . . . . . . . . . . . . 357
oemdell_extendedprivileges (Read/Write) . . . . . 357
22 Contents
/system1/sp1/enetport1/*. . . . . . . . . . . . . . . . 359
macaddress (Read Only) . . . . . . . . . . . . . 359
/system1/sp1/enetport1/lanendpt1/ipendpt1. . . . . . 359
oemdell_nicenable (Read/Write) . . . . . . . . . 359
ipaddress (Read/Write) . . . . . . . . . . . . . . 360
subnetmask (Read/Write). . . . . . . . . . . . . 360
oemdell_usedhcp (Read/Write). . . . . . . . . . 360
committed (Read/Write) . . . . . . . . . . . . . 361
/system1/sp1/enetport1/lanendpt1/
ipendpt1/dnsendpt1 . . . . . . . . . . . . . . . . . . 361
oemdell_domainnamefromdhcp
(Read/Write) . . . . . . . . . . . . . . . . . . . 361
oemdell_dnsdomainname (Read/Write) . . . . . 362
oemdell_dnsregisterrac (Read/Write) . . . . . . 362
oemdell_dnsracname (Read/Write) . . . . . . . 363
oemdell_serversfromdhcp (Read/Write) . . . . . 363
/system1/sp1/enetport1/lanendpt1/ipendpt1/
dnsendpt1/remotesap1 . . . . . . . . . . . . . . . . . 363
dnsserveraddress (Read/Write) . . . . . . . . . 363
/system1/sp1/enetport1/lanendpt1/ipendpt1/
dnsendpt1/remotesap2 . . . . . . . . . . . . . . . . . 364
dnsserveraddress (Read/Write) . . . . . . . . . 364
/system1/sp1/enetport1/lanendpt1/
ipendpt1/remotesap1. . . . . . . . . . . . . . . . . . 364
defaultgatewayaddress (Read/Write) . . . . . . 364
/system1/sp1/group<1-5>. . . . . . . . . . . . . . . . 365
oemdell_groupname (Read/Write) . . . . . . . . 365
oemdell_groupdomain (Read/Write) . . . . . . . 365
oemdell_groupprivilege (Read/Write) . . . . . . 365
Contents 23
/system1/sp1/oemdell_adservice1 . . . . . . . . . . . 366
enabledstate (Read/Write) . . . . . . . . . . . . . 366
oemdell_adracname (Read/Write) . . . . . . . . . 367
oemdell_adracdomain (Read/Write) . . . . . . . . 367
oemdell_adrootdomain (Read/Write) . . . . . . . 367
oemdell_timeout (Read/Write) . . . . . . . . . . . 368
oemdell_schematype (Read/Write) . . . . . . . . 368
oemdell_adspecifyserverenable
(Read/Write) . . . . . . . . . . . . . . . . . . . . 368
oemdell_addomaincontroller
(Read/Write) . . . . . . . . . . . . . . . . . . . . 369
oemdell_adglobalcatalog
(Read/Write) . . . . . . . . . . . . . . . . . . . . 369
/system1/sp1/oemdell_racsecurity1. . . . . . . . . . . 369
commonname (Read/Write) . . . . . . . . . . . . 370
organizationname (Read/Write) . . . . . . . . . . 370
oemdell_organizationunit (Read/Write) . . . . . . 370
oemdell_localityname (Read/Write) . . . . . . . . 371
oemdell_statename (Read/Write) . . . . . . . . . 371
oemdell_countrycode (Read/Write) . . . . . . . . 371
oemdell_emailaddress (Read/Write) . . . . . . . . 372
oemdell_keysize (Read/Write) . . . . . . . . . . . 372
/system1/sp1/oemdell_ssl1 . . . . . . . . . . . . . . . 372
generate (Read/Write) . . . . . . . . . . . . . . . 372
oemdell_status (Read Only) . . . . . . . . . . . . 373
oemdell_certtype (Read / Write) . . . . . . . . . . 373
24 Contents
/system1/sp1/oemdell_vmservice1 . . . . . . . . . . 374
enabledstate (Read/Write) . . . . . . . . . . . . 374
oemdell_singleboot (Read/Write). . . . . . . . . 374
oemdell_floppyemulation (Read/Write). . . . . . 375
/system1/sp1/oemdell_vmservice1/tcpendpt1. . . . . 375
portnumber (Read/Write) . . . . . . . . . . . . . 375
portnumber (Read/Write) . . . . . . . . . . . . . 376
oemdell_sslenabled (Read Only) . . . . . . . . . 376
D RACADM and SM-CLP
Equivalencies . . . . . . . . . . . . . . . . . . . . . . . 377
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
iDRAC Overview 25
iDRAC Overview
The Integrated Dell™ Remote Access Controller (iDRAC) is a systems
management hardware and software solution that provides remote
management capabilities, crashed system recovery, and power control
functions for Dell PowerEdge™ systems.
The iDRAC uses an integrated System-on-Chip microprocessor for the
remote monitor/control system. The iDRAC co-exists on the system board
with the managed PowerEdge server. The server operating system is
concerned with executing applications; the iDRAC is concerned with
monitoring and managing the server’s environment and state outside of the
operating system.
You can configure the iDRAC to send you an e-mail or Simple Network
Management Protocol (SNMP) trap alert for warnings or errors. To help you
diagnose the probable cause of a system crash, iDRAC can log event data and
capture an image of the screen when it detects that the system has crashed.
Managed servers are installed in a Dell M1000e system enclosure (chassis)
with modular power supplies, cooling fans, and a chassis management
controller (CMC). The CMC monitors and manages all components
installed in the chassis. A redundant CMC can be added to provide hot
failover if the primary CMC fails. The chassis provides access to the iDRACs
through its LCD display, local console connections, and its web interface.
All network connections to the iDRAC are through the CMC network
interface (CMC RJ45 connection port labelled "GB1"). The CMC routes
traffic to the iDRACs on its servers through a private, internal network. This
private management network is outside of the server’s data path and outside
of the operating system’s control, that is, out-of-band. The managed servers’
inband network interfaces are accessed through I/O modules (IOMs) installed
in the chassis.
26 iDRAC Overview
The iDRAC network interface is disabled by default. It must be configured
before the iDRAC is accessible. After the iDRAC is enabled and configured
on the network, it can be accessed at its assigned IP address with the iDRAC
web interface, telnet or SSH, and supported network management protocols,
such as Intelligent Platform Management Interface (IPMI).
NOTE: Dell recommends that you isolate or separate the chassis management
network, used by iDRAC and CMC, from your production network(s). Mixing
management and production or application network traffic may cause congestion
or network saturation resulting in CMC and iDRAC communication delays. The
delays may cause unpredictable chassis behavior like CMC perceiving that iDRAC
is offline even though it is operating properly, which in turn causes other
undesirable behavior.
iDRAC Management Features
The iDRAC provides the following management features:
Dynamic Domain Name System (DDNS) registration
Remote system management and monitoring using a Web interface, the
local RACADM command line interface via console redirection, and the
SM-CLP command line over a telnet/SSH connection
Support for Microsoft
®
Active Directory
®
authentication — Centralizes
iDRAC user IDs and passwords in Active Directory using the standard
schema or an extended schema
Console Redirection — Provides remote system keyboard, video, and
mouse functions
Virtual Media — Enables a managed server to access a local media drive on
the management station or ISO CD/DVD images on a network share
Monitoring — Provides access to system information and status of
components
Access to system logs — Provides access to the system event log, the
iDRAC log, and the last crash screen of the crashed or unresponsive system
that is independent of the operating system state
Dell OpenManage™ software integration — Enables you to launch the
iDRAC Web interface from Dell OpenManage Server Administrator or IT
Assistant
iDRAC Overview 27
iDRAC alert — Alerts you to potential managed node issues through an e-
mail message or SNMP trap
Remote power management — Provides remote power management
functions, such as shutdown and reset, from a management console
Single Sign-On from CMC Web interface — Once credentials are
accepted by CMC, users can access any iDRAC without additional login
NOTE: If a warning window appears during the Single Sign-On process, it
must be bypassed within 20 seconds or Single Sign-On will fail.
One-to-Many firmware update – Enables user configurable update of more
than one iDRAC using CMC GUI and command line
Intelligent Platform Management Interface (IPMI) support
Secure Sockets Layer (SSL) encryption — Provides secure remote system
management through the Web interface
Password-level security management — Prevents unauthorized access to a
remote system
Role-based authority — Provides assignable permissions for different
systems management tasks
iDRAC Security Features
The iDRAC provides the following security features:
User authentication through Microsoft Active Directory (optional) or
hardware-stored user IDs and passwords
Role-based authority, which enables an administrator to configure specific
privileges for each user
User ID and password configuration through the Web interface or
SM-CLP
SM-CLP and Web interfaces, which support 128-bit and 40-bit encryption
(for countries where 128 bit is not acceptable), using the SSL 3.0 standard
Session time-out configuration (in seconds) through the Web interface or
SM-CLP
Configurable IP ports (where applicable)
NOTE: Telnet does not support SSL encryption.
28 iDRAC Overview
Secure Shell (SSH), which uses an encrypted transport layer for higher
security
Login failure limits per IP address, with login blocking from the IP address
when the limit is exceeded
Limited IP address range for clients connecting to the iDRAC
iDRAC Firmware Improvements
The following improvements have been made to the iDRAC firmware:
Major improvements in Active Directory lookup performance
Improved responsiveness of TCP-IP networking stack
Improved health status interface between iDRAC and CMC
Security improvements using multiple third-party analysis tools
Supported Platforms
For the latest supported platforms, see the iDRAC Readme file and the
Dell Systems Software Support Matrix available at support.dell.com/manuals.
Supported Operating Systems
For the latest information, see the iDRAC Readme file and the Dell Systems
Software Support Matrix available at support.dell.com/manuals.
Supported Web Browsers
For the latest information, see the iDRAC Readme file and the Dell Systems
Software Support Matrix available at support.dell.com/manuals.
NOTE: Due to serious security flaws, support for SSL 2.0 has been discontinued.
Your browser must be configured to enable SSL 3.0 in order to work properly.
iDRAC Overview 29
Supported Remote Access Connections
Table 1-1 lists the connection features.
iDRAC Ports
Table 1-2 lists the ports iDRAC listens on for connections. Table 1-3
identifies the ports that the iDRAC uses as a client. This information is
required when opening firewalls for remote access to an iDRAC.
Table 1-1. Supported Remote Access Connections
Connection Features
iDRAC NIC
10Mbps/100Mbs/1Gbps Ethernet via CMC Gb Ethernet port
DHCP support
SNMP traps and e-mail event notification
Support for SM-CLP (telnet or SSH) command shell for
operations such as iDRAC configuration, system boot, reset,
power-on, and shutdown commands
Support for IPMI utilities such as ipmitool and ipmishell
Table 1-2. iDRAC Server Listening Ports
Port Number Function
22*
Secure Shell (SSH)
23*
Telnet
80*
HTTP
443*
HTTPS
623
RMCP/RMCP+
3668*, 3669*
Virtual Media Service
3670*, 3671*
Virtual Media Secure Service
5900*
Console Redirection keyboard/mouse
5901*
Console Redirection video
* Configurable port
30 iDRAC Overview
Other Documents You May Need
In addition to this guide, the following documents provide additional
information about the setup and operation of the iDRAC in your system:
The iDRAC online Help provides information about using the Web
interface.
•The
Dell Systems Software Support Matrix
provides information about the
various Dell systems, the operating systems supported by these systems,
and the Dell OpenManage™ components that can be installed on these
systems.
•The
Dell OpenManage Installation and Security User's Guide
provides
complete information on installation procedures and step–by–step
instructions for installing, upgrading, and uninstalling Server
Administrator for each supported operating system.
•The
Dell OpenManage Software Quick Installation Guide
provides an
overview of applications that you can install on your management station
(console) and on your managed systems and procedures for installing your
console and managed system applications on systems running supported
operating systems.
•The
Dell Chassis Management Controller User Guide
and the
Dell Chassis
Management Controller Administrator Reference Guide
provide
information about using the controller that manages all modules in the
chassis containing your PowerEdge server.
Table 1-3. iDRAC Client Ports
Port Number Function
25
SMTP
53
DNS
68
DHCP-assigned IP address
69
TFTP
162
SNMP trap
636
LDAPS
3269
LDAPS for global catalog (GC)
iDRAC Overview 31
The
Dell OpenManage IT Assistant User’s Guide
provides information
about using IT Assistant.
The
Dell OpenManage Server Administrator User’s Guide
provides
information about installing and using Server Administrator.
The
Dell Update Packages User’s Guide
provides information about
obtaining and using Dell Update Packages as part of your system update
strategy.
The following system documents are also available to provide more
information about the system in which your iDRAC is installed:
The safety instructions that came with your system provide important
safety and regulatory information. For additional regulatory information,
see the Regulatory Compliance home page at
www.dell.com/regulatory_compliance
. Warranty information may be
included within this document or as a separate document.
The
Rack Installation Guide
and
Rack Installation Instructions
included
with your rack solution describe how to install your system into a rack.
The
Getting Started Guide
provides an overview of system features, setting
up your system, and technical specifications.
The
Hardware Owner’s Manual
provides information about system
features and describes how to troubleshoot the system and install or
replace system components.
Systems management software documentation describes the features,
requirements, installation, and basic operation of the software.
Operating system documentation describes how to install (if necessary),
configure, and use the operating system software.
Documentation for any components you purchased separately provides
information to configure and install these options.
Updates are sometimes included with the system to describe changes to
the system, software, and/or documentation.
NOTE: Always read the updates first because they often supersede
information in other documents.
Release notes or readme files may be included to provide last-minute
updates to the system or documentation or advanced technical reference
material intended for experienced users or technicians.
32 iDRAC Overview
Configuring the iDRAC 33
Configuring the iDRAC
This section provides information about how to establish access to the
iDRAC and to configure your management environment to use iDRAC.
Before You Begin
Gather the following items prior to configuring the iDRAC:
Dell Chassis Management Controller User Guide
Dell Systems Management Tools and Documentation
DVD
Interfaces for Configuring the iDRAC
You can configure the iDRAC using the iDRAC Configuration Utility, the
iDRAC Web interface, the local RACADM CLI, or the SM-CLP CLI. The
local RACADM CLI is available after you have installed the operating system
and the Dell PowerEdge server management software on the managed server.
Table 2-1 describes these interfaces.
For greater security, access to the iDRAC configuration through the iDRAC
Configuration Utility or local RACADM CLI can be disabled by means of a
RACADM command (see "cfgRacTuneLocalConfigDisable (Read/Write)" on
page 336) or from the GUI (see "Enabling or Disabling Local Configuration
Access" on page 98).
NOTE: Using more than one configuration interface at the same time may generate
unexpected results.
34 Configuring the iDRAC
Table 2-1. Configuration Interfaces
Interface Description
iDRAC
Configuration
Utility
Accessed at boot time, the iDRAC Configuration utility is
useful when installing a new PowerEdge server. Use it for
setting up the network and basic security features and for
enabling other features.
iDRAC Web
Interface
The iDRAC Web interface is a browser-based management
application that you can use to interactively manage the
iDRAC and monitor the managed server. It is the primary
interface for day-to-day tasks, such as monitoring system
health, viewing the system event log, managing local iDRAC
users, and launching the CMC Web interface and console
redirection sessions.
CMC Web Interface In addition to monitoring and managing the chassis, the CMC
Web interface can be used to view the status of a managed
server, configure iDRAC network settings, and to start, stop, or
reset the managed server.
Chassis LCD Panel The LCD panel on the chassis containing the iDRAC can be
used to view the high-level status of the servers in the chassis.
During initial configuration of the CMC, the configuration
wizard allows you to enable DHCP configuration of iDRAC
networking.
Local RACADM The local RACADM command line interface runs on the
managed server. It is accessed from either the iKVM or a
console redirection session initiated from the iDRAC Web
interface. RACADM is installed on the managed server when
you install Dell OpenManage Server Administrator.
RACADM commands provide access to nearly all iDRAC
features. You can inspect sensor data, system event log records,
and the current status and configuration values maintained in
the iDRAC. You can alter iDRAC configuration values,
manage local users, enable and disable features, and perform
power functions such as shutting down or rebooting the
managed server.
Configuring the iDRAC 35
iVM-CLI The iDRAC Virtual Media Command Line Interface
(iVM-CLI) provides the managed server access to media on
the management station. It is useful for developing scripts to
install operating systems on multiple managed servers.
NOTE: The iVM–CLI utility is only supported with IPv4 addresses.
SM-CLP SM-CLP is the Distributed Management Task Force (DMTF)
Server Management-Command Line Protocol (SM-CLP) that
is incorporated in the iDRAC. The SM-CLP command line is
accessed by logging into the iDRAC using telnet or SSH.
SM-CLP commands implement a useful subset of the local
RACADM commands. The commands are useful for scripting
since they can be executed from a management station
command line. The output of commands can be retrieved in
well-defined formats, including XML, facilitating scripting and
integration with existing reporting and management tools.
See "RACADM and SM-CLP Equivalencies" on page 377 for a
comparison of the RACADM and SM-CLP commands.
IPMI IPMI defines a standard way for embedded management
subsystems such as the iDRAC to communicate with other
embedded systems and management applications.
You can use the iDRAC Web interface, SM-CLP, or RACADM
commands to configure IPMI Platform Event Filters (PEFs)
and Platform Event Traps (PETs).
PEFs cause the iDRAC to perform selectable actions (for
example, rebooting the managed server) when it detects a
condition. PETs instruct the iDRAC to send e-mail or IPMI
alerts when it detects specified events or conditions.
You can also use standard IPMI tools such as ipmitool and
ipmishell with iDRAC when you enable IPMI Over LAN.
Table 2-1. Configuration Interfaces (continued)
Interface Description
36 Configuring the iDRAC
Configuration Tasks
This section is an overview of the configuration tasks for the management
station, the iDRAC, and the managed server. The tasks to be performed
include configuring the iDRAC so that it can be used remotely, configuring
the iDRAC features you want to use, installing the operating system on the
managed server, and installing management software on your management
station and the managed server.
The configuration tasks that can be used to perform each task are listed
beneath the task.
NOTE: Before performing configuration procedures in this guide, the CMC and I/O
modules must be installed in the chassis and configured, and the PowerEdge server
must be physically installed in the chassis.
Configure the Management Station
Set up a management station by installing the Dell OpenManage software, a
Web browser, and other software utilities.
See "Configuring the Management Station" on page 53
Configure iDRAC Networking
Enable the iDRAC network and configure IP, netmask, gateway, and DNS
addresses.
NOTE: Access to the iDRAC configuration through the iDRAC Configuration Utility
or local RACADM CLI can be disabled by means of a RACADM command (see
"cfgRacTuneLocalConfigDisable (Read/Write)" on page 336) or from the GUI (see
"Enabling or Disabling Local Configuration Access" on page 98).
NOTE: Changing the iDRAC network settings terminates all current network
connections to the iDRAC.
NOTE: The option to configure the server using the LCD panel is available only
during the CMC initial configuration. Once the chassis is deployed, the LCD panel
cannot be used to reconfigure the iDRAC.
NOTE: The LCD panel can be used to enable DHCP to configure the iDRAC network.
If you want to assign static addresses, you must use the iDRAC Configuration Utility
or the CMC Web interface.
Configuring the iDRAC 37
Chassis LCD Panel — see the
Dell Chassis Management Controller
Firmware User Guide
iDRAC configuration utility — see "LAN" on page 249
CMC Web interface — see "Configuring Networking Using the CMC
Web Interface" on page 40
RACADM — see "cfgLanNetworking" on page 316
Configure iDRAC Users
Set up local iDRAC users and permissions. The iDRAC holds a table of
sixteen local users in firmware. You can set usernames, passwords, and roles
for these users.
NOTE: The three special characters <, >, and \ are not allowed in user names or
passwords.
You can configure iDRAC users using one of the following:
iDRAC configuration utility (configures administrative user only) — see
"LAN User Configuration" on page 252
iDRAC Web interface — see "Adding and Configuring iDRAC Users" on
page 83
RACADM — see "Adding an iDRAC User" on page 203
Configure Active Directory
In addition to the local iDRAC users, you can use Microsoft® Active
Directory® to authenticate iDRAC user logins.
See "Using the iDRAC with Microsoft Active Directory" on page 105
NOTE: When using iDRAC in an Active Directory environment, be sure your user
names conform to the Active Directory naming convention in force in your
environment.
Configure IP Filtering and IP Blocking
In addition to user authentication, you can prevent unauthorized access by
rejecting connection attempts from IP addresses outside of a defined range
and by temporarily blocking connections from IP addresses where
authentication has failed multiple times within a configurable timespan.
38 Configuring the iDRAC
iDRAC Web interface — see "Configuring IP Filtering and IP Blocking" on
page 77
RACADM — see "Configuring IP Filtering (IpRange)" on page 211,
"Configuring IP Blocking" on page 213
Configure Platform Events
Platform events occur when the iDRAC detects a warning or critical
condition from one of the managed server’s sensors.
Configure Platform Event Filters (PEFs) to choose the events you want to
detect, such as rebooting the managed server, when an event is detected.
iDRAC Web interface — see "Configuring Platform Event Filters (PEF)"
on page 80
RACADM — see "Configuring PEF" on page 208
Configure Platform Event Traps (PETs) to send alert notifications to an IP
address, such as a management station with IPMI software or to send an
e-mail to a specified e-mail address.
iDRAC Web interface — see "Configuring Platform Event Traps (PET)"
on page 80
RACADM — see "Configuring PET" on page 209
Enabling or Disabling Local Configuration Access
Access to critical configuration parameters, such as network configuration
and user privileges, can be disabled. Once disabled, the setting remains
persistent across reboots. Configuration write access is blocked for both the
local RACADM program and the iDRAC Configuration Utility (at boot).
Web access to configuration parameters is unimpeded and configuration data
is always available for viewing. For information about the iDRAC Web
interface, see "Enabling or Disabling Local Configuration Access" on page 98.
For cfgRac Tuning commands, see "cfgRacTuning" on page 330.
Configure iDRAC Services
Enable or disable the iDRAC network services — such as telnet, SSH, and the
Web server interface — and reconfigure ports and other service parameters.
iDRAC Web interface — see "Configuring iDRAC Services" on page 99
Configuring the iDRAC 39
RACADM — see "Configuring iDRAC Telnet and SSH Services Using
Local RACADM" on page 215
Configure Secure Sockets Layer (SSL)
Configure SSL for the iDRAC web server.
iDRAC Web interface — see "Secure Sockets Layer (SSL)" on page 87
RACADM — see "cfgRacSecurity" on page 337, "sslcsrgen" on page 304,
"sslcertupload" on page 305, "sslcertdownload" on page 306, "sslcertview"
on page 307
Configure Virtual Media
Configure the virtual media feature so that you can install the operating
system on the PowerEdge server. Virtual media allows the managed server to
access media devices on the management station or ISO CD/DVD images on
a network share as if they were devices on the managed server.
iDRAC Web interface — see "Configuring and Using Virtual Media" on
page 185
iDRAC configuration utility — see "Virtual Media" on page 252
Install the Managed Server Software
Install the operating system on the PowerEdge server using virtual media and
then install the Dell OpenManage software on the managed PowerEdge
server and set up the last crash screen feature.
Console redirection — see "Installing the Software on the Managed
Server" on page 67
iVM-CLI — see "Using the Virtual Media Command Line Interface
Utility" on page 240
Configure the Managed Server for the Last Crash Screen Feature
Set up the managed server so that the iDRAC can capture the screen image
after an operating system crash or freeze.
Managed Server — see "Configuring the Managed Server to Capture the
Last Crash Screen" on page 68, "Disabling the Windows Automatic
Reboot Option" on page 69
40 Configuring the iDRAC
Configuring Networking Using the CMC Web
Interface
NOTE: You must have Chassis Configuration Administrator privilege to set up
iDRAC network settings from the CMC.
NOTE: The default CMC user is root and the default password is calvin.
NOTE: The CMC IP address can be found in the iDRAC Web interface by clicking
System Remote Access CMC. You can also launch the CMC Web interface from
this page.
1
Use your Web browser to log in to the CMC web user interface using a
URL of the form https://<
CMC-IP-address>
or https://<
CMC-DNS-
name
>.
2
Enter the CMC username and password and click
OK
.
3
Click the plus (+) symbol next to
Chassis
in the left column, then click
Servers
.
4
Click the
Setup
iDRAC
tab. The
Deploy iDRAC
page allows you to
configure the iDRAC network settings on the server modules.
5
Enter common iDRAC deployment settings; click
Auto-Populate Using
QuickDeploy Settings
to populate the
iDRAC Network Settings
section,
and then click
Apply iDRAC Network Settings
to make the setting
changes to the listed iDRACs.
Viewing FlexAddress Mezzanine Card Fabric
Connections
The M1000e includes FlexAddress, an advanced multilevel, multistandard
networking system. FlexAddress allows the use of persistent, chassis-assigned
World Wide Names and MAC addresses (WWN/MAC) for each managed
server port connection.
NOTE: In order to avoid errors that may lead to an inability to power on the
managed server, you must have the correct type of mezzanine card installed for
each port and fabric connection.
Configuring the iDRAC 41
Configuration of the FlexAddress feature is performed using the CMC Web
interface. For more information on the FlexAddress feature and its
configuration, see your Dell Chassis Management Controller User Guide and
the Chassis Management Controller (CMC) Secure Digital (SD) Card
Technical Specification document.
After the FlexAddress feature has been enabled and configured for the
chassis, click System Properties WWN/MAC to view a list of installed
mezzanine cards, the fabrics and ports to which they are connected, the fabric
port location, type of fabric, and server-assigned or chassis-assigned MAC
addresses for each installed embedded Ethernet and optional mezzanine card
port.
The Server–Assigned column displays the server–assigned WWN/MAC
addresses embedded in the controller's hardware. WWN/MAC addresses
showing N/A indicate that an interface for the specified fabric is not installed.
The Chassis–Assigned column displays the chassis–assigned WWN/MAC
addresses used for the particular slot. WWN/MAC addresses showing N/A
indicate that the FlexAddress feature is not installed. A green check mark in
the Server–Assigned and Chassis–Assigned columns indicates the active
addresses.
To view a list of installed mezzanine cards, the type of mezzanine cards
installed, and if FlexAddress is configured, click System Properties
Summary.
FlexAddress MAC for iDRAC
The FlexAddress feature replaces the server–assigned MAC addresses with
chassis–assigned MAC addresses and is now implemented for iDRAC along
with blade LOMs, mezzanine cards, and I/O modules. The iDRAC
FlexAddress feature supports preservation of the slot specific MAC address
for iDRACs in a chassis. The chassis–assigned MAC address is stored in the
CMC non–volatile memory and is sent to iDRAC during iDRAC boot time or
if you change the settings in the CMC FlexAddress page.
If the chassis–assigned MAC address is enabled by CMC, iDRAC displays the
value in the MAC Address field on the System Remote Access iDRAC
Properties tab Remote Access Information and in the System Remote
Access iDRAC Network/Security Network page. The MAC address is
also displayed on the System Properties tab WWN/MAC page and on the
System Properties tab Summary page.
42 Configuring the iDRAC
CAUTION: With the FlexAddress enabled, if you switch from the server–assigned
MAC address to a chassis–assigned MAC address or vice–versa, the iDRAC IP
address also changes.
NOTE: You can enable or disable the iDRAC FlexAddress feature only through
CMC. iDRAC GUI only reports the status. Any existing vKVM or vMedia session
terminates if the FlexAddress setting is changed in the CMC FlexAddress page.
Enabling FlexAddress through RACADM
You will not be able to enable FlexAddress using racadm setflexaddr
- f idrac 1 where idrac is one of the supported fabric names.
But without the fabric name option (–f) , you can enable FlexAddress at the
slot level using the following CMC command:
racadm setflexaddr -i <slot_no> 1
Then enable FlexAddress at the fabric level by executing the following CMC
RACADM command:
racadm setflexaddr -f <fabric_name> 1
See the Dell Chassis Management Controller Administrator Reference Guide
for more information on CMC RACADM subcommands.
Updating the iDRAC Firmware
Updating the iDRAC firmware installs a new firmware image in the iDRAC
flash memory. iDRAC supports one-to-many firmware updates through the
CMC in normal mode, not just for corruption. You can update the firmware
using any of the following methods:
SM-CLP
load
command
iDRAC Web interface
Dell Update Package (for Linux or Microsoft Windows)
DOS iDRAC Firmware update utility
CMC Web interface (use this method if the iDRAC firmware is corrupted,
or if you want to perform one-to-many updates with CMC 2.0 or later
firmware. See your
Dell Chassis Management Controller User Guide
for
more information.)
Configuring the iDRAC 43
Downloading the iDRAC Firmware or Update Package
Download the firmware from support.dell.com. The firmware image is
available in several different formats to support the different update methods
available.
To update the iDRAC firmware using the iDRAC Web interface or SM-CLP,
or to recover the iDRAC using the CMC Web interface, download the binary
image, packaged as a self-extracting archive.
To update the iDRAC firmware from the managed server, download the
operating system-specific Dell Update Package (DUP) for the operating
system running on the server whose iDRAC you are updating.
To update the iDRAC firmware using the DOS iDRAC Firmware update
utility, download both the update utility and the binary image, which are
packaged in self-extracting archive files.
Executing the Firmware Update
NOTE: When the iDRAC firmware update begins, all existing iDRAC sessions are
disconnected and new sessions are not permitted until the update process is
completed.
NOTE: The chassis fans run at 100% during the iDRAC firmware update. When the
update is complete, normal fan speed regulation resumes. This is normal behavior,
designed to protect the server from overheating during a time when it cannot send
sensor information to the CMC.
To use a Dell Update Package for Linux or Microsoft Windows, execute the
operating-specific DUP on the managed server.
When using the SM-CLP load command, place the firmware binary image in
a directory where a Trivial File Transfer Protocol (TFTP) server can transfer it
to the iDRAC. See "Updating the iDRAC Firmware Using SM-CLP" on
page 234.
When using the iDRAC Web interface or the CMC Web interface, place the
firmware binary image on a disk that is accessible to the management station
from which you are running the Web interface. See "Updating the iDRAC
Firmware" on page 102.
NOTE: The iDRAC Web interface also allows you to reset the iDRAC configuration
to the factory defaults.
44 Configuring the iDRAC
You must use the CMC Web interface to update the firmware when the
CMC detects that the iDRAC firmware is corrupted, as could occur if the
iDRAC firmware update progress is interrupted before it completes. See
"Recovering iDRAC Firmware Using the CMC" on page 103.
The CMC Web interface (CMC 2.0 or later) also provides a one-to-many
out-of-band iDRAC firmware update capacity that can be used at any time.
NOTE: After the CMC updates the firmware of the iDRAC, the iDRAC generates
new SHA1 and MD5 keys for the SSL certificate. Because the keys are different
from those in the open Web browser, all browser windows that are connected to
the iDRAC must be closed after the firmware update is complete. If the browser
windows are not closed, an Invalid Certificate error message is displayed.
NOTE: If you are backdating your iDRAC firmware from version 1.20 to an earlier
version, you must delete the existing Internet Explorer ActiveX browser plugin on
any Windows-based management station to allow the firmware to install a
compatible version of the ActiveX plugin. To delete the ActiveX plugin, navigate to
c:\WINNT\Downloaded Program Files and delete the file DELL IMC KVM Viewer.
Using the DOS Update Utility
To update the iDRAC firmware using the DOS update utility, boot the
managed server to DOS, and execute the idrac16d command. The syntax for
the command is:
idrac16d [-f] [-i=<
filename
>] [-l=<
logfile
>]
When executed with no options, the idrac16d command updates the iDRAC
firmware using the firmware image file
firmimg.imc
in the current directory.
The options are as follows:
-f — forces the update. The -f option can be used to downgrade the
firmware to an earlier image.
-i=<
filename
> — specifies the filename image that contains the
firmware image. This option is required if the firmware filename has been
changed from the default name firmimg.imc.
-l=<
logfile
> — logs output from the update activity. This option is used
for debugging.
CAUTION: If you enter incorrect arguments for the idrac16d command or supply
the -h option, you may notice an additional option, -nopresconfig, in the
usage output. This option is used to update the firmware without preserving any
Configuring the iDRAC 45
configuration information. You should not use this option unless explicitly told to
do so by a Dell Support representative because it deletes all of your existing
iDRAC configuration information such as IP addresses, users, and passwords.
Verifying the Digital Signature
A digital signature is used to authenticate the identity of the signer of a file
and to certify that the original content of the file has not been modified since
it was signed.
If you do not already have it installed on your system, you must install the
Gnu Privacy Guard (GPG) to verify a digital signature. To use the standard
verification procedure, perform the following steps:
1
Download the Dell Linux public GnuPG key, if you do not already have it,
by navigating to
lists.us.dell.com
and clicking the
Dell Public GPG key
link. Save the file to your local system. The default name is
linux-security-
publickey.txt
.
2
Import the public key to your gpg trust database by running the following
command:
gpg --import
<Public Key Filename>
NOTE: You must have your private key to complete the process.
3
To avoid a distrusted-key warning, change the trust level for the Dell
Public GPG key.
a
Type the following command:
gpg --edit-key 23B66A9D
b
Within the GPG key editor, type
fpr
. The following message appears:
pub 1024D/23B66A9D 2001-04-16 Dell, Inc.
(Product Group) <linux-security@dell.com>
Primary key fingerprint: 4172 E2CE 955A 1776
A5E6 1BB7 CA77 951D 23B6 6A9D
If the fingerprint of your imported key is the same as above, you have a
correct copy of the key.
c
While still in the GPG key editor, type
trust
. The following menu
appears:
Please decide how far you trust this user to
correctly verify other users' keys (by looking
46 Configuring the iDRAC
at passports, checking fingerprints from
different sources, etc.)
1 = I don't know or won't say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision?
d
Ty p e
5
<Enter>. The following prompt appears:
Do you really want to set this key to ultimate
trust? (y/N)
e
Ty p e
y
<Enter> to confirm your choice.
f
Ty p e
quit
<Enter> to exit the GPG key editor.
You must import and validate the public key only once.
4
Obtain the package you need, for example the Linux DUP or self-
extracting archive) and its associated signature file from the Dell Support
website at
support.dell.com/support/downloads
.
NOTE: Each Linux Update Package has a separate signature file, which is
shown on the same web page as the Update Package. You need both the
Update Package and its associated signature file for verification. By default,
the signature file is named the same as the DUP filename with a .sign
extension. For example, if a Linux DUP is named PEM600_BIOS_LX_2.1.2.BIN,
its signature filename is PEM600_BIOS_LX_2.1.2.BIN.sign. The iDRAC
firmware image also has an associated .sign file, which is included in the self-
extracting archive with the firmware image. To download the files, right-click
on the download link and use the Save Target As… file option.
5
Verify the Update Package:
gpg --verify
<Linux Update Package signature
filename> <Linux Update Package filename>
Configuring the iDRAC 47
The following example illustrates the steps that you follow to verify a
PowerEdge M600 BIOS Update Package:
1
Download the following two files from
support.dell.com
:
• PEM600_BIOS_LX_2.1.2.BIN.sign
• PEM600_BIOS_LX_2.1.2.BIN
2
Import the public key by running the following command line:
gpg --import <linux-security-publickey.txt>
The following output message appears:
gpg: key 23B66A9D: "Dell Computer Corporation
(Linux Systems Group) <linux-
security@dell.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
3
Set the GPG trust level for the Dell public key. if you haven’t done so
previously.
a
Typing the following command:
gpg --edit-key 23B66A9D
b
At the command prompt, type the following commands:
fpr
trust
c
Ty p e
5
<Enter> to choose
I trust ultimately
from the
menu.
d
Ty p e
y
<Enter> to confirm your choice.
e
Ty p e
quit
<Enter> to exit the GPG key editor.
This completes validation of the Dell public key.
4
Verify the PEM600 BIOS package digital signature by running the
following command:
gpg --verify PEM600_BIOS_LX_2.1.2.BIN.sign
PEM600_BIOS_LX_2.1.2.BIN
48 Configuring the iDRAC
The following output message appears:
gpg: Signature made Fri Jul 11 15:03:47 2008
CDT using DSA key ID 23B66A9D
gpg: Good signature from "Dell, Inc. (Product
Group) <linux-security@dell.com>"
NOTE: If you have not validated the key as shown in step 3, you will receive
additional messages:
gpg: WARNING: This key is not certified with a
trusted signature!
gpg: There is no indication that the signature
belongs to the owner.
Primary key fingerprint: 4172 E2CE 955A 1776
A5E6 1BB7 CA77 951D 23B6 6A9D
Clear Your Browser’s Cache
To be able to use the features in the latest iDRAC, you must clear the
browser’s cache to remove/delete any old web pages that may be stored on the
system.
Internet Explorer
1
Start Internet Explorer.
2
Click
Tools
, and then click
Internet Options
.
The
Internet Options
window appears.
3
Click the
General
tab.
4
Under
Temporary Internet files
, click
Delete Files
.
The
Delete Files
window appears.
5
Click to check
Delete all offline content
, and then click
OK
.
6
Click OK to close the
Internet Options
window.
Configuring the iDRAC 49
Firefox
1
Start Firefox.
2
Click
Edit
Preferences
.
3
Click the
Privacy
tab.
4
Click the
Clear Cache Now
.
5
Click
Close
.
Configuring iDRAC for Use with IT Assistant
Dell™ OpenManage™ IT Assistant comes preconfigured to discover managed
devices that comply with Simple Network Management Protocol (SNMP)
version 1 and version 2c and Intelligent Platform Management Interface
(IPMI) version 2.0.
The iDRAC complies with IPMI version 2.0. This section describes the steps
to configure an iDRAC for discovery and monitoring by IT Assistant. There
are two ways to accomplish this: through the iDRAC Configuration Utility
and through the iDRAC's graphical Web interface.
Using the iDRAC Configuration Utility to Enable Discovery and
Monitoring
To set up an iDRAC for IPMI discovery and alert trap sending at the iDRAC
configuration utility level, you need to restart your managed server (blade)
and observe its power-up using the iKVM and either a remote monitor and
console keyboard or a Serial-Over-LAN (SOL) connection. When Press
<Ctrl-E> for Remote Access Setup is displayed, press
<Ctrl><E>.
When the iDRAC Configuration Utility screen appears, use the arrow keys
to scroll down.
1
Enable
IPMI over LAN
.
2
Enter your site's
RMCP+ Encryption Key
, if used.
NOTE: See your senior Network Administrator or CIO to discuss implementing
this option because it adds valuable security protection and must be
implemented site wide in order to function properly.
3
At
LAN Parameters
, press <Enter> to enter the sub-screen. Use the up-
arrow and down-arrow keys to navigate.
50 Configuring the iDRAC
4
Toggle
LAN Alert Enabled
to
On
using the spacebar.
5
Enter the IP address of your Management Station into
Alert Destination
1
.
6
Enter a name string into
iDRAC Name
with a consistent naming
convention across your data center. The default is
iDRAC-{
Service
Tag
}
.
Exit the iDRAC Configuration Utility by pressing <Esc>, <Esc>, and then
<Enter> to save your changes. Your server will now boot into normal
operation, and IT Assistant will discover it during the next scheduled
Discovery pass.
Using the iDRAC Web Interface to Enable Discovery and Monitoring
IPMI Discovery can also be enabled through the remote Web Interface:
1
Enter the IP address of your iDRAC into your browser.
2
Log in using a user name and password with Administrator rights.
3
Select
iDRAC
Network/Security
Network
.
4
Scroll down to
IPMI LAN Settings
.
5
Make sure
Enable IPMI over LAN
is selected.
6
Set
Channel Privilege Level Limit
to
Administrator
.
7
Enter your site's RMCP+
Encryption Key
, if used.
8
Click
Apply
, if needed.
9
Navigate to
System
Alert Management
Platform Events
.
10
Select
Generate Alert
for the
Event
categories for which you wish to set
traps.
11
Click
Apply
if you've made changes.
12
Click
Trap Settings
.
13
Enter the IP address of your Management Station in the first available
Destination IP Address
textbox.
14
Make sure the
Enabled
box is selected.
15
Click
Apply
if you've made changes.
You can now send a test trap by clicking the Send link.
Configuring the iDRAC 51
Dell highly recommends that for security purposes you create a separate user
account for IPMI commands with its own user name, IPMI over LAN
privileges, and password.
1
Navigate to
iDRAC
Network/Security
Users
.
2
Click on the number of an undefined
User
.
3
Enable the
User
and enter a
Name
and
Password
.
4
Make sure
Maximum LAN User Privilege Granted
is set to
Administrator
.
5
Click
Apply
to save your changes.
Using the Dell IT Assistant to View iDRAC Status and Events
After Discovery is complete, the iDRACs will show up in the Servers category
of the ITA Devices detail screen, and iDRAC information can be seen by
clicking on the iDRAC name. This is different than DRAC5 systems, where
the management card shows up in the RAC group. This is due to the fact that
iDRAC uses IPMI discovery as opposed to SNMP.
iDRAC error and warning traps can now be seen in the primary Alert Log of
IT Assistant. They will show up in the Unknown category, but the trap
description and severity will be accurate.
For more information on using IT Assistant to manage your data center,
please read the IT Assistant User's Guide.
52 Configuring the iDRAC
Configuring the Management Station 53
Configuring the Management
Station
A management station is a computer used to monitor and manage the Dell™
PowerEdge™ servers and other modules in the chassis. This section describes
software installation and configuration tasks that set up a management
station to work with the iDRAC. Before you begin configuring the iDRAC,
follow the procedures in this section to ensure that you have installed and
configured the tools you will need.
Management Station Set Up Steps
To set up your Management Station, perform the following steps:
1
Set up the management station network.
2
Install and configure a supported Web browser.
3
Install a Java Runtime Environment (JRE) (optional for Windows).
4
Install telnet or SSH clients, if required.
5
Install a TFTP server, if required.
6
Install Dell OpenManage™ IT Assistant (optional).
Management Station Network Requirements
To access the iDRAC, the management station must be on the same network
as the CMC RJ45 connection port labelled "GB1". It is possible to isolate the
CMC network from the network the managed server is on, so that your
management station may have LAN access to the iDRAC but not to the
managed server.
54 Configuring the Management Station
Using the iDRAC console redirection feature (see "Configuring and Using
Serial Over LAN" on page 145), you can access the managed server’s console
even if you do not have network access to the server’s ports. You can also
perform several management functions on the managed server, such as
rebooting the computer and using iDRAC facilities. To access network and
application services hosted on the managed server, however, you may need an
additional NIC in the management computer.
Configuring a Supported Web Browser
The following sections provide instructions for configuring the supported
Web browsers for use with the iDRAC Web interface.
NOTE: You may receive a message "A webpage is not responding on the following
website: <Web site name>" in Internet Explorer® 8.0. To resolve this issue, see:
http://blogs.msdn.com/ie/archive/2009/05/04/ie8-in-windows-7-rc-reliability-and-
telemetry.aspx and http://support.microsoft.com/?kbid=970858.
Opening Your Web Browser
The iDRAC Web Interface is designed to be viewed in a supported Web
browser at a minimum screen resolution of 800 pixels wide by 600 pixels high.
In order to view the interface and access all features, ensure that your
resolution is set to at least 800 by 600 pixels and/or resize your browser, as
needed.
NOTE: In some situations, most often during the first session after a firmware
update, users of Internet Explorer 6 may see the message Done, with errors
displayed in the browser status bar along with a partially rendered page in the main
browser window. This error can also occur if you are experiencing connectivity
problems or have the Windows Firewall enabled. These are known issues with
Internet Explorer 6. Because Internet Explorer 7 does not exhibit these issues, Dell
recommends that you upgrade.
Configuring Your Web Browser to Connect to the Web Interface
If you are connecting to the iDRAC Web interface from a management
station that connects to the Internet through a proxy server, you must
configure the Web browser to access the Internet from this server.
To configure the Internet Explorer Web browser to access a proxy server,
perform the following steps:
Configuring the Management Station 55
1
Open a Web browser window.
2
Click
Tools
, and click
Internet Options
.
The
Internet Options
window appears.
3
Select
Tools
Internet Options
Security
Local Network
(Internet
Explorer 7)
-or-
Local Intranet
(Internet Explorer 6).
4
Click the
Custom Level
.
5
Select
Medium-Low
from the drop-down menu, and click
Reset
. Click
OK
to confirm. You will need to re-enter the
Custom Level
dialog by
clicking its button.
6
Scroll down to the section labeled
ActiveX controls and plug-ins
, and
check each setting, as different versions of Internet Explorer have differing
settings in
Medium-Low
state:
Automatic prompting for ActiveX controls:
Enable
Binary and script behaviors:
Enable
Download signed ActiveX controls:
Prompt
Initialize and script ActiveX controls not marked as safe:
Prompt
Run ActiveX controls and plug-ins:
Enable
Script ActiveX controls marked safe for scripting:
Enable
In the section on
Downloads
:
Automatic prompting for file downloads:
Enable
File download:
Enable
Font download:
Enable
In the
Miscellaneous
section:
Allow META-REFRESH:
Enable
Allow scripting of Internet Explorer Web browser control:
Enable
Allow script-initiated windows without size or position constraints:
Enable
Don't prompt for client certificate selection when no certificates or
only one certificate exists:
Enable
Launching programs and files in an IFRAME:
Enable
56 Configuring the Management Station
Open files based on content, not file extension:
Enable
Software channel permissions:
Low safety
Submit nonencrypted form data:
Enable
Use Pop-up Blocker:
Disable
In the
Scripting
section:
Active scripting:
Enable
Allow paste operations via script:
Enable
Scripting of Java applets:
Enable
7
Select
Tools
Internet Options
Advanced
.
8
Make sure the following items are checked or unchecked:
In the
Browsing
section:
Always send URLs as UTF-8: checked
Disable script debugging (Internet Explorer): checked
Disable script debugging: (Other): checked
Display a notification about every script error: unchecked
Enable Install On demand (Other): checked
Enable page transitions: checked
Enable third-party browser extensions: checked
Reuse windows for launching shortcuts: unchecked
In the
HTTP 1.1 settings
section:
Use HTTP 1.1: checked
Use HTTP 1.1 through proxy connections: checked
In the
Java (Sun)
section:
Use JRE 1.6.x_yz: checked (optional; version may differ)
In the
Multimedia
section:
Enable automatic image resizing: checked
Play animations in web pages: checked
Play videos in web pages: checked
Configuring the Management Station 57
Show pictures: checked
In the
Security
section:
Check for publishers' certificate revocation: unchecked
Check for signatures on downloaded programs: checked
Use SSL 2.0: unchecked
Use SSL 3.0: checked
Use TLS 1.0: checked
Warn about invalid site certificates: checked
Warn if changing between secure and not secure mode: checked
Warn if forms submittal is being redirected: checked
NOTE: If you choose to alter any of the above settings, first understand the
consequences of doing so. For example, if you choose to block pop-ups,
portions of the iDRAC Web User Interface will not function properly.
9
Click
Apply
.
10
Click
OK
.
11
Select the
Connections
tab.
12
Under
Local Area Network (LAN) settings
, click
LAN Settings
.
13
If the
Use a proxy server
box is selected, select the
Bypass proxy server for
local addresses
box.
14
Click
OK
twice.
15
Close and restart your browser to make sure all changes take effect.
Adding iDRAC to the List of Trusted Domains
When you access the iDRAC Web interface through the Web browser, you
may be prompted to add the iDRAC IP address to the list of trusted domains
if the IP address is missing from the list. When completed, click Refresh or
relaunch the Web browser to establish a connection to the iDRAC Web
interface.
58 Configuring the Management Station
Viewing Localized Versions of the Web Interface
The iDRAC Web interface is supported on the following operating system
languages:
English (en-us)
French (fr)
German (de)
Spanish (es)
Japanese (ja)
Simplified Chinese (zh-cn)
The ISO identifiers in parentheses denote the specific language variants
which are supported. Use of the interface with other dialects or languages is
not supported and may not function as intended. For some supported
languages, resizing the browser window to 1024 pixels wide may be necessary
in order to view all features.
The iDRAC Web Interface is designed to work with localized keyboards for
the specific language variants listed above. Some features of the iDRAC Web
Interface, such as Console Redirection, may require additional steps to access
certain functions/letters. For more details on how to use localized keyboards
in these situations, see "Using the Video Viewer" on page 174. Use of other
keyboards is not supported and may cause unexpected problems.
NOTE: See the browser documentation on how to configure or set up different
languages and view localized versions of the iDRAC Web interface.
Setting the Locale in Linux
The console redirection viewer requires a UTF-8 character set to display
correctly. If your display is garbled, check your locale and reset the character
set if needed.
The following steps show how to set the character set on a Red Hat®
Enterprise Linux® client with a Simplified Chinese GUI:
1
Open a command terminal.
2
Ty p e
locale
and press <Enter>. Output similar to the following output
appears:
Configuring the Management Station 59
LANG=zh_CN.UTF-8
LC_CTYPE="zh_CN.UTF-8"
LC_NUMERIC="zh_CN.UTF-8"
LC_TIME="zh_CN.UTF-8"
LC_COLLATE="zh_CN.UTF-8"
LC_MONETARY="zh_CN.UTF-8"
LC_MESSAGES="zh_CN.UTF-8"
LC_PAPER="zh_CN.UTF-8"
LC_NAME="zh_CN.UTF-8"
LC_ADDRESS="zh_CN.UTF-8"
LC_TELEPHONE="zh_CN.UTF-8"
LC_MEASUREMENT="zh_CN.UTF-8"
LC_IDENTIFICATION="zh_CN.UTF-8"
LC_ALL=
3
If the values include
"zh_CN.UTF-8"
, no changes are required. If the
values do not include
"zh_CN.UTF-8"
, go to step 4.
4
Edit the
/etc/sysconfig/i18n
file with a text editor.
5
In the file, apply the following changes:
Current entry:
LANG="zh_CN.GB18030"
SUPPORTED="zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh"
Updated entry:
LANG="zh_CN.UTF-8"
SUPPORTED="zh_CN.UTF-
8:zh_CN.GB18030:zh_CH.GB2312:zh_CN:zh"
6
Log out and then log in to the operating system.
When you switch from any other language, ensure that this fix is still valid. If
not, repeat this procedure.
Disabling the Whitelist Feature in Firefox
Firefox® has a "whitelist" security feature that requires user permission to
install plugins for each distinct site that hosts a plugin. If enabled, the
whitelist feature requires you to install a console redirection viewer for each
iDRAC you visit, even though the viewer versions are identical.
60 Configuring the Management Station
To disable the whitelist feature and avoid unnecessary plugin installations,
perform the following steps:
1
Open a Firefox Web browser window.
2
In the address field, type
about:config
and press <Enter>.
3
In the
Preference Name
column, locate and double-click
xpinstall.whitelist.required
.
The values for
Preference Name
,
Status
,
Ty p e
, and
Val u e
change to bold
text. The
Status
value changes to
user set
and the
Val u e
value changes to
false
.
4
In the
Preferences
Name
column, locate
xpinstall.enabled
.
Ensure that
Val u e
is
true
. If not, double-click
xpinstall.enabled
to set
Val u e
to
true
.
Installing a Java Runtime Environment (JRE)
NOTE: If you use the Internet Explorer browser, an ActiveX control is provided for
the console viewer. You can also use the Java console viewer with Internet
Explorer if you install a JRE and configure the console viewer in iDRAC web
interface before you launch the viewer. See "Configuring Console Redirection in the
iDRAC Web Interface" on page 169 for more information.
You can choose to use the Java viewer instead before you launch the viewer.
If you use the Firefox browser you must install a JRE (or a Java Development
Kit [JDK]) to use the console redirection feature. The console viewer is a Java
application that is downloaded to the management station from the iDRAC
Web interface and then launched with Java Web Start on the management
station.
Go to java.sun.com to install a JRE or JDK. Version 1.6 (Java 6.0) or higher is
recommended.
The Java Web Start program is automatically installed with the JRE or JDK.
The file jviewer.jnlp is downloaded to your desktop and a dialog box prompts
you for what action to take. It may be necessary to associate the .jnlp
extension type with the Java Web Start application in your browser.
Otherwise, click Open with and then select the javaws application, which is
located in the bin subdirectory of your JRE installation directory.
Configuring the Management Station 61
NOTE: If the .jnlp file type is not associated with Java Web Start after installing JRE
or JDK, you can set the association manually. For Windows (javaws.exe) click
Start Control Panel Appearance and Themes Folder Options. Under the File
Types tab, highlight .jnlp under Registered file types, and then click Change. For
Linux (javaws), start Firefox, and click Edit Preferences Downloads, and then
click View and Edit Actions.
For Linux, once you have installed either JRE or JDK, add a path to the Java
bin directory to the front of your system PATH. For example, if Java is
installed in /usr/java, add the following line to your local .bashrc or
/etc/profile:
PATH=/usr/java/bin:$PATH; export PATH
NOTE: There may already be PATH-modification lines in the files. Ensure that the
path information you enter does not create conflicts.
Installing Telnet or SSH Clients
By default, the iDRAC telnet service is disabled and the SSH service is
enabled. Since telnet is an insecure protocol, you should use it only if you
cannot install an SSH client or your network connection is otherwise secured.
NOTE: There can be only one active telnet or SSH connection to the iDRAC at a
time. When there is an active connection, other connection attempts are denied.
Telnet with iDRAC
Telnet is included in Microsoft
®
Windows® and Linux operating systems and
can be run from a command shell. You may also choose to install a
commercial or freely available telnet client with more convenience features
than the standard version included with your operating system.
If your management station is running Windows XP or Windows 2003, you
may experience an issue with the characters in an iDRAC telnet session.This
issue may occur as a frozen login where the return key does not respond and
the password prompt does not appear.
To fix this issue, download hotfix 824810 from the Microsoft Support website
at support.microsoft.com. See Microsoft Knowledge Base article 824810 for
more information.
62 Configuring the Management Station
Configuring the Backspace Key For Your Telnet Session
Depending on the telnet client, using the <Backspace> key may produce
unexpected results. For example, the session may echo ^h. However, most
Microsoft and Linux telnet clients can be configured to use the
<Backspace> key.
To configure Microsoft telnet clients to use the <Backspace> key, perform
the following steps:
1
Open a command prompt window (if required).
2
If you are not running a telnet session, type:
telnet
If you are running a telnet session, press <Ctrl><]>.
3
At the prompt, type:
set bsasdel
The following message appears:
Backspace will be sent as delete.
To configure a Linux telnet session to use the <Backspace> key, perform the
following steps:
1
Open a shell and type:
stty erase ^h
2
At the prompt, type:
telnet
SSH With iDRAC
Secure Shell (SSH) is a command line connection with the same capabilities
as a telnet session, but with session negotiation and encryption to improve
security. The iDRAC supports SSH version 2 with password authentication.
SSH is enabled by default on the iDRAC.
You can use PuTTY or OpenSSH on a management station to connect to the
managed server’s iDRAC. When an error occurs during the login procedure,
the ssh client issues an error message. The message text is dependent on the
client and is not controlled by the iDRAC.
Configuring the Management Station 63
NOTE: OpenSSH should be run from a VT100 or ANSI terminal emulator on
Windows. Running OpenSSH at the Windows command prompt does not result in
full functionality (that is, some keys do not respond and no graphics are displayed).
Only one telnet or SSH session is supported at any given time. The session
timeout is controlled by the cfgSsnMgtSshIdleTimeout property as
described in "iDRAC Property Database Group and Object Definitions" on
page 313.
The iDRAC SSH implementation supports multiple cryptography schemes,
as shown in Table 3-1.
NOTE: SSHv1 is not supported.
Table 3-1. Cryptography Schemes
Scheme Type Scheme
Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random)
bits per NIST specification
Symmetric Cryptography
AES256-CBC
RIJNDAEL256-CBC
AES192-CBC
RIJNDAEL192-CBC
AES128-CBC
RIJNDAEL128-CBC
BLOWFISH-128-CBC
3DES-192-CBC
ARCFOUR-128
Message Integrity
HMAC-SHA1-160
HMAC-SHA1-96
HMAC-MD5-128
• HMAC-MD5-96
Authentication
•Password
64 Configuring the Management Station
Installing a TFTP Server
NOTE: If you use only the iDRAC Web interface to transfer SSL certificates and
upload new iDRAC firmware, no TFTP server is required.
Trivial File Transfer Protocol (TFTP) is a simplified form of the File Transfer
Protocol (FTP). It is used with the SM-CLP and RACADM command line
interfaces to transfer files to and from the iDRAC.
The only times when you need to copy files to or from the iDRAC are when
you update the iDRAC firmware or install certificates on the iDRAC. If you
choose to use SM-CLP or RACADM when you perform these tasks, a TFTP
server must be running on a computer the iDRAC can access by IP number or
DNS name.
You can use the netstat -a command on Windows or Linux operating systems
to see if a TFTP server is already listening. Port 69 is the TFTP default port. If
no server is running, you have the following options:
Find another computer on the network running a TFTP service
If you are using Linux, install a TFTP server from your distribution
If you are using Windows, install a commercial or free TFTP server
Installing Dell OpenManage IT Assistant
Your system includes the Dell OpenManage System Management Software
Kit. This kit includes, but is not limited to, the following components:
Dell Systems Management Tools and Documentation
DVD — Contains all
the latest Dell systems management console products, including Dell
OpenManage IT Assistant; provides the tools you need to configure your
system and delivers firmware, diagnostics, and Dell-optimized drivers for
your system; and helps you stay current with documentation for systems,
systems management software products, peripherals, and RAID
controllers.
Configuring the Management Station 65
Dell Support website and Readme files — Check Readme files and the
Dell Support website at
support.dell.com
for the most recent information
about your Dell products.
Use the
Dell Systems Management Tools and Documentation
DVD
to install the
management console software, including Dell OpenManage IT Assistant, on
the management station. For instructions on installing this software, see your
Quick Installation Guide.
66 Configuring the Management Station
Configuring the Managed Server 67
Configuring the Managed Server
This section describes tasks to set up the managed server to enhance your
remote management capabilities. These tasks include installing the Dell™
OpenManage™ Server Administrator software and configuring the managed
server to capture the last crash screen.
Installing the Software on the Managed Server
The Dell management software includes the following features:
Local RACADM CLI — allows you to configure and administer the
iDRAC from the managed system. It is a powerful tool for scripting
configuration and management tasks.
Server Administrator is required to use the iDRAC last crash screen
feature.
Server Administrator — a Web interface that allows you to administer the
remote system from a remote host on the network.
Server Administrator Instrumentation Service — provides access to
detailed fault and performance information gathered by industry-standard
systems management agents and allows remote administration of
monitored systems, including shutdown, startup, and security.
Server Administration Storage Management Service — provides storage
management information in an integrated graphical view.
Server Administrator Logs — displays logs of commands issued to or by
the system, monitored hardware events, POST events, and system alerts.
You can view logs on the home page, print or save them as reports, and
send them by e-mail to a designated service contact.
Use the
Dell Systems Management Tools and Documentation
DVD to install
Server Administrator.
For instructions on installing this software, see your
Quick Installation Guide.
68 Configuring the Managed Server
Configuring the Managed Server to Capture the
Last Crash Screen
The iDRAC can capture the last crash screen so that you can view it in the
Web interface to help troubleshoot the cause of the managed system crash.
Follow these steps to enable the last crash screen feature.
1
Install Dell OpenManage Server Administrator. For more information
about installing Server Administrator, see the
Dell OpenManage Server
Administrator User’s Guide
.
2
If you are running a Microsoft
®
Windows
®
operating system, ensure that
the Automatically Reboot feature is deselected in the
Windows Startup
and Recovery Settings
. See "Disabling the Windows Automatic Reboot
Option" on page 69.
3
Enable the Last Crash Screen (disabled by default) in the iDRAC Web
interface.
To enable the Last Crash Screen, click
System
Remote Access
iDRAC
Network/Security
Services
, then select the
Enabled
check box under the
Automated System Recovery Agent
heading.
To enable the Last Crash Screen using local RACADM, open a command
prompt on the managed system and type the following command:
racadm config -g cfgRacTuning -o
cfgRacTuneAsrEnable 1
4
In the Server Administrator Web-based interface, enable the
Auto
Recovery
timer and set the
Auto Recovery
action to
Reset
,
Power Off
, or
Power Cycle
.
For information about how to configure the
Auto Recovery
timer, see the
Dell OpenManage Server Administrator User's Guide
. To ensure that the
last crash screen can be captured, the
Auto Recovery
timer should be set to
60 seconds. The default setting is 480 seconds.
The last crash screen is not available if the
Auto Recovery
action is set to
Shutdown
or
Power Cycle
when the managed server is powered off.
Configuring the Managed Server 69
Disabling the Windows Automatic Reboot Option
To ensure that the iDRAC can capture the last crash screen, disable the
Automatic Reboot option on managed servers running Microsoft Windows
Server® or Windows Vista®.
1
Open the Windows
Control Panel
and double-click the
System
icon.
2
Click the
Advanced
tab.
3
Under
Startup and Recovery
, click
Settings
.
4
Deselect the
Automatically restart
check box.
5
Click
OK
twice.
70 Configuring the Managed Server
Configuring the iDRAC Using the Web Interface 71
Configuring the iDRAC Using the
Web Interface
The iDRAC provides a Web interface that enables you to configure the
iDRAC properties and users, perform remote management tasks, and
troubleshoot a remote (managed) system for problems. For everyday systems
management, use the iDRAC Web interface. This chapter provides
information about how to perform common systems management tasks with
the iDRAC Web interface and provides links to related information.
Most Web interface configuration tasks can also be performed with local
RACADM commands or with SM-CLP commands.
Local RACADM commands are executed from the managed server. For more
information about local RACADM, see "Using the Local RACADM
Command Line Interface" on page 199.
SM-CLP commands are executed in a shell that can be accessed remotely
with a telnet or SSH connection. For more information about SM-CLP, see
"Using the iDRAC SM-CLP Command Line Interface" on page 223.
Accessing the Web Interface
To access the iDRAC Web interface, perform the following steps:
1
Open a supported Web browser window.
See "Supported Web Browsers" on page 28 for more information.
2
In the
Address
field, type
https://<
iDRAC-IP-address
>
and press
<Enter>.
If the default HTTPS port number (port 443) has been changed, type:
https://<
iDRAC-IP-address>:<port-number
>
72 Configuring the iDRAC Using the Web Interface
where
iDRAC-IP-address
is the IP address for the iDRAC and
port-number
is the HTTPS port number.
The iDRAC
Login
window appears.
Logging In
You can log in as either an iDRAC user or as a Microsoft® Active Directory®
user. The default user name and password are root and calvin, respectively.
You must have been granted Login to iDRAC privilege by the administrator
to log in to the iDRAC.
To log in, perform the following steps:
1
In the
Username
field, type one of the following:
Your iDRAC user name.
The user name for local users is case–sensitive. Examples are
root
,
it_user
, or
john_doe
.
Your Active Directory user name.
Active Directory names can be entered in any of the forms
<
domain
>\<
username
>, <
domain
>/<
username
>, or
<
user
>@<
domain
>. They are not case–sensitive. Examples are
dell.com
\
john_doe,
or
JOHN_DOE@DELL.COM
.
2
In the
Password
field, type your iDRAC user password or Active Directory
user password. Passwords are case–sensitive.
3
Click
OK
or press <Enter>.
Logging Out
1
In the upper-right corner of the main window, click
Logout
to close the
session.
2
Close the browser window.
NOTE: The Logout button does not appear until you log in.
NOTE: Closing the browser without gracefully logging out may cause the session
to remain open until it times out. It is strongly recommended that you click the
logout button to end the session; otherwise, the session may remain active until the
session timeout is reached.
Configuring the iDRAC Using the Web Interface 73
NOTE: Closing the iDRAC Web interface within Microsoft Internet Explorer® using
the close button ("x") at the top right corner of the window may generate an
application error. To fix this issue, download the latest Cumulative Security Update
for Internet Explorer from the Microsoft Support website, located at
support.microsoft.com.
CAUTION: If you have opened multiple web GUI sessions either through <Ctrl+T>
or <Ctrl+N> to access the same iDRAC from the same management station, and
then log out of any one session, all the Web GUI sessions will be terminated.
Using Multiple Browser Tabs and Windows
Different versions of Web browsers exhibit different behaviors when opening
new tabs and windows. Microsoft Internet Explorer 6 does not support tabs;
therefore, each browser window opened becomes a new iDRAC Web
interface session. Internet Explorer (IE) 7 and IE 8 have the option to open
tabs as well as windows. Each tab inherits the characteristics of the most
recently opened tab. Press <Ctrl–T> to open a new tab and <Ctrl–N> to
open a new browser window from the active session. You will be logged in
with your already authenticated credentials. Closing any one tab expires all
iDRAC Web interface tabs. Also, if a user logs in with Power User privileges
on one tab, and then logs in as Administrator on another tab, both open tabs
then have Administrator privileges.
Tab behavior in Firefox 2 and Firefox 3 is the same as IE 7 and IE 8; new tabs
are new sessions. Window behavior in Firefox is different. Firefox windows
operate with the same privileges as the latest window opened. For example,
if one Firefox window is open with a Power User logged in and another
window is open with Administrator privileges, both users will now have
Administrator privileges.
Table 5-1. User Privilege Behavior in Supported Browsers
Browser Tab Behavior Window Behavior
Microsoft Internet
Explorer 6
Not applicable New session
Microsoft IE 7 and IE 8 From latest session opened New session
Firefox 2 and Firefox 3 From latest session opened From latest session opened
74 Configuring the iDRAC Using the Web Interface
Configuring the iDRAC NIC
This section assumes that the iDRAC has already been configured and is
accessible on the network. See "Configure iDRAC Networking" on page 36 for
help with the initial iDRAC network configuration.
Configuring the Network and IPMI LAN Settings
NOTE: You must have Configure iDRAC privilege to perform the following steps.
NOTE: Most DHCP servers require a server to store a client identifier token in its
reservations table. The client (iDRAC, for example) must provide this token during
DHCP negotiation. The iDRAC supplies the client identifier option using a one-byte
interface number (0) followed by a six-byte MAC address.
1
Click
System
Remote Access
iDRAC
.
2
Click the
Network/Security
Network
tab to open the
Network
Configuration
page.
Table 5-2, Table 5-3, and Table 5-4 describe the
Network Settings
,
IPMI
LAN Settings
, and the
VLAN Settings
in the
Network Configuration
page.
3
When you have completed entering the required settings, click
Apply
.
4
Click the appropriate button to continue. See Table 5-5.
Table 5-2. Network Settings
Setting Description
Enable NIC When checked, indicates that the NIC is enabled and activates
the remaining controls in this group. When a NIC is disabled,
all communication to and from the iDRAC through the
network is blocked.
MAC Address Displays the Media Access Control (MAC) address that
uniquely identifies each node in a network. The MAC address
cannot be changed.
Use DHCP (For
NIC IP Address)
Prompts the iDRAC to obtain an IP address for the NIC from
the Dynamic Host Configuration Protocol (DHCP) server. Also
deactivates the Static IP Address, Static Subnet Mask, and
Static Gateway controls.
Configuring the iDRAC Using the Web Interface 75
Static IP Address Allows you to enter or edit a static IP address for the iDRAC
NIC. To change this setting, deselect the Use DHCP (For NIC
IP Address) checkbox.
Static Subnet Mask Allows you to enter or edit a subnet mask for the iDRAC NIC.
To change this setting, first deselect the Use DHCP (For NIC
IP Address) checkbox.
Static Gateway Allows you to enter or edit a static gateway for the iDRAC NIC.
To change this setting, first deselect the Use DHCP (For NIC
IP Address) checkbox.
Use DHCP to
obtain DNS server
addresses
Enable DHCP to obtain DNS server addresses by selecting the
Use DHCP to obtain DNS server addresses check box. When
not using DHCP to obtain the DNS server addresses, provide
the IP addresses in the Static Preferred DNS Server and Static
Alternate DNS Server fields.
NOTE: When the Use DHCP to obtain DNS server addresses
checkbox is selected, IP addresses cannot be entered into the
Static Preferred DNS Server and Static Alternate DNS Server
fields.
Static Preferred
DNS Server
Allows the user to enter or edit a static IP address for the
preferred DNS server. To change this setting, first deselect the
Use DHCP to obtain DNS server addresses check box.
Static Alternate
DNS Server
Uses the secondary DNS server IP address when Use DHCP to
obtain DNS server addresses is not selected. Enter an IP
address of 0.0.0.0 if there is no alternate DNS server.
Register iDRAC on
DNS
Registers the iDRAC name on the DNS server.
DNS iDRAC Name Displays the iDRAC name. The default name is idrac-
service_tag, where service_tag is the service tag number of the
Dell server. For example: idrac-00002.
Table 5-2. Network Settings (continued)
Setting Description
76 Configuring the iDRAC Using the Web Interface
Use DHCP for
DNS Domain
Name
Uses the default DNS domain name. When the box is not
selected and the Register iDRAC on DNS option is selected,
modify the DNS domain name in the DNS Domain Name
field.
NOTE: To select the Use DHCP for DNS Domain Name checkbox,
also select the Use DHCP (For NIC IP Address) check box.
DNS Domain
Name
The default DNS Domain Name is blank. When the Use
DHCP for DNS Domain Name check box is selected, this
option is grayed out and the field cannot be modified.
Community String Contains the community string to use in Simple Network
Management Protocol (SNMP) alert traps sent from the
iDRAC. SNMP alert traps are transmitted by the iDRAC when
a platform event occurs. The default is public.
SMTP Server
Address
The IP address of the Simple Mail Transfer Protocol (SMTP)
server that the iDRAC communicates with to send e-mail alerts
when a platform event occurs. The default is 127.0.0.1.
Table 5-3. IPMI LAN Settings
Setting Description
Enable IPMI Over
LAN
When checked, indicates that the IPMI LAN channel is
enabled.
Channel Privilege
Level Limit
Configures the maximum privilege level, for the user, that can
be accepted on the LAN channel. Select one of the following
options: Administrator, Operator, or User. The default is
Administrator.
Encryption Key Configures the encryption key: 0 to 20 hexadecimal characters
(with no blanks allowed).
Table 5-2. Network Settings (continued)
Setting Description
Configuring the iDRAC Using the Web Interface 77
Configuring IP Filtering and IP Blocking
NOTE: You must have Configure iDRAC permission to perform the following steps.
1
Click
System
Remote Access
iDRAC
and then click the
Network/Security
tab to open the
Network Configuration
page.
2
Click
Advanced Settings
to configure the network security settings.
Table 5-4. VLAN Settings
Setting Description
Enable VLAN ID Yes—Enabled. No—Disabled. If enabled, only matched Virtual
LAN (VLAN) ID traffic is accepted.
NOTE: The VLAN settings can only be configured through the
CMC Web Interface. iDRAC displays only the current enablement
status and you cannot modify the settings in this screen. See the
Dell Chassis Management Controller User Guide for more
information.
VLAN ID VLAN ID field of 802.1g fields. Displays a value from 1 to 4094
except 4001 to 4020.
Priority Priority field of 802.1g fields. This is used to identify the
priority of the VLAN ID and displays a value from 0 to 7 for the
VLAN Priority.
Table 5-5. Network Configuration Page Buttons
Button Description
Advanced Settings Opens the Network Security page, allowing you to enter IP
range, and IP blocking attributes.
Print Prints the Network Configuration values that appear on the
screen.
Refresh Reloads the Network Configuration page.
Apply Saves any new settings made to the Network Configuration
page.
NOTE: Changes to the NIC IP address settings will close all user
sessions and require users to reconnect to the iDRAC Web
interface using the updated IP address settings. All other changes
will require the NIC to be reset, which may cause a brief loss in
connectivity.
78 Configuring the iDRAC Using the Web Interface
Table 5-6 describes the
Network Security
page settings.
3
When you have finished configuring the settings, click
Apply
.
4
Click the appropriate
button to continue. See Table 5-7.
Table 5-6. Network Security Page Settings
Settings Description
IP Range Enabled Enables the IP Range checking feature, which defines a range of
IP addresses that can access the iDRAC.
IP Range Address Determines the acceptable IP subnet address. The default is
192.168.1.0.
IP Range Subnet
Mask
Defines the significant bit positions in the IP address. The
subnet mask should be in the form of a netmask, where the
more significant bits are all 1's with a single transition to all
zeros in the lower-order bits. The default is 255.255.255.0.
IP Blocking
Enabled
Enables the IP address blocking feature, which limits the
number of failed login attempts from a specific IP address for a
pre–selected time span.
IP Blocking Fail
Count
Sets the number of login failures attempted from an IP address
before the login attempts are rejected from that address. The
default is 10.
IP Blocking Fail
Window
Determines the time span in seconds within which IP Block
Fail Count failures must occur to trigger the IP Block Penalty
Time. The default is 3600.
IP Blocking Penalty
Time
The time span in seconds that login attempts from an IP
address with excessive failures are rejected. The default is 3600.
Table 5-7. Network Security Page Buttons
Button Description
Print Prints the Network Security values that appear on the screen.
Refresh Reloads the Network Security page.
Apply Saves any new settings that you made to the Network Security
page.
Configuring the iDRAC Using the Web Interface 79
Configuring Platform Events
Platform event configuration provides a mechanism for configuring the
iDRAC to perform selected actions on certain event messages. The actions
include no action, reboot system, power cycle system, power off system, and
generate an alert (Platform Event Trap [PET] and/or e-mail).
The filterable platform events are listed in Table 5-8.
When a platform event occurs (for example, a Battery Probe Warning), a
system event is generated and recorded in the System Event Log (SEL). If
this event matches a platform event filter (PEF) that is enabled and you have
configured the filter to generate an alert (PET or e-mail), then a PET or
e-mail alert is sent to one or more configured destinations.
If the same platform event filter is also configured to perform an action (such
as rebooting the system), the action is performed.
Go Back to
Network Page
Returns to the Network page.
Table 5-8. Filterable Platform Events
Index Platform Event
1 Battery Probe Warning
2 Battery Probe Failure
3 Discrete Voltage Probe Failure
4 Temperature Probe Warning
5 Temperature Probe Failure
6 Processor Failure
7 Processor Absent
8 Hardware Log Failure
9 Automatic System Recovery
Table 5-7. Network Security Page Buttons (continued)
Button Description
80 Configuring the iDRAC Using the Web Interface
Configuring Platform Event Filters (PEF)
NOTE: Configure platform event filters before you configure the platform event
traps or e-mail alert settings.
1
Log in to the iDRAC Web interface. See "Accessing the Web Interface" on
page 71.
2
Click
System
and then the
Alert Management
tab.
3
On the
Platform Events
page, enable
Alert Generation
for an event by
clicking the corresponding
Generate Alert
checkbox for that event.
NOTE: You can enable or disable Alert Generation for all events by clicking the
checkbox next to the Generate Alert column heading.
4
Click the radio button below the action you would like to enable for each
event. Only one action can be set for each event.
5
Click
Apply
.
NOTE: Generate Alert must be enabled for an alert to be sent to any valid,
configured destination (PET or e-mail).
Configuring Platform Event Traps (PET)
NOTE: You must have Configure iDRAC permission to add or enable/disable
an SNMP alert. The following options will not be available if you do not have
Configure iDRAC permission.
1
Log in to the remote system using a supported Web browser. See
"Accessing the Web Interface" on page 71.
2
Ensure that you followed the procedures in "Configuring Platform Event
Filters (PEF)" on page 80.
3
Configure your PET destination IP address:
a
Click the
Enable
checkbox next to the
Destination Number
you
would like to activate.
b
Enter an IP address in the
Destination IP Address
box.
NOTE: The destination community string must be the same as the iDRAC
community string.
c
Click
Apply
.
Configuring the iDRAC Using the Web Interface 81
NOTE: To successfully send a trap, configure the Community String value on
the Network Configuration page. The Community String value indicates the
community string to use in a Simple Network Management Protocol (SNMP)
alert trap sent from the iDRAC. SNMP alert traps are transmitted by the iDRAC
when a platform event occurs. The default setting for the Community String is
Public.
d
Click
Send
to test the configured alert (if desired).
e
Repeat step a through step d for any remaining destination numbers.
Configuring E-Mail Alerts
1
Log in to the remote system using a supported Web browser.
2
Ensure that you followed the procedures in "Configuring Platform Event
Filters (PEF)" on page 80.
3
Configure your e-mail alert settings.
a
On the
Alert Management
tab, click
Email Alert Settings
.
4
Configure your e-mail alert destination.
a
In the
Email Alert Number
column, click a destination number.
There are four possible destinations to receive alerts.
b
Ensure that the
Enabled
checkbox is selected.
c
In the
Destination Email Address
field, type a valid e-mail address.
d
Click
Apply
.
NOTE: To successfully send a test e-mail, the SMTP Server Address must be
configured on the Network Configuration page. The IP address of the SMTP
Server communicates with the iDRAC to send e-mail alerts when a platform
event occurs.
e
Click
Send
to test the configured e-mail alert (if desired).
f
Repeat step a through step e for any remaining e-mail alert settings.
Configuring IPMI
1
Log in to the remote system using a supported Web browser.
2
Configure IPMI over LAN.
a
Click
System
Remote Access
iDRAC
, then click the
Network/Security
.
82 Configuring the iDRAC Using the Web Interface
b
In the
Network Configuration
page under
IPMI LAN Settings
, select
Enable IPMI Over LAN
.
c
Update the IPMI LAN channel privileges, if required:
NOTE: This setting determines the IPMI commands that can be executed
from the IPMI over LAN interface. For more information, see the IPMI 2.0
specifications.
Under
IPMI LAN Settings
, click the
Channel Privilege Level Limit
drop-down menu, select
Administrator
,
Operator
, or
User
and click
Apply
.
d
Set the IPMI LAN channel encryption key, if required.
NOTE: The iDRAC IPMI supports the RMCP+ protocol.
NOTE: The encryption key must consist of an even number of hexadecimal
characters with a maximum length of 20 characters.
Under
IPMI LAN Settings
in the
Encryption Key field
, type the
encryption key.
e
Click
Apply
.
3
Configure IPMI Serial over LAN (SOL).
a
Click
System
Remote Access
iDRAC
.
b
Click the
Network Security
tab, then click
Serial Over LAN
.
c
On the
Serial Over LAN Configuration
page, click the
Enable Serial
Over LAN
checkbox to enable Serial over LAN.
d
Update the IPMI SOL baud rate.
NOTE: To redirect the serial console over the LAN, ensure that the SOL baud
rate is identical to your managed server’s baud rate.
Click the
Baud Rate
drop-down menu to select a data speed of
19.2 kbps, 57.6 kbps or 115.2 kbps.
e
Click
Apply
.
Configuring the iDRAC Using the Web Interface 83
Adding and Configuring iDRAC Users
To manage your system with the iDRAC and maintain system security, create
unique users with specific administrative permissions (or role-based
authority).
To add and configure iDRAC users, perform the following steps:
NOTE: You must have Configure iDRAC permission to perform the following steps.
1
Click
System
Remote Access
iDRAC
and then click the
Network/Security
tab.
2
Open the
Users
page to configure users.
The
Users
page displays each user’s
User ID, State, Username, IPMI LAN
Privileges
,
iDRAC Privileges
, and
Serial Over LAN
.
NOTE: User-1 is reserved for the IPMI anonymous user and is not configurable.
3
In the
User ID
column, click a user ID number.
4
On the
User Configuration
page, configure the user’s properties and
privileges.
Table 5-9 describes the
General
settings for configuring an iDRAC user
name and password.
Table 5-10
describes
the
IPMI LAN Privileges
for configuring the user’s
LAN privileges.
Table 5-11
describes
the
User Group
permissions for the
IPMI LAN
Privileges
and the
iDRAC User Privileges
settings.
Table 5-12
describes
the
iDRAC Group
permissions. If you add an
iDRAC
User Privilege
to the
Administrator
,
Power User
, or
Guest User
, the
iDRAC Group
will change to the
Custom
group.
5
When completed, click
Apply
.
6
Click the appropriate button to continue. See Table 5-13.
84 Configuring the iDRAC Using the Web Interface
Table 5-9. General Properties
Property Description
User ID Contains one of 16 preset User ID numbers. This field
cannot be edited.
Enable User When checked, indicates that the user’s access to the
iDRAC is enabled. When unchecked, user access is
disabled.
Username Specifies an iDRAC user name with up to 16 characters.
Each user must have a unique user name.
NOTE: User names on the iDRAC cannot include the /
(forward slash) or . (period) characters.
NOTE: If the user name is changed, the new name will not
appear in the user interface until the next user login.
Change Password Enables the New Password and Confirm New Password
fields. When unchecked, the user’s Password cannot be
changed.
New Password Enables editing the iDRAC user’s password. Enter a
Password with up to 20 characters. The characters will not
display.
NOTE: The three special characters <, >, and \ are not
allowed in user names or passwords.
Confirm New Password Retype the iDRAC user’s password to confirm.
Table 5-10. IPMI LAN User Privileges
Property Description
Maximum LAN User
Privilege Granted
Specifies the user’s maximum privilege on the IPMI LAN
channel to one of the following user groups: None,
Administrator, Operator, or User.
Enable Serial Over LAN Allows the user to use IPMI Serial Over LAN. When
checked, this privilege is enabled.
Configuring the iDRAC Using the Web Interface 85
Table 5-11. iDRAC User Privileges
Property Description
iDRAC Group Specifies the user’s maximum iDRAC user privilege as
one of the following: Administrator, Power User, Guest
User, Custom, or None.
See Table 5-12 for iDRAC Group permissions.
Login to iDRAC Enables the user to log in to the iDRAC.
Configure iDRAC Enables the user to configure the iDRAC.
Configure Users Enables the user to allow specific users to access the
system.
Clear Logs Enables the user to clear the iDRAC logs.
Execute Server Control
Commands
Enables the user to execute RACADM commands.
Access Console
Redirection
Enables the user to run Console Redirection.
Access Virtual Media Enables the user to run and use Virtual Media.
Test Alerts Enables the user to send test alerts (e-mail and PET) to a
specific user.
Execute Diagnostic
Commands
Enables the user to run diagnostic commands.
Table 5-12. iDRAC Group Permissions
User Group Permissions Granted
Administrator Login to iDRAC, Configure iDRAC, Configure Users, Clear
Logs, Execute Server Control Commands, Access Console
Redirection, Access Virtual Media, Test Alerts, Execute
Diagnostic Commands
Power User Login to iDRAC, Clear Logs, Execute Server Control
Commands, Access Console Redirection, Access Virtual
Media, Test Alerts
Guest User Login to iDRAC
86 Configuring the iDRAC Using the Web Interface
Securing iDRAC Communications Using SSL and
Digital Certificates
This section provides information about the following data security features
that are incorporated in your iDRAC:
Secure Sockets Layer (SSL)
Certificate Signing Request (CSR)
Accessing the SSL main menu
Generating a new CSR
Uploading a server certificate
Viewing a server certificate
Custom Selects any combination of the following permissions: Login to
iDRAC, Configure iDRAC, Configure Users, Clear Logs,
Execute Server Action Commands, Access Console
Redirection, Access Virtual Media, Test Alerts, Execute
Diagnostic Commands
None No assigned permissions
Table 5-13. User Configuration Page Buttons
Button Action
Print Prints the User Configuration values that appear on the
screen.
Refresh Reloads the User Configuration page.
Apply Saves any new settings made to the user configuration.
Go Back To Users
Page
Returns to the Users Page.
Table 5-12. iDRAC Group Permissions (continued)
User Group Permissions Granted
Configuring the iDRAC Using the Web Interface 87
Secure Sockets Layer (SSL)
The iDRAC includes a Web server that is configured to use the industry-
standard SSL security protocol to transfer encrypted data over a network.
Built upon public-key and private-key encryption technology, SSL is a widely
accepted technology for providing authenticated and encrypted
communication between clients and servers to prevent eavesdropping across a
network.
An SSL-enabled system can perform the following tasks:
Authenticate itself to an SSL-enabled client
Allow the client to authenticate itself to the server
Allow both systems to establish an encrypted connection
The encryption process provides a high level of data protection. The iDRAC
employs the 128-bit SSL encryption standard, the most secure form of
encryption generally available for Internet browsers in North America.
The iDRAC Web server has a Dell self-signed SSL digital certificate (Server
ID) by default. To ensure high security over the Internet, replace the Web
server SSL certificate with a certificate signed by a well-known certificate
authority. To initiate the process of obtaining a signed certificate, you can use
the iDRAC Web interface to generate a Certificate Signing Request (CSR)
with your company’s information. You can then submit the generated CSR to
a CA such as VeriSign or Thawte.
Certificate Signing Request (CSR)
A CSR is a digital request to a Certificate Authority (CA) for a secure server
certificate. Secure server certificates allow clients of the server to trust the
identity of the server they have connected to and to negotiate an encrypted
session with the server.
A Certificate Authority is a business entity that is recognized in the IT
industry for meeting high standards of reliable screening, identification, and
other important security criteria. Examples of CAs include Thawte and
VeriSign. After the CA receives a CSR, they review and verify the information
the CSR contains. If the applicant meets the CA’s security standards, the CA
issues a digitally-signed certificate that uniquely identifies that applicant for
transactions over networks and on the Internet.
88 Configuring the iDRAC Using the Web Interface
After the CA approves the CSR and sends the certificate, upload the
certificate to the iDRAC firmware. The CSR information stored on the
iDRAC firmware must match the information contained in the certificate.
Accessing the SSL Main Menu
1
Click
System
Remote Access
iDRAC
, then click the
Network/Security
tab.
2
Click
SSL
to open the
SSL Main Menu
page.
Use the SSL Main Menu page to generate a CSR to send to a CA. The CSR
information is stored on the iDRAC firmware.
Table 5-14 describes the options available when generating a CSR.
Table 5-15 describes the available buttons on the SSL Main Menu page.
Table 5-14. SSL Main Menu Options
Field Description
Generate a New
Certificate Signing
Request (CSR)
Select the option and click Next to open the Generate
Certificate Signing Request (CSR) page.
NOTE: Each new CSR overwrites any previous CSR on the
firmware. For a CA to accept your CSR, the CSR in the
firmware must match the certificate returned from the CA.
Upload Server
Certificate
Select the option and click Next to open the Certificate
Upload page and upload the certificate sent to you by the
CA.
NOTE: Only X509, Base 64-encoded certificates are accepted
by the iDRAC. DER-encoded certificates are not accepted.
View Server Certificate Select the option and click Next to open the View Server
Certificate page and view an existing server certificate.
Configuring the iDRAC Using the Web Interface 89
Generating a New Certificate Signing Request
NOTE: Each new CSR overwrites any previous CSR data stored in the firmware.
The CSR in the firmware must match the certificate returned from the CA.
Otherwise, the iDRAC will not accept the certificate.
1
On the
SSL Main Menu
page, select
Generate a New Certificate Signing
Request (CSR)
and click
Next
.
2
On the
Generate Certificate Signing Request (CSR)
page, enter a value
for each CSR attribute.
Table 5-16 describes the
Generate Certificate Signing Request (CSR)
page options.
3
Click
Generate
to create the CSR.
4
Click
Download
to save the CSR file to your local computer.
5
Click the appropriate button to continue. See Table 5-17.
Table 5-15. SSL Main Menu Buttons
Button Description
Print Prints the SSL Main Menu values that appear on the
screen.
Refresh Reloads the SSL Main Menu page.
Next Processes the information on the SSL Main Menu page
and continues to the next step.
Table 5-16. Generate Certificate Signing Request (CSR) Page Options
Field Description
Common Name The exact name being certified (usually the Web server's
domain name, for example, www.xyzcompany.com). Only
alphanumeric characters, hyphens, underscores, and
periods are valid. Spaces are not valid.
Organization Name The name associated with this organization (for example,
XYZ Corporation). Only alphanumeric characters,
hyphens, underscores, periods and spaces are valid.
90 Configuring the iDRAC Using the Web Interface
Organization Unit The name associated with an organizational unit, such as a
department (for example, Information Technology). Only
alphanumeric characters, hyphens, underscores, periods,
and spaces are valid.
Locality The city or other location of the entity being certified (for
example, Round Rock). Only alphanumeric characters and
spaces are valid. Do not separate words using an underscore
or other character.
State Name The state or province where the entity who is applying for a
certification is located (for example, Texas). Only
alphanumeric characters and spaces are valid. Do not use
abbreviations.
Country Code The name of the country where the entity applying for
certification is located.
Email The e-mail address associated with the CSR. Type the
company’s e-mail address, or any e-mail address associated
with the CSR. This field is optional.
Key Size Specify the size of the Certificate Signing Request (CSR)
key to be generated. The size may be 512, 1024 or 2048.
Table 5-17. Generate Certificate Signing Request (CSR) Page Buttons
Button Description
Print Prints the Generate Certificate Signing Request values
that appear on the screen.
Refresh Reloads the Generate Certificate Signing Request page.
Generate Generates a CSR and then prompts the user to save it to a
specified directory.
Download Downloads the certificate to the local computer.
Go Back to SSL Main
Menu
Returns the user to the SSL Main Menu page.
Table 5-16. Generate Certificate Signing Request (CSR) Page Options (continued)
Field Description
Configuring the iDRAC Using the Web Interface 91
Uploading a Server Certificate
1
In the
SSL Main Menu
page, select
Upload Server Certificate
and click
Next
.
The
Certificate Upload
page appears.
2
In the
File Path
field, type the path to the certificate or click
Browse
to
navigate to the certificate file.
NOTE: The File Path value displays the relative file path of the certificate you
are uploading. You must type the absolute file path, which includes the full
path and the complete file name and file extension.
3
Click
Apply
.
4
Click the appropriate button to continue. See Table 5-18.
Viewing a Server Certificate
1
On the
SSL Main Menu
page, select
View Server Certificate
and click
Next
.
Table 5-19 describes the fields and associated descriptions listed in the
Certificate
window.
2
Click the appropriate button to continue. See Table 5-20.
Table 5-18. Certificate Upload Page Buttons
Button Description
Print Prints the values that appear on the Certificate Upload
page.
Refresh Reloads the Certificate Upload page.
Apply Applies the certificate to the iDRAC firmware.
Go Back to SSL Main
Menu
Returns the user to the SSL Main Menu page.
Table 5-19. Certificate Information
Field Description
Serial Number Certificate serial number
Subject Information Certificate attributes entered by the subject
92 Configuring the iDRAC Using the Web Interface
Configuring and Managing Active Directory
Certificates
NOTE: You must have Configure iDRAC permission to configure Active Directory
and upload, download, and view an Active Directory certificate.
NOTE: For more information about Active Directory configuration and how to
configure Active Directory with the standard schema or an extended schema, see
"Using the iDRAC with Microsoft Active Directory" on page 105.
To access the Active Directory Main Menu:
1
Click
System
Remote Access
iDRAC,
and then click the
Network/Security
tab.
2
Click
Active Directory
to open the
Active Directory Main Menu
page.
Table 5-21 lists the
Active Directory Main Menu
page options.
Issuer Information Certificate attributes returned by the issuer
Valid From Issue date of the certificate
Valid To Expiration date of the certificate
Table 5-20. View Server Certificate Page Buttons
Button Description
Print Prints the View Server Certificate values that appear on the
screen.
Refresh Reloads the View Server Certificate page.
Go Back to SSL Main
Menu
Return to the SSL Main Menu page.
Table 5-19. Certificate Information (continued)
Field Description
Configuring the iDRAC Using the Web Interface 93
Click the appropriate button to continue. See Table 5-22.
Configuring Active Directory (Standard Schema and Extended Schema)
1
On the
Active Directory Main Menu
page, select
Configure Active
Directory
and click
Next
.
2
On the
Active Directory Configuration
page, enter the Active Directory
settings.
Table 5-23 describes the
Active Directory Configuration and
Management
page settings.
3
Click
Apply
to save the settings.
4
Click the appropriate button to continue. See Table 5-24.
Table 5-21. Active Directory Main Menu Page Options
Field Description
Configure Active
Directory
Configures the Active Directory ROOT Domain Name,
Active Directory Authentication Timeout, Active Directory
Schema Selection, iDRAC Name, iDRAC Domain Name,
Role Groups, Group Name, and Group Domain settings.
Upload Active
Directory CA
Certificate
Uploads an Active Directory certificate to the iDRAC.
Download iDRAC
Server Certificate
The Windows Download Manager downloads an iDRAC
server certificate to the system.
View Active Directory
CA Certificate
Displays an Active Directory Certificate that has been
uploaded to the iDRAC.
Table 5-22. Active Directory Main Menu Page Buttons
Button Definition
Print Prints the Active Directory Main Menu values that appear
on the screen.
Refresh Reloads the Active Directory Main Menu page.
Next Processes the information on the Active Directory Main
Menu page and continues to the next step.
94 Configuring the iDRAC Using the Web Interface
5
To configure the Role Groups for Active Directory Standard Schema, click
on the individual Role Group (1-5). See Table 5-25 and Table 5-26.
NOTE: To save the settings on the Active Directory Configuration page, click
Apply before proceeding to the Custom Role Group page.
Table 5-23. Active Directory Configuration Page Settings
Setting Description
Enable Active
Directory
When checked, enables Active Directory. The default is
disabled.
ROOT Domain Name The Active Directory ROOT domain name. This default is
blank.
The name must be a valid domain name consisting of x.y,
where x is a 1-254 character ASCII string with no spaces
between characters, and y is a valid domain type such as
com, edu, gov, int, mil, net, or org. The default is blank.
Timeout The time, in seconds, to wait for Active Directory queries to
complete. Minimum value is equal to or greater than
15 seconds. The default value is 120.
Use Standard Schema Uses standard schema with Active Directory.
Use Extended Schema Uses the extended schema with Active Directory.
iDRAC Name The name that uniquely identifies the iDRAC in Active
Directory. This default is blank.
The name must be a 1-254 character ASCII string with no
spaces between characters.
iDRAC Domain Name The DNS name of the domain, where the Active Directory
iDRAC object resides. This default is blank.
The name must be a valid domain name consisting of x.y,
where x is a 1-254 character ASCII string with no spaces
between characters, and y is a valid domain type such as
com, edu, gov, int, mil, net, or org.
Role Groups The list of role groups associated with the iDRAC.
To change the settings for a role group, click their role group
number, in the role groups list.
Group Name The name that identifies the role group in the Active
Directory associated with the iDRAC. This default is blank.
Configuring the iDRAC Using the Web Interface 95
Group Domain The domain type where the Role Group resides.
Group Privilege Displays the level of privileges assigned to the Role Group.
The privileges are: None, Administrator, Power User, Guest
User, or Custom.
Table 5-24. Active Directory Configuration Page Buttons
Button Description
Print Prints the Active Directory Configuration values that
appear on the screen.
Refresh Reloads the Active Directory Configuration page.
Apply Saves any new settings made to the Active Directory
Configuration page.
Go Back to Active
Directory Main Menu
Returns to the Active Directory Main Menu page.
Table 5-25. Role Group Privileges
Setting Description
Role Group Privilege Level Specifies the user’s maximum iDRAC user
privilege as one of the following:
Administrator, Power User, Guest User, No
Access, or Custom.
See Table 5-26 for Role Group permissions.
Login to iDRAC Allows the group log in access to the iDRAC.
Configure iDRAC Allows the group permission to configure the
iDRAC.
Configure Users Allows the group permission to configure
users.
Clear Logs Allows the group permission to clear logs.
Execute Server Control Commands Allows the group permission to execute server
control commands.
Table 5-23. Active Directory Configuration Page Settings (continued)
Setting Description
96 Configuring the iDRAC Using the Web Interface
Uploading an Active Directory CA Certificate
1
On the
Active Directory Main Menu
page, select
Upload Active
Directory CA Certificate
and click
Next
.
2
On the
Certificate Upload page,
type the file path of the certificate in the
File Path
field, or click
Browse
to navigate to the certificate file.
Access Console Redirection Allows the group access to Console
Redirection.
Access Virtual Media Allows the group access to Virtual Media.
Test Alerts Allows the group to send test alerts (e-mail and
PET) to a specific user.
Execute Diagnostic Commands Allows the group permission to execute
diagnostic commands.
Table 5-26. Role Group Permissions
Property Description
Administrator Login to iDRAC, Configure iDRAC,
Configure Users, Clear Logs, Execute Server
Control Commands, Access Console
Redirection, Access Virtual Media, Test
Alerts, Execute Diagnostic Commands
Power User Login to iDRAC, Clear Logs, Execute Server
Control Commands, Access Console
Redirection, Access Virtual Media, Test Alerts
Guest User Login to iDRAC
Custom Selects any combination of the following
permissions: Login to iDRAC, Configure
iDRAC, Configure Users, Clear Logs, Execute
Server Action Commands, Access Console
Redirection, Access Virtual Media, Test
Alerts, Execute Diagnostic Commands
No Access No assigned permissions
Table 5-25. Role Group Privileges (continued)
Setting Description
Configuring the iDRAC Using the Web Interface 97
NOTE: The File Path value displays the relative file path of the certificate you are
uploading. You must type the absolute file path, which includes the full path and the
complete file name and file extension.
Ensure that the domain controller’s SSL certificates have been signed by the
same Certificate Authority and that this Certificate is available on the
management station accessing the iDRAC.
3
Click
Apply
.
4
Click the appropriate button to continue. See Table 5-27.
Downloading an iDRAC Server Certificate
1
On the
Active Directory Main Menu
page, select
Download iDRAC
Server Certificate
and click
Next
.
2
Save the file to a directory on your system.
3
In the
Download Complete
window, click
Close
.
Viewing an Active Directory CA Certificate
Use the Active Directory Main Menu page to view a CA server certificate for
your iDRAC.
1
On the
Active Directory Main Menu
page, select
View Active Directory
CA Certificate
and click
Next
.
Table 5-28 describes the fields and associated descriptions listed in the
Certificate
window.
2
Click the appropriate button to continue. See Table 5-29.
Table 5-27. Certificate Upload Page Buttons
Button Description
Print Prints the Certificate Upload values that appear on the
screen.
Refresh Reloads the Certificate Upload page.
Apply Applies the certificate to the iDRAC firmware.
Go Back to Active
Directory Main Menu
Returns to the Active Directory Main Menu page.
98 Configuring the iDRAC Using the Web Interface
Enabling or Disabling Local Configuration Access
NOTE: The default setting for local configuration access is Enabled.
Enabling Local Configuration Access
1
Click
System
Remote Access
iDRAC
Network/Security
Services
.
2
Under
Local Configuration
, click to deselect
Disable iDRAC local USER
Configuration Updates
to enable access.
3
Click
Apply
.
4
Click the appropriate button to continue.
Disabling Local Configuration Access
1
Click
System
Remote Access
iDRAC
Network/Security
Services
.
2
Under
Local Configuration
, click to check
Disable iDRAC local USER
Configuration Updates
to disable access.
Table 5-28. Active Directory CA Certificate Information
Field Description
Serial Number Certificate serial number.
Subject Information Certificate attributes entered by the subject.
Issuer Information Certificate attributes returned by the issuer.
Valid From Certificate issue date.
Valid To Certificate expiration date.
Table 5-29. View Active Directory CA Certificate Page Buttons
Button Description
Print Prints the Active Directory CA Certificate values that
appear on the screen.
Refresh Reloads the Active Directory CA Certificate page.
Go Back to Active
Directory Main Menu
Returns the user to the Active Directory Main Menu page.
Configuring the iDRAC Using the Web Interface 99
3
Click
Apply
.
4
Click the appropriate button to continue.
Configuring iDRAC Services
NOTE: To modify these settings, you must have Configure iDRAC permission.
NOTE: When you apply changes to services, the changes take effect immediately.
Existing connections may be terminated without warning.
NOTE: There is a known issue with the Telnet client supplied with Microsoft
Windows communicating with a BMU. Use another Telnet client such as
HyperTerminal or PuTTY.
1
Click
System Remote Access
iDRAC
, and then click the
Network/Security
tab.
2
Click
Services
to open the
Services
configuration page.
3
Configure the following services, as required:
Web server — see Table 5-30 for Web server settings
SSH — see Table 5-31 for SSH settings
Telnet — see Table 5-32 for telnet settings
Automated System Recovery Agent — see Table 5-33 for Automated
System Recovery Agent settings
4
Click
Apply
.
5
Click the appropriate button to continue. See Table 5-34.
Table 5-30. Web Server Settings
Setting Description
Enabled Enables or disables the iDRAC web server. When checked,
the checkbox indicates that the web server is enabled. The
default is enabled.
Max Sessions The maximum number of simultaneous sessions allowed
for this system. This field is not editable. There can be four
simultaneous sessions.
Active Sessions The number of current sessions on the system, less than or
equal to the Max Sessions. This field is not editable.
100 Configuring the iDRAC Using the Web Interface
Timeout The time, in seconds, that a connection is allowed to
remain idle. The session is cancelled when the timeout is
reached. Changes to the timeout setting take affect
immediately and will reset the web server. Timeout range is
60 to 10,800 seconds. The default is 1,800 seconds.
HTTP Port Number The port on which the iDRAC listens for a browser
connection. The default is 80.
HTTPS Port Number The port on which the iDRAC listens for a secure browser
connection. The default is 443.
Table 5-31. SSH Settings
Setting Description
Enabled Enables or disables SSH. When checked, the checkbox
indicates that SSH is enabled.
Max Sessions The maximum number of simultaneous sessions allowed
for this system. Only one session is supported.
Active Sessions The number of current sessions on the system.
Timeout The secure shell idle timeout, in seconds. Timeout range is
60 to 10,800 seconds. Enter 0 seconds to disable the
Timeout feature. The default is 1,800.
Port Number The port on which the iDRAC listens for an SSH
connection. The default is 22.
Table 5-32. Telnet Settings
Setting Description
Enabled Enables or disables telnet. When checked, telnet is
enabled.
Max Sessions The maximum number of simultaneous sessions allowed
for this system. Only one session is supported.
Active Sessions The number of current sessions on the system.
Table 5-30. Web Server Settings (continued)
Setting Description
Configuring the iDRAC Using the Web Interface 101
Timeout The telnet idle timeout, in seconds. Timeout range is 60 to
10,800 seconds. Enter 0 seconds to disable the Timeout
feature. The default is 1,800.
Port Number The port on which the iDRAC listens for a telnet
connection. The default is 23.
Table 5-33. Automated System Recovery Agent Setting
Setting Description
Enabled Enables the Automated System Recovery Agent.
Table 5-34. Services Page Buttons
Button Description
Print Prints the Services page.
Refresh Refreshes the Services page.
Apply Changes Applies the Services page settings.
Table 5-32. Telnet Settings (continued)
Setting Description
102 Configuring the iDRAC Using the Web Interface
Updating the iDRAC Firmware
NOTE: If the iDRAC firmware becomes corrupted, as could occur if the iDRAC
firmware update progress is interrupted before it completes, you can recover
the iDRAC using the CMC. See your Dell Chassis Management Controller User
Guide for instructions. The CMC Web interface (CMC 2.0 or later) also
provides a One-to-Many Out-of-Band iDRAC firmware update capacity that
can be used at any time.
NOTE: The firmware update, by default, retains the current iDRAC settings.
During the update process, you have the option to reset the iDRAC
configuration to the factory defaults. If you set the configuration to the factory
defaults external network access will be disabled when the update
completes. You must enable and configure the network using the iDRAC
Configuration Utility or the CMC Web interface.
1
Start the iDRAC Web interface.
2
Click
System
Remote Access
iDRAC
, then click the
Update
tab.
3
On the
Firmware Update
page, click
Next
to start the update process.
NOTE: To update the firmware, the iDRAC must be placed in an update mode.
Once in this mode, the iDRAC will automatically reset, even if you cancel the
update process.
4
In the
Firmware Update - Upload (page 1 of 4)
window, click
Browse
, or
type the path to the firmware image that you downloaded.
For example:
C:\Updates\V1.0\<
image_name
>
.
The default firmware image name is
firmimg.imc
.
5
Click
Next
.
The file will be uploaded to the iDRAC. This may take several
minutes to complete.
OR
You can click
Cancel
at this time, if you would like to end the
firmware upgrade process. Clicking
Cancel
will reset the iDRAC to
normal operating mode.
Configuring the iDRAC Using the Web Interface 103
6
In the
Firmware Update - Validation (page 2 of 4)
window, you will see
the results of the validation performed on the image file you uploaded.
If the image file uploaded successfully and passed all verification
checks, a message will appear indicating that the firmware image has
been verified.
OR
If the image did not upload successfully, or it did not pass the
verification checks, the firmware update will return to the
Firmware
Update - Upload (page 1 of 4)
window. You can attempt to upgrade
the iDRAC again or click
Cancel
to reset the iDRAC to normal
operating mode.
NOTE: If you deselect the Preserve Configuration check box, the iDRAC will
be reset to its default settings. In the default settings, the LAN is disabled. You
will not be able to log in to the iDRAC Web interface. You will have to
reconfigure the LAN settings using the CMC Web interface or iKVM using the
iDRAC Configuration Utility during BIOS POST.
7
By default the
Preserve Configuration
checkbox is checked, to preserve
the current settings on the iDRAC after an upgrade. If you do not want the
settings to be preserved, deselect the
Preserve Configuration
checkbox.
8
Click
Begin Update
to start the upgrade process. Do not interrupt the
upgrade process.
9
In the
Firmware Update - Updating (page 3 of 4)
window, you will see the
status of the upgrade. The progress of the firmware upgrade operation,
measured in percentages, will appear in the
Progress
column.
10
Once the firmware update is complete, the
Firmware Update - Update
Results (page 4 of 4)
window will appear and the iDRAC will reset
automatically. You must close the current browser window and reconnect
to the iDRAC using a new browser window.
Recovering iDRAC Firmware Using the CMC
Typically, the iDRAC firmware is updated using iDRAC facilities such as the
iDRAC Web interface, or operating system specific update packages
downloaded from support.dell.com.
104 Configuring the iDRAC Using the Web Interface
If the iDRAC firmware becomes corrupted, as could occur if the iDRAC
firmware update progress is interrupted before it completes, you can use the
CMC Web interface to update its firmware.
If the CMC detects the corrupted iDRAC firmware, the iDRAC is listed on
the Updatable Components page in the CMC Web interface.
NOTE: See the Dell Chassis Management Controller User Guide for instructions for
using the CMC Web interface.
To update the iDRAC firmware, perform the following steps:
1
Download the latest iDRAC firmware to your management computer from
support.dell.com
.
2
Log in to the CMC Web-based interface.
3
Click
Chassis
in the system tree.
4
Click the
Update
tab. The
Firmware Update
page appears. The server
with the recoverable iDRAC is included in the list if it can be recovered
from the CMC.
5
Select the
Update Targets
option and click
Apply iDRAC Update
to begin
the firmware update.
After the firmware image file has been uploaded to the CMC, the iDRAC will
update itself with the image.
Using the iDRAC with Microsoft Active Directory 105
Using the iDRAC with Microsoft
Active Directory
A directory service maintains a common database of all information needed
for controlling users, computers, printers, and other devices on a network. If
your company uses the Microsoft® Active Directory® service software, you
can configure the software to provide access to the iDRAC, allowing you to
add and control iDRAC user privileges to your existing users in your Active
Directory software.
NOTE: Using Active Directory to recognize iDRAC users is supported on the
Microsoft Windows® 2000 and Windows Server® 2003 operating systems.
You can use Active Directory to define user access on iDRAC through an
extended schema solution which uses Dell-defined Active Directory objects
or a standard schema solution which uses Active Directory group objects only.
Advantages and Disadvantages of Extended
Schema and Standard Schema
When using Active Directory to configure access to the iDRAC, you must
choose either the extended schema or the standard schema solution.
The advantages of using the extended schema solution are:
All of the access control objects are maintained in Active Directory.
Maximum flexibility in configuring user access on different iDRACs with
different privilege levels.
The advantages of using the standard schema solution are:
No schema extension is required because standard schema uses Active
Directory objects only.
Configuration on the Active Directory side is simple.
106 Using the iDRAC with Microsoft Active Directory
Extended Schema Active Directory Overview
There are three ways to enable Active Directory with the extended schema:
With the iDRAC Web interface (see "Configuring the iDRAC With
Extended Schema Active Directory Using the Web Interface" on
page 121).
With the RACADM CLI tool (see "Configuring the iDRAC With
Extended Schema Active Directory Using RACADM" on page 122).
With the SM-CLP command line (see "Configuring the iDRAC With
Extended Schema Active Directory and SM-CLP" on page 123).
Active Directory Schema Extensions
The Active Directory data is a distributed database of Attributes and Classes.
The Active Directory schema includes the rules that determine the type of
data that can be added or included in the database. The user class is one
example of a Class that is stored in the database. Some example user class
attributes can include the user’s first name, last name, phone number, and so
on. Companies can extend the Active Directory database by adding their own
unique Attributes and Classes to solve environment-specific needs. Dell has
extended the schema to include the Attributes and Classes to support remote
management Authentication and Authorization.
Each Attribute or Class that is added to an existing Active Directory Schema
must be defined with a unique ID. To maintain unique IDs across the
industry, Microsoft maintains a database of Active Directory Object
Identifiers (OIDs) so that when companies add extensions to the schema,
they can be guaranteed to be unique and not to conflict with each other. To
extend the schema in Microsoft Active Directory, Dell received unique OIDs,
unique name extensions, and uniquely linked attribute IDs for the attributes
and classes we added to the directory service, as shown in Table 6-1.
Table 6-1. Dell Active Directory Object Identifiers
Active Directory Service Class Active Directory OID
Dell extension dell
Dell base OID 1.2.840.113556.1.8000.1280
RAC LinkID range 12070 to 12079
Using the iDRAC with Microsoft Active Directory 107
Overview of the RAC Schema Extensions
To provide the greatest flexibility in the multitude of customer environments,
Dell provides a group of properties that can be configured by the user
depending on the desired results. Dell has extended the schema to include an
Association, Device, and Privilege property. The Association property is used
to link together the users or groups with a specific set of privileges to one or
more RAC devices. This model provides an Administrator maximum
flexibility over the different combinations of users, RAC privileges, and RAC
devices on the network without adding too much complexity.
Active Directory Object Overview
For each of the physical RACs on the network that you want to integrate with
Active Directory for Authentication and Authorization, create at least one
Association Object and one RAC Device Object. You can create multiple
Association Objects, and each Association Object can be linked to as many
users, groups of users, or RAC Device Objects as required. The users and RAC
Device Objects can be members of any domain in the enterprise.
However, each Association Object can be linked (or, may link users, groups of
users, or RAC Device Objects) to only one Privilege Object. This example
allows an Administrator to control each user’s privileges on specific RACs.
The RAC Device object is the link to the RAC firmware for querying Active
Directory for authentication and authorization. When a RAC is added to the
network, the Administrator must configure the RAC and its device object
with its Active Directory name so users can perform authentication and
authorization with Active Directory. The Administrator must add the RAC to
at least one Association Object in order for users to authenticate.
Figure 6-1 illustrates that the Association Object provides the connection
that is needed for all of the Authentication and Authorization.
108 Using the iDRAC with Microsoft Active Directory
Figure 6-1. Typical Setup for Active Directory Objects
NOTE: The RAC privilege object applies to both DRAC 4 and iDRAC.
You can create as many or as few association objects as required. However, you
must create at least one Association Object, and you must have one RAC
Device Object for each RAC (iDRAC) on the network that you want to
integrate with Active Directory for Authentication and Authorization with
the RAC (iDRAC).
The Association Object allows for as many or as few users and/or groups as
well as RAC Device Objects. However, the Association Object only includes
one Privilege Object per Association Object. The Association Object
connects the "Users" who have "Privileges" on the RACs.
You can configure Active Directory objects in a single domain or in multiple
domains. For example, you have two iDRACs (RAC1 and RAC2) and three
existing Active Directory users (user1, user2, and user3). You want to give
user1 and user2 an Administrator privilege to both iDRACs and give user3 a
login privilege to the RAC2. Figure 6-2 shows how you set up the Active
Directory objects in this scenario.
Association Object
User(s) Group(s) Privilege Object RAC Device Object(s)
RAC Privilege Object
Using the iDRAC with Microsoft Active Directory 109
When adding Universal Groups from separate domains, create an Association
Object with Universal Scope. The Default Association objects created by the
Dell Schema Extender Utility are Domain Local Groups and will not work
with Universal Groups from other domains.
Figure 6-2. Setting Up Active Directory Objects in a Single Domain
To configure the objects for the single domain scenario, perform the following
tasks:
1
Create two Association Objects.
2
Create two RAC Device Objects, RAC1 and RAC2, to represent the two
iDRACs.
3
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all
privileges (Administrator) and Priv2 has login privileges.
4
Group user1 and user2 into Group1.
5
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege
Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1.
6
Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege
Objects in AO2, and RAC2 as RAC Devices in AO2.
AO1 AO2
Priv2Priv1Group1
RAC2RAC1User3User2User1
110 Using the iDRAC with Microsoft Active Directory
See "Adding iDRAC Users and Privileges to Active Directory" on page 118 for
detailed instructions.
Figure 6-3 provides an example of Active Directory objects in multiple
domains. In this scenario, you have two iDRACs (RAC1 and RAC2) and three
existing Active Directory users (user1, user2, and user3). User1 is in
Domain1, and user2 and user 3 are in Domain2. In this scenario, configure
user1 and user2 with Administrator privileges to both iDRACs and configure
user3 with login privileges to the RAC2.
Figure 6-3. Setting Up Active Directory Objects in Multiple Domains
To configure the objects for the multiple domain scenario, perform the
following tasks:
1
Ensure that the domain forest function is in Native or Windows 2003
mode.
2
Create two Association Objects, AO1 (of Universal scope) and AO2, in any
domain.
Figure 6-3 shows the objects in Domain2.
AO1 AO2
Priv2Priv1Group1
RAC2RAC1User3User2User1
Domain2Domain1
Using the iDRAC with Microsoft Active Directory 111
3
Create two RAC Device Objects, RAC1 and RAC2, to represent the two
iDRACs.
4
Create two Privilege Objects, Priv1 and Priv2, in which Priv1 has all
privileges (Administrator) and Priv2 has login privileges.
5
Group user1 and user2 into Group1. The group scope of Group1 must be
Universal.
6
Add Group1 as Members in Association Object 1 (AO1), Priv1 as Privilege
Objects in AO1, and RAC1, RAC2 as RAC Devices in AO1.
7
Add User3 as Members in Association Object 2 (AO2), Priv2 as Privilege
Objects in AO2, and RAC2 as RAC Devices in AO2.
Configuring Extended Schema Active Directory to Access Your iDRAC
Before using Active Directory to access your iDRAC, configure the Active
Directory software and the iDRAC by performing the following steps in order:
1
Extend the Active Directory schema (see "Extending the Active Directory
Schema" on page 111).
2
Extend the Active Directory Users and Computers Snap-in (see "Installing
the Dell Extension to the Active Directory Users and Computers Snap-In"
on page 117).
3
Add iDRAC users and their privileges to Active Directory (see "Adding
iDRAC Users and Privileges to Active Directory" on page 118).
4
Enable SSL on each of your domain controllers (see "Enabling SSL on a
Domain Controller" on page 131).
5
Configure the iDRAC Active Directory properties using either the iDRAC
Web interface or the RACADM (see "Configuring the iDRAC With
Extended Schema Active Directory Using the Web Interface" on page 121
or "Configuring the iDRAC With Extended Schema Active Directory
Using RACADM" on page 122).
Extending the Active Directory Schema
Extending your Active Directory schema adds a Dell organizational unit,
schema classes and attributes, and example privileges and association objects
to the Active Directory schema. Before you extend the schema, ensure that
you have Schema Admin privileges on the Schema Master Flexible Single
Master Operation (FSMO) Role Owner of the domain forest.
112 Using the iDRAC with Microsoft Active Directory
You can extend your schema using one of the following:
Dell Schema Extender utility
LDIF script file
If you use the LDIF script file, the Dell organizational unit will not be added
to the schema.
The LDIF files and Dell Schema Extender are located on your
Dell Systems
Management Tools and Documentation
DVD
in the following respective
directories:
DVD drive
:\support\OMActiveDirectory Tools\RAC4-5\LDIF_Files
DVD drive
:\support\OMActiveDirectory Tools\RAC4-
5\Schema_Extender
To use the LDIF files, see the instructions in the readme included in the
LDIF_Files directory. To use the Dell Schema Extender to extend the Active
Directory Schema, see "Using the Dell Schema Extender" on page 112.
You can copy and run the Schema Extender or LDIF files from any location.
Using the Dell Schema Extender
NOTE: The Dell Schema Extender uses the SchemaExtenderOem.ini file. To ensure
that the Dell Schema Extender utility functions properly, do not modify the name of
this file.
1
In the
Welcome
screen, click
Next.
2
Read and understand the warning and click
Next
.
3
Select
Use Current Log In Credentials
or enter a user name and password
with schema Administrator rights.
4
Click
Next
to run the Dell Schema Extender.
5
Click
Finish
.
The schema is extended. To verify the schema extension, use the
Microsoft Management Console (MMC) and the Active Directory
Schema snap-in to verify that the following exist:
Classes (see Table 6-2 through Table 6-7)
Attributes (Table 6-8)
See your Microsoft documentation for more information on how to enable
and use the Active Directory Schema snap-in in the MMC.
Using the iDRAC with Microsoft Active Directory 113
Table 6-2. Class Definitions for Classes Added to the Active Directory Schema
Class Name Assigned Object Identification Number (OID)
dellRacDevice 1.2.840.113556.1.8000.1280.1.1.1.1
dellAssociationObject 1.2.840.113556.1.8000.1280.1.1.1.2
dellRACPrivileges 1.2.840.113556.1.8000.1280.1.1.1.3
dellPrivileges 1.2.840.113556.1.8000.1280.1.1.1.4
dellProduct 1.2.840.113556.1.8000.1280.1.1.1.5
Table 6-3. dellRacDevice Class
OID 1.2.840.113556.1.8000.1280.1.1.1.1
Description Represents the Dell RAC device. The RAC device must be
configured as dellRacDevice in Active Directory. This
configuration enables the iDRAC to send Lightweight Directory
Access Protocol (LDAP) queries to Active Directory.
Class Type Structural Class
SuperClasses dellProduct
Attributes dellSchemaVersion
dellRacType
Table 6-4. dellAssociationObject Class
OID 1.2.840.113556.1.8000.1280.1.1.1.2
Description Represents the Dell Association Object. The Association
Object provides the connection between the users and the
devices.
Class Type Structural Class
SuperClasses Group
Attributes dellProductMembers
dellPrivilegeMember
114 Using the iDRAC with Microsoft Active Directory
Table 6-5. dellRAC4Privileges Class
OID 1.2.840.113556.1.8000.1280.1.1.1.3
Description Used to define the privileges (Authorization Rights) for the iDRAC
device.
Class Type Auxiliary Class
SuperClasses None
Attributes dellIsLoginUser
dellIsCardConfigAdmin
dellIsUserConfigAdmin
dellIsLogClearAdmin
dellIsServerResetUser
dellIsConsoleRedirectUser
dellIsVirtualMediaUser
dellIsTestAlertUser
dellIsDebugCommandAdmin
Table 6-6. dellPrivileges Class
OID 1.2.840.113556.1.8000.1280.1.1.1.4
Description Used as a container Class for the Dell Privileges (Authorization
Rights).
Class Type Structural Class
SuperClasses User
Attributes dellRAC4Privileges
Table 6-7. dellProduct Class
OID 1.2.840.113556.1.8000.1280.1.1.1.5
Description The main class from which all Dell products are derived.
Class Type Structural Class
Using the iDRAC with Microsoft Active Directory 115
SuperClasses Computer
Attributes dellAssociationMembers
Table 6-8. List of Attributes Added to the Active Directory Schema
Attribute Name/Description Assigned OID/Syntax Object
Identifier
Single Valued
dellPrivilegeMember
List of dellPrivilege Objects
that belong to this Attribute.
1.2.840.113556.1.8000.1280.1.1.2.1
Distinguished Name
(LDAPTYPE_DN
1.3.6.1.4.1.1466.115.121.1.12)
FALSE
dellProductMembers
List of dellRacDevices Objects
that belong to this role. This
attribute is the forward link to
the dellAssociationMembers
backward link.
Link ID: 12070
1.2.840.113556.1.8000.1280.1.1.2.2
Distinguished Name
(LDAPTYPE_DN
1.3.6.1.4.1.1466.115.121.1.12)
FALSE
dellIsLoginUser
TRUE if the user has Login
rights on the device.
1.2.840.113556.1.8000.1280.1.1.2.3
Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)
TRUE
dellIsCardConfigAdmin
TRUE if the user has Card
Configuration rights on the
device.
1.2.840.113556.1.8000.1280.1.1.2.4
Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)
TRUE
dellIsUserConfigAdmin
TRUE if the user has User
Configuration rights on the
device.
1.2.840.113556.1.8000.1280.1.1.2.5
Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)
TRUE
delIsLogClearAdmin
TRUE if the user has Log
Clearing rights on the device.
1.2.840.113556.1.8000.1280.1.1.2.6
Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)
TRUE
Table 6-7. dellProduct Class (continued)
OID 1.2.840.113556.1.8000.1280.1.1.1.5
116 Using the iDRAC with Microsoft Active Directory
dellIsServerResetUser
TRUE if the user has Server
Reset rights on the device.
1.2.840.113556.1.8000.1280.1.1.2.7
Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)
TRUE
dellIsConsoleRedirectUser
TRUE if the user has Console
Redirection rights on the
device.
1.2.840.113556.1.8000.1280.1.1.2.8
Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)
TRUE
dellIsVirtualMediaUser
TRUE if the user has Virtual
Media rights on the device.
1.2.840.113556.1.8000.1280.1.1.2.9
Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)
TRUE
dellIsTestAlertUser
TRUE if the user has Test Alert
User rights on the device.
1.2.840.113556.1.8000.1280.1.1.2.10
Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)
TRUE
dellIsDebugCommandAdmin
TRUE if the user has Debug
Command Admin rights on the
device.
1.2.840.113556.1.8000.1280.1.1.2.11
Boolean (LDAPTYPE_BOOLEAN
1.3.6.1.4.1.1466.115.121.1.7)
TRUE
dellSchemaVersion
The Current Schema Version is
used to update the schema.
1.2.840.113556.1.8000.1280.1.1.2.12
Case Ignore String
(LDAPTYPE_CASEIGNORESTRI
NG
1.2.840.113556.1.4.905)
TRUE
dellRacType
This attribute is the Current
Rac Type for the dellRacDevice
object and the backward link to
the
dellAssociationObjectMembers
forward link.
1.2.840.113556.1.8000.1280.1.1.2.13
Case Ignore String
(LDAPTYPE_CASEIGNORESTRI
NG
1.2.840.113556.1.4.905)
TRUE
Table 6-8. List of Attributes Added to the Active Directory Schema (continued)
Attribute Name/Description Assigned OID/Syntax Object
Identifier
Single Valued
Using the iDRAC with Microsoft Active Directory 117
Installing the Dell Extension to the Active Directory Users and
Computers Snap-In
When you extend the schema in Active Directory, you must also extend the
Active Directory Users and Computers snap-in so the administrator can
manage RAC (iDRAC) devices, Users and User Groups, RAC Associations,
and RAC Privileges.
When you install your systems management software using the
Dell Systems
Management Tools and Documentation
DVD
, you can extend the snap-in by
selecting the Dell Extension to the Active Directory User’s and Computers
Snap-In option during the installation procedure. See the Dell OpenManage
Software Quick Installation Guide for additional instructions about installing
systems management software.
For more information about the Active Directory User’s and Computers
snap-in, see your Microsoft documentation.
Installing the Administrator Pack
You must install the Administrator Pack on each system that is managing the
Active Directory iDRAC Objects. If you do not install the Administrator Pack,
you cannot view the Dell RAC Object in the container.
See "Opening the Active Directory Users and Computers Snap-In" on
page 118 for more information.
dellAssociationMembers
List of
dellAssociationObjectMembers
that belong to this Product.
This attribute is the backward
link to the
dellProductMembers Linked
attribute.
Link ID: 12071
1.2.840.113556.1.8000.1280.1.1.2.14
Distinguished Name
(LDAPTYPE_DN
1.3.6.1.4.1.1466.115.121.1.12)
FALSE
Table 6-8. List of Attributes Added to the Active Directory Schema (continued)
Attribute Name/Description Assigned OID/Syntax Object
Identifier
Single Valued
118 Using the iDRAC with Microsoft Active Directory
Opening the Active Directory Users and Computers Snap-In
To open the Active Directory Users and Computers snap-in, perform the
following steps:
1
If you are logged into the domain controller, click
Start
Admin Tools
Active Directory Users and Computers
.
If you are not logged into the domain controller, you must have the
appropriate Microsoft Administrator Pack installed on your local system.
To install this Administrator Pack, click
Start
Run
, type
MMC
, and press
Enter
.
The Microsoft Management Console (MMC) appears.
2
In the
Console 1
window, click
File
(or
Console
on systems running
Windows 2000).
3
Click
Add/Remove Snap-in
.
4
Select the
Active Directory Users and Computers
snap-in and click
Add
.
5
Click
Close
and click
OK
.
Adding iDRAC Users and Privileges to Active Directory
Using the Dell-extended Active Directory Users and Computers snap-in, you
can add iDRAC users and privileges by creating RAC, Association, and
Privilege objects. To add each object type, perform the following procedures:
Create a RAC device Object
Create a Privilege Object
Create an Association Object
Add objects to an Association Object
Creating a RAC Device Object
1
In the MMC
Console Root
window, right-click a container.
2
Select
New
Dell RAC Object
.
The
New Object
window appears.
3
Type a name for the new object. The name must be identical to the
iDRAC Name that you will type in step a of "Configuring the iDRAC With
Extended Schema Active Directory Using the Web Interface" on page 121.
Using the iDRAC with Microsoft Active Directory 119
4
Select
RAC Device Object
.
5
Click
OK
.
Creating a Privilege Object
NOTE: A Privilege Object must be created in the same domain as the related
Association Object.
1
In the
Console Root
(MMC) window, right-click a container.
2
Select
New
Dell RAC Object
.
The
New Object
window appears.
3
Type a name for the new object.
4
Select
Privilege Object
.
5
Click
OK
.
6
Right-click the privilege object that you created, and select
Properties
.
7
Click the
RAC Privileges
tab and select the privileges that you want the
user to have (for more information, see "iDRAC User Privileges" on
page 85).
Creating an Association Object
The Association Object is derived from a Group and must contain a Group
Type. The Association Scope specifies the Security Group Type for the
Association Object. When you create an Association Object, choose the
Association Scope that applies to the type of objects you intend to add.
For example, if you select Universal, the association objects are only available
when the Active Directory Domain is functioning in Native Mode or above.
1
In the
Console Root
(MMC) window, right-click a container.
2
Select
New
Dell RAC Object
.
This opens the
New Object
window.
3
Type a name for the new object.
4
Select
Association Object
.
5
Select the scope for the
Association Object
.
6
Click
OK
.
120 Using the iDRAC with Microsoft Active Directory
Adding Objects to an Association Object
Using the Association Object Properties window, you can associate users or
user groups, privilege objects, and RAC devices or RAC device groups. If your
system is running Windows 2000 mode or higher, use Universal Groups to
span domains with your user or RAC objects.
You can add groups of Users and RAC devices. The procedure for creating
Dell-related groups and non-Dell-related groups is identical.
Adding Users or User Groups
1
Right-click the
Association Object
and select
Properties
.
2
Select the
Users
tab and click
Add
.
3
Type the user or User Group name and click
OK
.
Click the Privilege Object tab to add the privilege object to the association
that defines the user’s or user group’s privileges when authenticating to a
RAC device. Only one privilege object can be added to an Association Object.
Adding Privileges
1
Select the
Privileges Object
tab and click
Add
.
2
Type the Privilege Object name and click
OK
.
Click the Products tab to add one or more RAC devices to the association.
The associated devices specify the RAC devices connected to the network
that are available for the defined users or user groups. Multiple RAC devices
can be added to an Association Object.
Adding RAC Devices or RAC Device Groups
To add RAC devices or RAC device groups:
1
Select the
Products
tab and click
Add.
2
Type the RAC device or RAC device group name and click
OK
.
3
In the
Properties
window, click
Apply
and click
OK
.
Using the iDRAC with Microsoft Active Directory 121
Configuring the iDRAC With Extended Schema Active Directory Using
the Web Interface
1
Open a supported Web browser window.
2
Log in to the iDRAC Web interface.
3
Click
System
Remote Access
.
4
Click the
Configuration
tab and select
Active Directory
.
5
On the
Active Directory Main Menu
page, select
Configure Active
Directory
and click
Next
.
6
In the Common Settings section:
a
Select the
Enable Active Directory
check box.
b
Ty p e t h e
Root Domain Name
. The
Root Domain Name
is the fully
qualified root domain name for the forest.
c
Ty p e t h e
Timeout
time in seconds.
7
Click
Use Extended Schema
in the Active Directory Schema Selection
section.
8
In the
Extended Schema Settings
section:
a
Ty p e t h e
iDRAC Name
. This name must be the same as the common
name of the new RAC object you created in your Domain Controller
(see step 3 of "Creating a RAC Device Object").
b
Ty p e t h e
iDRAC Domain Name
(for example,
iDRAC.com
). Do not
use the NetBIOS name. The
iDRAC Domain Name
is the fully
qualified domain name of the sub-domain where the RAC Device
Object is located.
9
Click
Apply
to save the Active Directory settings.
10
Click
Go Back To Active Directory Main Menu
.
11
Upload your domain forest Root CA certificate into the iDRAC.
a
Select the
Upload Active Directory CA Certificat
e radio button and
then click
Next
.
b
In the
Certificate Upload
page, type the file path of the certificate or
browse to the certificate file.
122 Using the iDRAC with Microsoft Active Directory
NOTE: The File Path value displays the relative file path of the certificate you
are uploading. You must type the absolute file path, which includes the full
path and the complete file name and file extension.
The domain controllers’ SSL certificates should have been signed by
the root CA. Have the root CA certificate available on your
management station accessing the iDRAC (see "Exporting the
Domain Controller Root CA Certificate" on page 132).
c
Click
Apply
.
The iDRAC Web server automatically restarts after you click
Apply
.
12
Log out and then log in to the iDRAC to complete the iDRAC Active
Directory feature configuration.
13
Click
System
Remote Access
iDRAC
Network/Security
Network
.
14
If
Use DHCP (For NIC IP Address)
is selected under
Network Settings
,
then select
Use DHCP to obtain DNS server address
.
To manually input a DNS server IP address, deselect
Use DHCP to obtain
DNS server addresses
and type your preferred and alternate DNS server IP
addresses.
15
Click
Apply
.
The iDRAC Extended Schema Active Directory feature configuration is
complete.
Configuring the iDRAC With Extended Schema Active Directory Using
RACADM
Use the following commands to configure the iDRAC Active Directory
feature with the extended schema using the RACADM CLI tool instead of
the Web interface.
1
Open a command prompt and type the following RACADM commands:
racadm config -g cfgActiveDirectory -o cfgADEnable
1
racadm config -g cfgActiveDirectory -o cfgADType 1
racadm config -g cfgActiveDirectory -o
cfgADRacDomain <
rac-FQDN
>
Using the iDRAC with Microsoft Active Directory 123
racadm config -g cfgActiveDirectory -o
cfgADRootDomain <
root-FQDN
>
racadm config -g cfgActiveDirectory -o
cfgADRacName <
RAC-common-name
>
racadm sslcertupload -t 0x2 -f <
root-CA-
certificate-TFTP-URI
>
racadm sslcertdownload -t 0x1 -f <
RAC-SSL-
certificate
>
2
If DHCP is enabled on the iDRAC and you want to use the DNS provided
by the DHCP server, type the following RACADM command:
racadm config -g cfgLanNetworking -o
cfgDNSServersFromDHCP 1
3
If DHCP is disabled on the iDRAC or you want to manually input your
DNS IP addresses, type the following RACADM commands:
racadm config -g cfgLanNetworking -o
cfgDNSServersFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServer1
<primary-DNS-IP-address>
racadm config -g cfgLanNetworking -o cfgDNSServer2
<secondary-DNS-IP-address>
4
Press
Enter
to complete the iDRAC Active Directory feature configuration.
Configuring the iDRAC With Extended Schema Active Directory and
SM-CLP
NOTE: You must have a TFTP server running from which you can retrieve the root
CA certificate and to which you can save the iDRAC server certificate.
Use the following commands to configure the iDRAC Active Directory
feature with the extended schema using SM-CLP.
1
Log in to the iDRAC using telnet or SSH and enter the following SM-CLP
commands:
cd /system/sp1/oemdell_adservice1
set enablestate=1
124 Using the iDRAC with Microsoft Active Directory
set oemdell_schematype=1
set oemdell_adracdomain=<
rac-FQDN
>
set oemdell_adrootdomain=<
root-FQDN
>
set oemdell_adracname=<
RAC-common-name
>
set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD
load -source <ActiveDirectory-certificate-TFTP-
URI> /system1/sp1/oemdell_ssl1
set /system1/sp1/oemdell_ssl1 oemdell_certtype=SSL
dump -destination <
DRAC-server-certificate-TFTP-
URI
> /system1/sp1/oemdell_ssl1
2
If DHCP is enabled on the iDRAC and you want to use the DNS provided
by the DHCP server, type the following SM-CLP command:
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1 oemdell_serversfromdhcp=1
3
If DHCP is disabled on the iDRAC or you want to manually enter your
DNS IP address, type the following SM-CLP commands:
set /system1/sp1/enetport1/lanendpt1/\
ipendpt1/dnsendpt1 oemdell_serversfromdhcp=0
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1/remotesap1 dnsserveraddress=<
primary-
DNS-IP-address
>
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1/remotesap1 dnsserveraddress=<
secondary-
DNS-IP-address
>
Using the iDRAC with Microsoft Active Directory 125
Active Directory Standard Schema Overview
As shown in Figure 6-4, using standard schema for Active Directory
integration requires configuration on both Active Directory and the iDRAC.
On the Active Directory side, a standard group object is used as a role group.
A user who has iDRAC access will be a member of the role group. To give this
user access to a specific iDRAC, the role group name and its domain name
need to be configured on the specific iDRAC. Unlike the extended schema
solution, the role and the privilege level is defined on each iDRAC, not in the
Active Directory. Up to five role groups can be configured and defined in each
iDRAC. Table 5-12 on page 85 shows the privileges level of the role groups
and Table 6-9 shows the default role group settings.
Figure 6-4. Configuration of iDRAC with Microsoft Active Directory and the Standard
Schema
Role
Group
Role
Group Name
and Domain
Name
Role
Definition
User
Configuration on Active
Directory Side
Configuration on
iDRAC Side
126 Using the iDRAC with Microsoft Active Directory
NOTE: The Bit Mask values are used only when setting up the standard schema
with the RACADM.
There are two ways to enable the standard schema in Active Directory:
With the iDRAC Web user interface. See "Configuring the iDRAC With
Standard Schema Active Directory and the Web Interface" on page 127.
With the RACADM CLI tool. See "Configuring the iDRAC With
Standard Schema Active Directory and RACADM" on page 129.
Configuring Standard Schema Active Directory to Access Your iDRAC
You need to perform the following steps to configure the Active Directory
before an Active Directory user can access the iDRAC:
1
On an Active Directory server (domain controller), open the Active
Directory Users and Computers Snap-in.
2
Create a group or select an existing group. The name of the group and the
name of this domain will need to be configured on the iDRAC with the
Web interface, RACADM, or SM-CLP (see "Configuring the iDRAC With
Standard Schema Active Directory and the Web Interface" on page 127 or
"Configuring the iDRAC With Standard Schema Active Directory and
RACADM" on page 129).
Table 6-9. Default Role Group Privileges
Default
Privilege Level
Permissions Granted Bit Mask
Administrator Login to iDRAC, Configure iDRAC, Configure
Users, Clear Logs, Execute Server Control
Commands, Access Console Redirection, Access
Virtual Media, Test Alerts, Execute Diagnostic
Commands
0x000001ff
Power User Login to iDRAC, Clear Logs, Execute Server
Control Commands, Access Console Redirection,
Access Virtual Media, Test Alerts
0x000000f9
Guest User Login to iDRAC 0x00000001
None No assigned permissions 0x00000000
Using the iDRAC with Microsoft Active Directory 127
3
Add the Active Directory user as a member of the Active Directory group
to access the iDRAC.
Configuring the iDRAC With Standard Schema Active Directory and the
Web Interface
1
Open a supported Web browser window.
2
Log in to the iDRAC Web interface.
3
Click
System
Remote Access
iDRAC
Network/Security
Active
Directory
tab.
4
On the
Active Directory Main Menu
page, select
Configure Active
Directory
and click
Next
.
5
In the Common Settings section:
a
Select the
Enable Active Directory
check box.
b
Ty p e t h e
Root Domain Name
. The
Root Domain Name
is the fully
qualified root domain name for the forest.
c
Ty p e t h e
Timeout
time in seconds.
6
Click
Use Standard Schema
in the Active Directory Schema Selection
section.
7
Click
Apply
to save the Active Directory settings.
8
In the
Role Groups
column of the Standard Schema settings section, click
a
Role Group
.
The
Configure Role Group
page appears, which includes a role group’s
Group Name
,
Group Domain
, and
Role Group Privileges
.
9
Ty p e t h e
Group Name
. The group name identifies the role group in the
Active Directory associated with the iDRAC.
10
Ty p e t h e
Group Domain
. The
Group Domain
is the fully qualified root
domain name for the forest.
11
In the
Role Group Privileges
page, set the group privileges.
Table 5-12 on page 85 describes the
Role Group Privileges
.
If you modify any of the permissions, the existing
Role Group Privilege
(
Administrator
,
Power User
, or
Guest User
) will change to either the
128 Using the iDRAC with Microsoft Active Directory
Custom group or the appropriate
Role Group Privilege
based on the
permissions modified.
12
Click
Apply
to save the Role Group settings.
13
Click
Go Back To Active Directory Configuration
.
14
Click
Go Back To Active Directory Main Menu
.
15
Upload your domain forest Root CA certificate into the iDRAC.
a
Select the
Upload Active Directory CA Certificat
e radio button and
then click
Next
.
b
In the
Certificate Upload
page, type the file path of the certificate or
browse to the certificate file.
NOTE: The File Path value displays the relative file path of the certificate you
are uploading. You must type the absolute file path, which includes the full
path and the complete file name and file extension.
The domain controllers’ SSL certificates should have been signed by
the root CA. Have the root CA certificate available on your
management station accessing the iDRAC (see "Exporting the
Domain Controller Root CA Certificate" on page 132).
c
Click
Apply
.
The iDRAC Web server automatically restarts after you click
Apply
.
16
Log out and then log in to the iDRAC to complete the iDRAC Active
Directory feature configuration.
17
Click
System
Remote Access
iDRAC
Network/Security
Network
.
18
If
Use DHCP (For NIC IP Address)
is selected under
Network Settings
,
select
Use DHCP to obtain DNS server address
.
To manually input a DNS server IP address, deselect
Use DHCP to obtain
DNS server addresses
and type your primary and alternate DNS server IP
addresses.
19
Click
Apply
.
The iDRAC standard schema Active Directory feature configuration is
complete.
Using the iDRAC with Microsoft Active Directory 129
Configuring the iDRAC With Standard Schema Active Directory and
RACADM
Using the following commands to configure the iDRAC Active Directory
feature with the standard schema using the RACADM CLI instead of the
Web interface.
1
Open a command prompt and type the following RACADM commands:
racadm config -g cfgActiveDirectory -o cfgADEnable
1
racadm config -g cfgActiveDirectory -o cfgADType 2
racadm config -g cfgActiveDirectory -o
cfgADRootDomain <
root-FQDN
>
racadm config -g cfgStandardSchema -i <
index
> -o
cfgSSADRoleGroupName <
role-group-
common-name
>
racadm config -g cfgStandardSchema -i <
index
> -o
cfgSSADRoleGroupDomain <
RAC-FQDN
>
racadm config -g cfgStandardSchema -i <
index
> -o
cfgSSADRoleGroupPrivilege <
permissions-bit-mask
>
racadm sslcertupload -t 0x2 -f <
root-CA-
certificate-TFTP-URI
>
racadm sslcertdownload -t 0x1 -f <
RAC-SSL-
certificate-TFTP-URI
>
NOTE: For bit mask values, see Table B-1.
2
If DHCP is enabled on the iDRAC and you want to use the DNS provided
by the DHCP server, type the following RACADM commands:
racadm config -g cfgLanNetworking -o
cfgDNSServersFromDHCP 1
3
If DHCP is disabled on the iDRAC or you want to input your DNS IP
addresses manually, type the following RACADM commands:
racadm config -g cfgLanNetworking -o
cfgDNSServersFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServer1
<
primary-DNS-IP-address
>
130 Using the iDRAC with Microsoft Active Directory
racadm config -g cfgLanNetworking -o cfgDNSServer2
<
secondary-DNS-IP-address
>
Configuring the iDRAC With Standard Schema Active Directory and
SM-CLP
NOTE: You cannot upload certificates using SM-CLP. Instead, use the iDRAC Web
interface or local RACADM commands.
Use the following commands to configure the iDRAC Active Directory
Feature with the standard schema using SM-CLP.
1
Log in to the iDRAC using telnet or SSH and enter the following SM-CLP
commands:
cd /system/sp1/oemdell_adservice1
set enablestate=1
set oemdell_schematype=2
set oemdell_adracdomain=<
RAC-FQDN
>
2
Enter the following commands for each of the five Active Directory role
groups:
set /system1/sp1/group
N
oemdell_groupname=<
role-
groupN-common-name
>
set /system1/sp1/group
N
oemdell_groupdomain=<
rac-
FQDN
>
set /system1/sp1/group
N
oemdell_groupprivilege=
<user-permission-bit-mask
>
where
N
is a number from 1 to 5.
3
Enter the following commands to set up the Active Directory SSL
certifications.
set /system1/sp1/oemdell_ssl1 oemdell_certtype=AD
load -source <ActiveDirectory-certificate-TFTP-
URI> /system1/sp1/oemdell_ssl1
set /system1/sp1/oemdell_ssl1 oemdell_certtype=SSL
Using the iDRAC with Microsoft Active Directory 131
dump -destination <
iDRAC-server-certificate-TFTP-
URI
> /system1/sp1/oemdell_ssl1
4
If DHCP is enabled on the iDRAC and you want to use the DNS provided
by the DHCP server, type the following SM-CLP command:
set /system1/sp1/enetport1/lanendpt1/\
ipendpt1/dnsendpt1 oemdell_serversfromdhcp=1
5
If DHCP is disabled on the iDRAC or you want to manually enter your
DNS IP addresses, type the following SM-CLP commands:
set /system1/sp1/enetport1/lanendpt1/\
ipendpt1/dnsendpt1 oemdell_serversfromdhcp=0
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1/remotesap1 dnsserveraddress=<
primary-
DNS-IP-address
>
set /system1/sp1/enetport1/lanendpt1/ipendpt1/\
dnsendpt1/remotesap1 dnsserveraddress=<
secondary-
DNS-IP-address
>
Enabling SSL on a Domain Controller
If you are using Microsoft Enterprise Root CA to automatically assign all your
domain controllers to an SSL certificate, perform the following steps to
enable SSL on each domain controller.
1
Install a Microsoft Enterprise Root CA on a Domain Controller.
a
Select
Start
Control Panel
Add or Remove Programs
.
b
Select
Add/Remove Windows Components
.
c
In the
Windows Components
Wizard
, select the
Certificate Services
check box.
d
Select
Enterprise root CA
as
CA Type
and click
Next
.
e
Enter
Common name for this CA
, click
Next
, and click
Finish
.
2
Enable SSL on each of your domain controllers by installing the SSL
certificate for each controller.
a
Click
Start
Administrative Tools
Domain Security Policy
.
132 Using the iDRAC with Microsoft Active Directory
b
Expand the
Public Key Policies
folder, right-click
Automatic
Certificate Request Settings
and click
Automatic Certificate
Request
.
c
In the
Automatic Certificate Request Setup Wizard
, click
Next
and
select
Domain Controller
.
d
Click
Next
and click
Finish
.
Exporting the Domain Controller Root CA Certificate
NOTE: If your system is running Windows 2000, the following steps may vary.
1
Locate the domain controller that is running the Microsoft Enterprise CA
service.
2
Click
Start
Run
.
3
In the
Run
field, type
mmc
and click
OK
.
4
In the
Console 1
(MMC) window, click
File (
or
Console
on
Windows 2000 machines
)
and select
Add/Remove Snap-in
.
5
In the
Add/Remove Snap-In
window, click
Add
.
6
In the
Standalone Snap-In
window, select
Certificates
and click
Add
.
7
Select
Computer
account and click
Next
.
8
Select
Local Computer
and click
Finish
.
9
Click
OK
.
10
In the
Console 1
window, expand the
Certificates
folder, expand the
Personal
folder, and click the
Certificates
folder.
11
Locate and right-click the root CA certificate, select
All Tasks
, and click
Export…
.
12
In the
Certificate Export Wizard
, click
Next
, and select
No do not export
the private key
.
13
Click
Next
and select
Base-64 encoded X.509 (.cer)
as the format.
14
Click
Next
and save the certificate to a directory on your system.
15
Upload the certificate you saved in step 14 to the iDRAC.
To upload the certificate using RACADM, see "Configuring the iDRAC
With Extended Schema Active Directory Using the Web Interface" on
page 121.
Using the iDRAC with Microsoft Active Directory 133
To upload the certificate using the Web interface, perform the following
procedure:
a
Open a supported Web browser window.
b
Log in to the iDRAC Web interface.
c
Click
System
Remote Access
iDRAC
Network/Security
SSL
.
d
In the
SSL Main Menu
page, select
Upload Server Certificate
and
click
Next
.
e
In the
Certificate Upload
screen, perform one of the following
procedures:
Click
Browse
and select the certificate.
•In the
File Path
field, type the path to the certificate.
f
Click
Apply
.
Importing the iDRAC Firmware SSL Certificate
Use the following procedure to import the iDRAC firmware SSL certificate to
all domain controller trusted certificate lists.
NOTE: If your system is running Windows 2000, the following steps may vary.
NOTE: If the iDRAC firmware SSL certificate is signed by a well-known CA, you are
not required to perform the steps in this section.
The iDRAC SSL certificate is the identical certificate used for the iDRAC
Web server. All iDRACs are shipped with a default self-signed certificate.
To access the certificate using the iDRAC Web interface, select
System
Remote Access
iDRAC
Network/Security
SSL View Server Certificate.
1
On the domain controller, open an
MMC Console
window and select
Certificates
Trusted Root Certification Authorities
.
2
Right-click
Certificates
, select
All Tasks
and click
Import
.
3
Click
Next
and browse to the SSL certificate file.
4
Install the RAC SSL Certificate in each domain controller’s
Trusted Root
Certification Authority
.
If you have installed your own certificate, ensure that the CA signing your
certificate is in the
Trusted Root Certification Authority
list. If the
134 Using the iDRAC with Microsoft Active Directory
Authority is not in the list, you must install it on all your Domain
Controllers.
5
Click
Next
and select whether you would like Windows to automatically
select the certificate store based on the type of certificate, or browse to a
store of your choice.
6
Click
Finish
and click
OK
.
Using Active Directory to Log In To the iDRAC
You can use Active Directory to log in to the iDRAC using the Web interface.
Use one of the following formats to enter your username:
<
username@domain
>
or
<
domain>\<username
>
or
<
domain>/<username
>
where username is an ASCII string of 1–256 bytes.
White space and special characters (such as \, /, or @) cannot be used in the
user name or the domain name.
NOTE: You cannot specify NetBIOS domain names, such as Americas, as these
names cannot be resolved.
Using the iDRAC with Microsoft Active Directory 135
Frequently Asked Questions
Table 6-10 lists frequently asked questions and answers.
Table 6-10. Using iDRAC With Active Directory: FAQs
Question Answer
Can I log into the iDRAC using
Active Directory across multiple
trees?
Yes. The iDRAC's Active Directory querying
algorithm supports multiple trees in a single
forest.
Does the log in to the iDRAC using
Active Directory work in mixed
mode (that is, the domain
controllers in the forest run different
operating systems, such as Microsoft
Windows NT® 4.0, Windows 2000,
or Windows Server 2003)?
Yes. In mixed mode, all objects used by the
iDRAC querying process (among user, RAC
Device Object, and Association Object) have
to be in the same domain.
The Dell-extended Active Directory Users and
Computers snap-in checks the mode and
limits users in order to create objects across
domains if in mixed mode.
Does using the iDRAC with Active
Directory support multiple domain
environments?
Yes. The domain forest function level must be
in Native mode or Windows 2003 mode. In
addition, the groups among Association
Object, RAC user objects, and RAC Device
Objects (including Association Object) must
be universal groups.
Can these Dell-extended objects
(Dell Association Object, Dell RAC
Device, and Dell Privilege Object)
be in different domains?
The Association Object and the Privilege
Object must be in the same domain. The Dell-
extended Active Directory Users and
Computers snap-in forces you to create these
two objects in the same domain. Other objects
can be in different domains.
Are there any restrictions on Domain
Controller SSL configuration?
Yes. All Active Directory servers’ SSL
certificates in the forest must be signed by the
same root CA since iDRAC only allows
uploading one trusted CA SSL certificate.
136 Using the iDRAC with Microsoft Active Directory
I created and uploaded a new RAC
certificate and now the Web
interface does not launch.
If you use Microsoft Certificate Services to
generate the RAC certificate, one possible
cause of this is you inadvertently chose User
Certificate instead of Web Certificate when
creating the certificate.
To recover, generate a CSR and then create a
new web certificate from Microsoft Certificate
Services and load it using the RACADM CLI
from the managed server by using the
following RACADM commands:
racadm sslcsrgen [-g] [-u] [-f
{filename}]
racadm sslcertupload -t 1 -f
{web_sslcert}
Table 6-10. Using iDRAC With Active Directory: FAQs (continued)
Question Answer
Using the iDRAC with Microsoft Active Directory 137
What can I do if I cannot log into
the iDRAC using Active Directory
authentication? How do I
troubleshoot the issue?
1
Ensure that you use the correct user domain
name during a login and not the NetBIOS
name.
2
If you have a local iDRAC user account, log
into the iDRAC using your local credentials.
After you are logged in, perform the following
steps:
a
Ensure that you have checked the
Enable
Active Directory
box on the iDRAC
Active
Directory Configuration
page.
b
Ensure that the DNS setting is correct on
the iDRAC
Networking Configuration
page.
c
Ensure that you have uploaded the Active
Directory certificate from your Active
Directory root CA to the iDRAC.
d
Check the Domain Controller SSL
certificates to ensure that they have not
expired.
e
Ensure that your
iDRAC Name
,
Root
Domain Name
, and
iDRAC Domain
Name
match your Active Directory
environment configuration.
f
Ensure that the iDRAC password has a
maximum of 127 characters. While the
iDRAC can support passwords of up to 256
characters, Active Directory only supports
passwords that have a maximum length of
127 characters.
Table 6-10. Using iDRAC With Active Directory: FAQs (continued)
Question Answer
138 Using the iDRAC with Microsoft Active Directory
Viewing the Configuration and Health of the Managed Server 139
Viewing the Configuration and
Health of the Managed Server
System Summary
Click System Properties tab Summary to obtain information about the
Main System Enclosure and the Integrated Dell™ Remote Access Controller.
Main System Enclosure
System Information
This section of the iDRAC Web interface provides the following basic
information about the managed server:
Description — The model number or name of the managed server.
BIOS Version — The version number of the managed server's BIOS.
Service Tag — The Service Tag number of the managed server.
Host Name — The DNS hostname associated with the managed server.
OS Name — The name of the operating system installed on the managed
server.
I/O Mezzanine Card
This section of the iDRAC Web interface provides the following information
about the I/O Mezzanine cards installed on the managed server:
Connection — Lists the I/O Mezzanine card(s) installed on the managed
server.
140 Viewing the Configuration and Health of the Managed Server
Card Type — The physical type of the installed Mezzanine
card/connection.
Model Name — The model number, type, or description of the installed
Mezzanine card(s).
Integrated Storage Card
This section of the iDRAC Web Interface provides information about the
integrated Storage Controller Card installed on the Managed Server:
Card Type — shows the model name of the installed storage card.
Auto Recovery
This section of the iDRAC Web interface details the current mode of
operation of the Auto Recovery feature of the managed server as set by Open
Manage Server Administrator:
Recovery Action — Action to be performed when a system fault or
hang
is
detected. Available actions are
No Action
,
Hard Reset
,
Power Down
, or
Power Cycle
.
Initial Countdown — The amount of time (in seconds) after a system
hang is detected at which time the iDRAC performs a recovery action.
Present Countdown — The current value (in seconds) of the countdown
timer.
Integrated Dell Remote Access Controller
iDRAC Information
This section of the iDRAC Web interface provides the following information
about the iDRAC itself:
Date/Time — The current date and time (as of last page refresh) of the
iDRAC.
Firmware Version — The current version of iDRAC firmware installed on
the managed server.
CPLD Version — Displays the complex programmable logic device
(CPLD) version.
Firmware Updated — The date and time of the last successful iDRAC
firmware update.
Viewing the Configuration and Health of the Managed Server 141
Hardware Version — The version number of the primary planar (circuit
board) of the managed server.
IP Address — The IP address associated with the iDRAC (not the
managed server).
Gateway — The IP address of the network gateway configured for the
iDRAC.
Subnet Mask — The TCP/IP Subnet Mask configured for iDRAC.
MAC Address — The MAC address associated with the LOM (LAN on
Motherboard) Network Interface Controller of the iDRAC.
DHCP Enabled — Enabled if the iDRAC is set to fetch its IP address and
associated info from a DHCP server.
Preferred DNS Address 1 — Set to the currently active primary DNS
server.
Alternate DNS Address 2 — Set to the alternate DNS server address.
NOTE: This information is also available at iDRAC Properties tab iDRAC
Information.
WWN/MAC Summary
Click System Properties tab WWN/MAC to view the current
configuration of installed I/O Mezzanine cards and their associated network
fabrics. If the FlexAddress feature is enabled, the globally assigned (Chassis-
Assigned) persistent MAC addresses supersede the hardwired values of each
LOM.
System Health
Click System Properties tab Health to view important information about
the health of the iDRAC and components monitored by the iDRAC. The
Severity column shows the status for each component. For a list of status
icons and their meaning, see Table 15-3. Click the component name in the
Component column for more detailed information about the component.
NOTE: Component information can also be obtained by clicking the component
name in the left pane of the window. Components remain visible in the left pane
independent of the tab/screen that is selected.
142 Viewing the Configuration and Health of the Managed Server
iDRAC
The iDRAC Information page lists a number of important details about the
iDRAC, such as health status, name, firmware revision, and network
parameters. Additional details are available by clicking the appropriate tab at
the top of the page.
CMC
The CMC page displays the health status, firmware revision, and IP address
of the Chassis Management Controller. You can also launch the CMC Web
Interface by clicking the Launch the CMC Web Interface button.
Batteries
The Batteries page displays the status and values of the system board coin-cell
battery that maintains the Real-Time Clock (RTC) and CMOS configuration
data storage of the managed system.
Temperatures
The Temperature Probes Information page displays the status and readings of
the on-board ambient temperature probe. Minimum and maximum
temperature thresholds for warning or failure states are shown, along with the
current health status of the probe.
Voltages
The Voltage Probes Information page displays the status and reading of the
Voltage probes, providing such information as the status of the on-board
voltage rail and CPU core sensors.
NOTE: Depending on the model of your server, temperature thresholds for warning
or failure states and/or the health status of the probe may not be displayed.
Power Monitoring
The Power Monitoring page enables you to view the following monitoring and
power statistics information:
Power Monitoring — Displays the amount of power being used (in watts)
by the server as reported by the System Board Current Monitor.
Viewing the Configuration and Health of the Managed Server 143
Power Tracking Statistics — Displays information about the amount of
power used by the system since the
Measurement Start Time
was last
reset.
Peak Statistics — Displays information about the peak amount of power
used by the system since the
Measurement Start Time
was last reset.
NOTE: iDRAC power management logic utilizes a Complex Programmable Logic
Device (CPLD) present in the blade server. Updates to CPLD devices are available at
the Dell Support website at support.dell.com under the System Firmware or System
Board sections. Dell recommends that you update your blade server with the latest
CPLD firmware version. The current CPLD firmware version is displayed in the
iDRAC Web GUI.
CPU
The CPU Information page reports the health of each CPU on the managed
server. This health status is a roll-up of a number of individual thermal, power,
and functional tests.
POST
The Post Code page displays the last system post code (in hexadecimal) prior
to booting the operating system of the managed server.
Misc Health
The Misc Health page provides access to the following system logs:
System Event Log — Displays system-critical events that occur on the
managed system.
Post Code — Displays the last system post code (in hexadecimal) prior to
booting the operating system of the managed server.
Last Crash — Displays the most recent crash screen and time.
Boot Capture — Provides playback of the last three boot screens.
NOTE: This information is also available at System Properties tab Logs.
144 Viewing the Configuration and Health of the Managed Server
Configuring and Using Serial Over LAN 145
Configuring and Using Serial Over
LAN
Serial Over LAN (SOL) is an IPMI feature that allows a managed server’s
text-based console data that would traditionally be sent to the serial I/O port
to be redirected over the iDRAC’s dedicated Out-of-Band Ethernet
management network. The SOL out-of-band console enables system
administrators to remotely manage the blade server’s text-based console from
any location with network access. With SOL, you can:
Remotely access operating systems with no timeout.
Diagnose host systems on Emergency Management Services (EMS) or
Special Administrator Console (SAC) for Windows or in a Linux shell.
View the progress of a blade server during POST and reconfigure the BIOS
setup program (while redirected to a serial port).
Enabling Serial Over LAN in the BIOS
To properly configure a server for Serial Over LAN, the following
configuration steps are required and will be explained in detail:
1
Configure Serial Over LAN in BIOS (disabled by default)
2
Configure the iDRAC for Serial Over LAN
3
Select a method to initialize Serial Over LAN (SSH, telnet, SOL Proxy, or
IPMI Tool)
4
Configure the operating system for SOL
146 Configuring and Using Serial Over LAN
Serial communication is off by default in BIOS. To redirect the host text
console data to Serial over LAN, you must enable console redirection via
COM1. To change the BIOS setting, perform the following steps:
1
Boot the managed server.
2
Press <F2> to enter the BIOS setup utility during POST.
3
Scroll down to Serial Communication and press <Enter>.
In the pop-up window, the serial communication list is presented with the
following options:
•Off
On without console redirection
On with console redirection via COM1
Use the arrow keys to navigate between options.
4
Ensure that
On with console redirection via COM1
is enabled.
5
Ensure that the
Failsafe Baud Rate
is identical to SOL baud rate that is
configured on iDRAC. The default value for both the failsafe baud rate
and the iDRAC’s SOL baud rate setting is 115.2 kbps.
6
Enable the
Redirection After Boot
(the default value is DISABLED). This
option enables BIOS SOL redirection across subsequent reboots.
7
Save the changes and exit.
The managed server reboots.
Configuring Serial Over LAN in the iDRAC Web
GUI
1
Open the
Serial Over LAN Configuration
page by selecting
System
Remote Access
iDRAC
Network/Security
Serial Over LAN
.
2
Ensure that the
Enable Serial Over LAN
option is selected.
Configuring and Using Serial Over LAN 147
3
Update the IPMI SOL Baud Rate by selecting a data speed from the
Baud
Rate
drop-down menu. The options are 19.2 kbps, 57.6 kbps, and 115.2
kbps. The default value is 115.2 kbps.
NOTE: Ensure that the SOL baud rate is identical to the Failsafe Baud Rate
that was set in BIOS.
4
Click
Apply
to save the changes.
5
Change the configuration on the
Advanced Settings
page, if necessary.
Dell recommends using the default values.
Advanced Settings
allows you
to adjust SOL performance by changing the
Character Accumulate
Interval
and
Character Send Threshold
values. For optimal performance,
use the default settings of 10 milliseconds and 250 characters, respectively.
Table 8-1. Serial Over LAN Configuration Page Settings
Setting Description
Enable Serial Over
LAN
When selected, the check box indicates that Serial Over
LAN is enabled.
Baud Rate Indicates the data speed. Select a data speed of 19.2 kbps,
57.6 kbps, or 115.2 kbps.
Channel Privilege
Level Limit
When selected, indicates the privilege level limit for Serial
Over LAN. Select one of the following options:
Administrator, Operator, or User. The default is
Administrator.
Table 8-2. Serial Over LAN Configuration Page Buttons
Button Description
Print Prints the Serial Over LAN Configuration values that
appear on the screen.
Refresh Reloads the Serial Over LAN Configuration page.
Advanced Settings Opens the Serial Over LAN Configuration Advanced
Settings page.
Apply Saves any new settings that you make while viewing the
Serial Over LAN Configuration page.
148 Configuring and Using Serial Over LAN
NOTE: If you change these values to lower values, the console redirection
feature of SOL may experience a reduction in performance. Furthermore, the
SOL session must wait to receive an acknowledgement for each packet
before sending the next packet. As a result, the performance is significantly
reduced.
6
Configure SSH/Telnet for SOL at
System
Remote Access
iDRAC
Network/Security
Services
.
Table 8-3. Serial Over LAN Configuration Advanced Settings Page Settings
Setting Description
Character Accumulate
Interval
The typical amount of time the iDRAC waits before
sending a partial SOL data packet. This parameter is
specified in milliseconds and increments by 10
milliseconds.
Character Send
Threshold
Specifies the number of characters per SOL data packet. As
soon as the number of characters accepted by the iDRAC is
equal to or greater than the Character Send Threshold
value, the iDRAC starts transmitting SOL data packets that
contain numbers of characters equal to or less than the
Character Send Threshold value. If a packet contains fewer
characters than this value, it is defined to be a partial SOL
data packet.
Table 8-4. Serial Over LAN Configuration Advanced Settings Page Buttons
Button Description
Print Prints the Serial Over LAN Configuration Advanced
Settings values that appear on the screen.
Refresh Reloads the Serial Over LAN Configuration Advanced
Settings page.
Apply Saves any new settings that you make while viewing the
Serial Over LAN Configuration Advanced Settings page.
Go Back To Serial Over
LAN Configuration
Page
Returns the user to the Serial Over LAN Configuration
page.
Configuring and Using Serial Over LAN 149
NOTE: Each blade server only supports one active SOL session through SSH
or Telnet protocol.
NOTE: SSH protocol is enabled by default. Telnet protocol is disabled by
default.
7
Click
Services
to open the
Services
page.
NOTE: SSH and Telnet programs both provide access on a remote system.
8
Click
Enabled
on either
SSH
or
Telnet
as required.
SSH
is on by default.
9
Click
Apply
.
NOTE: SSH is recommended due to better security and encryption
mechanisms.
NOTE: SSH/Telnet session duration can be infinite as long as the timeout
value is set to 0. The default timeout value is 1800 seconds.
10
Enable iDRAC out-of-band interface (
IPMI over LAN
) by selecting
System
Remote Access
iDRAC
Network/Security
Services
.
11
Check the
Enable IPMI Over LAN
option under
IPMI LAN Settings
.
12
Click
Apply
.
Using Serial Over LAN (SOL)
This section provides several methods to initialize a Serial-Over-LAN session
including a Telnet program, an SSH client, IPMItool, and SOL Proxy. The
purpose of the Serial Over LAN feature is to redirect the serial port of the
managed server through iDRAC into the console of your management
station.
Model for Redirecting SOL Over Telnet or SSH
Telnet (port 23)/ SSH (port 22) client
WAN connection
iDRAC
server
The IMPI-based SOL over SSH/Telnet implementation eliminates the need
for an additional utility because the serial to network translation happens
within the iDRAC. The SSH or Telnet console that you use should be able to
interpret and respond to the data arriving from the managed server's serial
port. The serial port usually attaches to a shell that emulates an ANSI- or
150 Configuring and Using Serial Over LAN
VT100- terminal. The serial console is automatically redirected to your SSH
or Telnet console. The SOL redirection can then be started from the
/system/startsol target.
See "Installing Telnet or SSH Clients" on page 61 for more information about
using Telnet and SSH clients with iDRAC.
Model for the SOL Proxy
Telnet Client (port 623)
WAN connection
SOL Proxy
iDRAC
server
When the SOL Proxy communicates with the Telnet client on a management
station, it uses the TCP/IP protocol. However, SOL proxy communicates with
the managed system's iDRAC over the RMCP/IPMI/SOL protocol, which is a
UDP-based protocol. Therefore, if you communicate with your managed
system's iDRAC from SOL Proxy over a WAN connection, you may
experience network performance issues. The recommended usage model is to
have the SOL Proxy and the iDRAC server on the same LAN. The
management station with the Telnet client can then connect to the SOL
Proxy over a WAN connection. In this usage model, SOL Proxy will function
as desired.
Model for Redirecting SOL Over IMPItool
IPMItool
WAN connection
iDRAC server
The IPMI-based SOL utility, IPMItool, uses RMCP+ protocol delivered
using UDP datagrams to port 623. iDRAC requires this RMCP+ connection
to be encrypted. The encryption key (KG key) must contains characters of
zero or NULL that can be configured in the iDRAC Web GUI or in the
iDRAC Configuration Utility. You can also wipe out the encryption key by
pressing the backspace key so that iDRAC will provide NULL characters as
the encryption key by default. The advantage of using RMCP+ is improved
authentication, data integrity checks, encryption, and the ability to carry
multiple types of payloads. Please refer to "Using SOL Over IPMItool" on
page 153 or the IPMItool main page for more information:
http://ipmitool.sourceforge.net/manpage.html.
Configuring and Using Serial Over LAN 151
Disconnecting an SOL Session in SM-CLP
When using SSH or Telnet protocols to access Serial Over LAN functionality,
you will first connect to the iDRAC’s SM-CLP service, from which you will
launch the SOL session with an SM-CLP command (start
/system1/sol1). Thus, users wanting to disconnect an SOL session must
first terminate the SOL session from SM-CLP.
Commands to disconnect a SOL session are utility oriented. Please read this
section carefully; only when a SOL session is fully terminated can you exit the
utility.
When you are ready to quit SOL redirection from SM-CLP, press <Enter>,
<Esc>, and then <t> (press the keys in sequence, one after the other). The
SOL session will close.
NOTE: If a SOL session is not closed successfully in the utility, more SOL sessions
may not be available. The way to resolve this situation is to delete the SMASH
console in the web GUI under SystemRemote AccessiDRAC
Network/SecuritySessions.
Using SOL Over PuTTY
To start SOL from PuTTY on a Windows management station, follow these
steps:
NOTE: If required, you can change the default SSH/telnet timeout at System
Remote Access iDRAC Network/Security Services.
1
Connect to the iDRAC by entering the following command in the
command prompt:
putty.exe [-ssh | -telnet] <
login name
>@<
iDRAC-ip-
address
> <
port number
>
2
Enter the following command in the SM-CLP prompt to start SOL:
start /system1/sol1
NOTE: This connects you to the managed server's serial port. The SM-CLP
commands are no longer available to you. You cannot return to SM-CLP once
you have started SOL. You must quit the SOL session using the command
sequence detailed in "Disconnecting an SOL Session in SM-CLP" on page 151,
and start a new one to use SM-CLP.
152 Configuring and Using Serial Over LAN
Using SOL Over Telnet With Linux
To start SOL from Telnet on a Linux management station, follow these steps:
NOTE: If required, you can change the default Telnet timeout at System Remote
AccessiDRAC Network/Security Services.
1
Start a shell.
2
Connect to the iDRAC with the following command:
telnet <
iDRAC-ip-address
>
NOTE: If you have changed the port number for the Telnet service from the
default (port 23), add the port number to the end of the telnet command.
3
Input iDRAC's username and password in order to connect to iDRAC SM-
CLP.
4
Enter the following command in the SM-CLP prompt to start SOL:
start /system1/sol1
5
To quit a SOL session from Telnet on Linux, type <Ctrl><]> (press and
hold the control key and enter a right square bracket). A Telnet prompt
displays. Type
quit
to exit telnet.
Using SOL Over OpenSSH with Linux
OpenSSH is an open source utility for using the SSH protocol. To start SOL
from OpenSSH on a Linux management station, follow these steps:
NOTE: If required, you can change the default SSH session timeout at System
Remote AccessiDRAC Network/Security Services.
1
Start a shell.
2
Connect to the iDRAC with the following command:
ssh <
iDRAC-ip-address
> -l <
login name
>
3
Enter the following command in the SM-CLP prompt to start SOL:
start /system1/sol1
NOTE: This connects you to the managed server's serial port. The SM-CLP
commands are no longer available to you. You cannot return to SM-CLP once
you have started SOL. You must quit the SOL session (refer to "Disconnecting
SOL session in SM-CLP" on page 146 to close an active SOL session), and start
a new one to use SM-CLP.
Configuring and Using Serial Over LAN 153
Using SOL Over IPMItool
The Dell Systems Management Tolls and Documentation DVD provides
IPMItool, which can be installed on various operating systems. To start SOL
with IPMItool on a management station, follow these steps:
NOTE: If required, you can change the default SOL timeout at System Remote
AccessiDRACNetwork/SecurityServices.
1
Locate the IPMItool.exe under the proper directory.
The default path for Windows is
C:\Program Files\Dell\SysMgt\bmc
.
2
Ensure the Encryption key contains all zeroes on the following page:
System
Remote Access
iDRAC
Network/Security
Network
IPMI
LAN Settings
.
3
Enter the following command in the Windows command prompt or in the
Linux shell prompt to start SOL via iDRAC:
ipmitool -H <
iDRAC-ip-address
> -I lanplus -U
<
login name
> -P <
login password
> sol activate
This connects you to the managed server's serial port.
4
To quit a SOL session from IPMItool, press <~> and <.> (press the tilde
and period keys in sequence, one after the other). The SOL session will
close.
NOTE: If a user does not terminate the SOL session correctly, issue the
following command to reboot iDRAC. Please allow the iDRAC 1-2 minutes to
complete booting. Refer to "RACADM Subcommands" on page 200 for more
details.
racadm racreset
Opening SOL With SOL Proxy
Serial-Over-LAN Proxy (SOL Proxy) is a telnet daemon that allows LAN-
based administration of remote systems using the Serial Over LAN (SOL)
and IPMI protocols. Any standard telnet client application, such as
HyperTerminal on Windows or telnet on Linux, can be used to access the
daemon's features. SOL can be used either in the menu mode or command
mode. The SOL protocol coupled with the remote system's BIOS console
154 Configuring and Using Serial Over LAN
redirection allows administrators to remotely view and change a managed
system's BIOS settings over a LAN. The Linux serial console and Microsoft's
EMS/SAC interfaces can also be accessed over a LAN using SOL.
NOTE: All versions of the Windows operating system include HyperTerminal
terminal emulation software. However, the included version does not provide many
functions required during console redirection. Instead, you can use any terminal
emulation software that supports VT100 or ANSI emulation mode. One example of a
full VT100 or ANSI terminal emulator that supports console redirection on your
system is HyperTerminal Private Edition 6.1 or later.
NOTE: See your system's User's Guide for more information about console
redirection, including hardware and software requirements and instructions for
configuring host and client systems to use console redirection.
NOTE: HyperTerminal and telnet settings must be consistent with the settings on
the managed system. For example, the baud rates and terminal modes should
match.
NOTE: The Windows telnet command that is run from an MS-DOS prompt
supports ANSI terminal emulation. The BIOS must be set for ANSI emulation to
display all the screens correctly.
Before Using SOL Proxy
Before using SOL proxy, see the Baseboard Management Controller Utilities
User's Guide to learn how to configure your management stations. By default,
BMC Management Utility (BMU) is installed in the following directory on
Windows operating systems:
C:\Program Files\Dell\SysMgt\bmc
The installation program copies the files to the following locations on Linux
Enterprise Operating Systems:
/etc/init.d/SOLPROXY.cfg
/etc/SOLPROXY.cfg
/usr/sbin/dsm_bmu_solproxy32d
/usr/sbin/solconfig
/usr/sbin/impish
Configuring and Using Serial Over LAN 155
Initiating the SOL Proxy Session
To connect and use SOL Proxy:
For Windows 2003:
To start the SOL Proxy service on a Windows system after installation, you
can reboot the system (SOL Proxy automatically starts on a reboot). Or,
you can start the SOL Proxy service manually by completing the following
steps:
1
Right-click
My Computer
and click
Manage
.
The
Computer Management
window appears.
2
Click
Services and Applications
, and then click
Services
.
Available services are displayed to the right.
3
Locate
DSM_BMU_SOLProxy
in the list of services, and right-click to
start the service.
Depending on the console you use, there are different steps for accessing
SOL Proxy. Throughout this section, the management station where the
SOL Proxy is running is referred as the SOL Proxy Server.
For Linux Enterprise Operating Systems:
The SOL Proxy will start automatically during system startup.
Alternatively, you can go to directory
/etc/init.d
and use the following
commands to manage the SOL Proxy service:
solproxy status
dsm_bmu_solproxy32d start
dsm_bmu_solproxy32d stop
solproxy restart
156 Configuring and Using Serial Over LAN
Using Telnet With SOL Proxy
NOTE: This assumes that the SOL Proxy service is already up and running on the
management station.
For Windows 2003:
1
Open the command prompt on your management station.
2
Enter the
telnet
command in the command line, and provide
localhost
as the IP address if the SOL Proxy server is running on the
same system and the port number that you specified in the SOL Proxy
installation (the default value is
623
). For example:
telnet localhost 623
For Linux Enterprise Operating Systems:
1
Open a Linux shell on your management station.
2
Enter the
telnet
command, and provide
localhost
as the IP address
of the SOL Proxy server and the port number that you specified in the
SOL Proxy installation (the default value is
623
). For example:
telnet localhost 623
NOTE: Whether your host operating system is Windows or Linux, if the SOL Proxy
server is running on a different system than your management station, input the SOL
Proxy server IP address instead of localhost.
telnet <
SOL Proxy server IP address
> 623
Using HyperTerminal With SOL Proxy
1
From the remote station, open
HyperTerminal.exe
.
2
Choose
TCPIP(Winsock)
.
3
Enter host address
localhost
and port number
623
.
Connecting to the Remote Managed System's BMC
After a SOL Proxy session is successfully established, you are presented with
the following choices:
1. Connect to the Remote Server's BMC
2. Configure the Serial-Over-LAN for the Remote
Server
Configuring and Using Serial Over LAN 157
3. Activate Console Redirection
4. Reboot and Activate Console Redirection
5. Help
6. Exit
NOTE: While multiple SOL sessions can be active at the same time, only one
console redirection session can be active at any given time for a managed system.
NOTE: To exit an active SOL session, press the <~><.> keys. This sequence
terminates SOL and returns you to the top-level menu.
1
Select option 1 in the main menu.
2
Enter the
iDRAC IP Address
of the remote managed system.
3
Provide the iDRAC
Username
and
Password
for the iDRAC on the
managed system. The iDRAC username and password must be assigned
and stored in the iDRAC non-volatile storage.
NOTE: Only one SOL console redirection session with iDRAC is permitted at
one time.
NOTE: If required, extend the SOL session duration to infinite by changing the
Telnet timeout value to zero on the iDRAC Web GUI page under System
Remote AccessiDRACNetwork/Security Services.
4
Provide the IPMI encryption key if it was configured in the iDRAC.
NOTE: You can locate the IPMI encryption key in the iDRAC GUI at System
Remote AccessiDRACNetwork/SecurityNetworkIPMI LAN Settings
Encryption Key.
NOTE: The default IPMI encryption key is all zeros. If you press <Enter> for
the encryption option, iDRAC will use this default encryption key.
5
Select option 2 in the main menu.
The SOL configuration menu appears. According to the current SOL
status, the content of the SOL configuration menu varies:
If SOL is already enabled, the current settings appear, and you are
presented with three choices:
1. Disable Serial-Over-LAN
2. Change Serial-Over-LAN settings
158 Configuring and Using Serial Over LAN
3. Cancel
If SOL is enabled, ensure that the SOL baud rate is consistent with
the iDRAC's baud rate. A minimum iDRAC user privilege level of
Administrator
is required for activating console redirection.
If SOL is currently disabled, type
Y
to enable SOL or
N
to keep SOL
disabled.
6
Select option 3 in the main menu.
The remote managed system's text console is redirected to your
management station.
7
Select option 4 in the main menu (optional).
The power state of the remote managed system is confirmed. If power is
on, you are asked to decide between a graceful or forceful shutdown.
The power state is monitored until the state changes to
On
. Console
redirection begins, and the remote managed system text console is
redirected to your management station.
While the managed system reboots, you can enter the BIOS system setup
program to view or configure BIOS settings.
8
Select option 5 in the main menu to display a detailed description for each
option.
9
Select option 6 in the main menu to end your telnet session and
disconnect from SOL Proxy.
NOTE: If a user does not terminate the SOL session correctly, issue the
following command to reboot iDRAC. Please allow the iDRAC upto two
minutes to complete booting. Refer to "RACADM Subcommands" on page 200
for more details.
racadm racreset
Configuring and Using Serial Over LAN 159
Operating System Configuration
Complete the steps below to configure generic UNIX®-like operating
systems. This configuration is based on default installations of Red Hat
Enterprise Linux 5.0, SUSE Linux Enterprise Server 10 SP1, and Windows
2003 Enterprise.
Linux Enterprise Operating System
1
Edit the
/etc/inittab
file to enable hardware flow control and allow users to
log in through the SOL console. Add the line below to the end of the
#Run gettys in standard runlevels
section.
7:2345:respawn:/sbin/agetty -h 115200 ttyS0 vt220
Example of original /etc/inittab:
______________________________________________________________
#
# inittab This file describes how the INIT process should set up
# the system in a certain run-level.
#
SKIP this part of file
# Run gettys in standard runlevels
1:2345:respawn:/sbin/migetty tty1
2:2345:respawn:/sbin/migetty tty1
3:2345:respawn:/sbin/migetty tty1
4:2345:respawn:/sbin/migetty tty1
5:2345:respawn:/sbin/migetty tty1
6:2345:respawn:/sbin/migetty tty1
# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm -nodaemon
______________________________________________________________
Example of modified /etc/inittab:
______________________________________________________________
160 Configuring and Using Serial Over LAN
#
# inittab This file describes how the INIT process should set up
# the system in a certain run-level.
#
SKIP this part of file
# Run gettys in standard runlevels
1:2345:respawn:/sbin/migetty tty1
2:2345:respawn:/sbin/migetty tty1
3:2345:respawn:/sbin/migetty tty1
4:2345:respawn:/sbin/migetty tty1
5:2345:respawn:/sbin/migetty tty1
6:2345:respawn:/sbin/migetty tty1
7:2345:respawn:/sbin/agetty -h ttyS0 115200 vt220
# Run xdm in runlevel 5
x:5:respawn:/etc/X11/prefdm -nodaemon
______________________________________________________________
2
Edit the
/etc/securetty
file to allow users to log in as a root user through
the SOL console. Add the following line after
console
:
ttyS0
Example of original /etc/securetty:
______________________________________________________________
console
vc/1
vc/2
vc/3
vc/4
SKIP the rest of file
______________________________________________________________
Example of modified /etc/securetty:
Configuring and Using Serial Over LAN 161
______________________________________________________________
Console
ttyS0
vc/1
vc/2
vc/3
vc/4
SKIP the rest of file
______________________________________________________________
3
Edit the /
boot/grub/grub.conf
or
/boot/grub/menu.list
file to add boot
options for SOL:
a
Comment out the graphical display lines in the various UNIX-like
operating systems:
splashimage=(had0,0)/grub/splash.xpm.gz
in
RHEL 5
gfxmenu (hda0,5)/boot/message
in SLES 10
b
Add the following line before the first
title= …
line:
# Redirect OS boot via SOL
c
Append the following entry to the first
title= …
line:
SOL redirection
d
Append the following text to the
kernel/…
line of the first
title=
:
console=tty1 console=ttyS0,115200
NOTE: /boot/grub/grub.conf in Red Hat Enterprise Linux 5 is a symbolic link to
/boot/grub/menu.list. You can change the settings in either one of them.
Example of original /boot/grub/grub.conf in Red Hat Enterprise Linux 5:
______________________________________________________________
# grub.conf generated by anaconda
#
# Note that you do not have to return grub after making changes
to this
162 Configuring and Using Serial Over LAN
# file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/,
eg.
# root (hd0,0)
# kernel /vmlinux-version ro root=
/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm/gz
hiddenmenu
title Red Hat Enterprise Linux 5
root (hd0,0)
kernel /vmlinuz-2.6.18-8.el5 ro root=
/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.18-8.el5.img
______________________________________________________________
Example of modified /boot/grub/grub.conf:
______________________________________________________________
# grub.conf generated by anaconda
#
# Note that you do not have to return grub after making changes
to this
# file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/,
eg.
# root (hd0,0)
# kernel /vmlinux-version ro root=
/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
Configuring and Using Serial Over LAN 163
default=0
timeout=5
#splashimage=(hd0,0)/grub/splash.xpm/gz
hiddenmenu
# Redirect the OS boot via SOL
title Red Hat Enterprise Linux 5 SOL redirection
root (hd0,0)
kernel /vmlinuz-2.6.18-8.el5 ro root=
/dev/VolGroup00/LogVol00 rhgb quiet console=tty1 console=
ttyS0,115200
initrd /initrd-2.6.18-8.el5.img
______________________________________________________________
Example of original /boot/grub/menu.list in SUSE Linux Enterprise Server
10:
______________________________________________________________
#Modified by YaST2. Last modification on Sat Oct 11 21:52:09
UTC 2008
Default 0
Timeout 8
gfxmenu (hd0.5)/boot/message
###Don't change this comment - YaST2 identifier: Original name:
linux###
title SUSE Linux Enterprise Server 10 SP1
root (hd0,5)
kernel /boot/vmlinux-2.6.16-46-0.12-bigsmp root=
/dev/disk/by-id/scsi-35000c5000155c resume=/dev/sda5
splash=silent showopts
initrd /boot/initrd-2.6.16.46-0.12-bigsmp
______________________________________________________________
Example of modified /boot/grub/menu.list in SLES 10:
______________________________________________________________
#Modified by YaST2. Last modification on Sat Oct 11 21:52:09
UTC 2008
164 Configuring and Using Serial Over LAN
Default 0
Timeout 8
#gfxmenu (hd0.5)/boot/message
###Don't change this comment - YaST2 identifier: Original name:
linux###
title SUSE Linux Enterprise Server 10 SP1 SOL redirection
root (hd0,5)
kernel /boot/vmlinux-2.6.16-46-0.12-bigsmp root=
/dev/disk/by-id/scsi-35000c5000155c resume=/dev/sda5
splash=silent showopts console=tty1 console=ttyS0,115200
initrd /boot/initrd-2.6.16.46-0.12-bigsmp
______________________________________________________________
Windows 2003 Enterprise
1
Determine the boot entry ID by entering
bootcfg
in the Windows
command prompt. Locate the boot entry ID for the section
Windows
Server 2003 Enterprise
. Press <Enter> to display the boot options on the
management station.
2
Enable EMS at a Windows command prompt by entering:
bootcfg /EMS ON /PORT COM1 /BAUD 115200 /ID <
boot
id
>
NOTE: <
boot id
> is the boot entry ID from step 1.
3
Press <Enter> to verify that the EMS console setting takes effect.
Example of original bootcfg setting:
______________________________________________________________
Boot Loader Settings
--------------------
timeout:30
default:multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
Boot Entries
------------
Boot entry ID: 1
Configuring and Using Serial Over LAN 165
OS Friendly Name: Winodws Server 2003, Enterprise
Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
OS Load Options: /nonexecute=optout /fastdetect /usepmtimer
/redirect
______________________________________________________________
Example of modified bootcfg setting:
______________________________________________________________
Boot Loader Settings
--------------------
timeout: 30
default: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
redirect: COM1
redirectbaudrate:115200
Boot Entries
------------
Boot entry ID: 1
Os Friendly Name: Windows Server 2003, Enterprise
Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
OS Load Options: /nonexecute=optout /fastdetect /usepmtimer
/redirect
______________________________________________________________
166 Configuring and Using Serial Over LAN
Using GUI Console Redirection 167
Using GUI Console Redirection
This section provides information about using the iDRAC console redirection
feature.
Overview
The iDRAC console redirection feature enables you to access the local
console remotely in either graphic or text mode. Using console redirection,
you can control one or more iDRAC-enabled systems from one location.
You do not have to sit in front of each server to perform all the routine
maintenance. You can instead manage the servers from wherever you are,
from your desktop or laptop computer. You can also share the information
with others—remotely and instantly.
Using Console Redirection
NOTE: When you open a console redirection session, the managed server does not
indicate that the console has been redirected.
The Console Redirection page enables you to manage the remote system by
using the keyboard, video, and mouse on your local management station to
control the corresponding devices on a remote managed server. This feature
can be used in conjunction with the Virtual Media feature to perform remote
software installations.
The following rules apply to a console redirection session:
A maximum of two simultaneous console redirection sessions are
supported. Both sessions view the same managed server console
simultaneously.
A console redirection session should not be launched from a web browser
on the managed system.
A minimum available network bandwidth of 1 MB/sec is required.
168 Using GUI Console Redirection
If a second user requests a console redirection session, the first user is notified
and is given the option to refuse access, allow only video, or allow full shared
access. The second user is notified that another user has control. The first
user must respond within thirty seconds or full access is automatically granted
to the second user. During the time that two sessions are concurrently active,
each user sees a message in the upper-right corner of the screen that identifies
the other user with an active session. A third active session is not permitted. If
a third user requests a console redirection session, access is denied without
interruption to the first or second user’s session.
If the neither the first or second user has administrator privileges, termination
of the first user's active session automatically results in termination of the
second user's session.
Supported Screen Resolutions and Refresh Rates
Table 9-1 lists the supported screen resolutions and corresponding refresh
rates for a console redirection session that is running on the managed server.
Configuring Your Management Station
To use Console Redirection on your management station, perform the
following procedures:
1
Install and configure a supported Web browser. See the following sections
for more information:
"Supported Web Browsers" on page 28
"Configuring a Supported Web Browser" on page 54
Table 9-1. Supported Screen Resolutions and Refresh Rates
Screen Resolution Refresh Rate (Hz)
720x400 70
640x480 60, 72, 75, 85
800x600 60, 70, 72, 75, 85
1024x768 60, 70, 72, 75, 85
1280x1024 60
Using GUI Console Redirection 169
2
If you are using Firefox or want to use the Java Viewer with Internet
Explorer, install a Java Runtime Environment (JRE). See "Installing a Java
Runtime Environment (JRE)" on page 60.
3
It is recommended that you configure your monitor display resolution to
1280x1024 pixels or higher.
NOTE: If you have an active console redirection session and a lower resolution
monitor is connected to the iKVM, the server console resolution may reset if the
server is selected on the local console. If the server is running a Linux operating
system, an X11 console may not be viewable on the local monitor. Pressing
<Ctrl><Alt><F1> at the iKVM will switch Linux to a text console.
Configuring Console Redirection in the iDRAC Web Interface
To configure console redirection in the iDRAC Web interface, perform the
following steps:
1
Click
System
and then click the
Console
tab.
2
Click
Configuration
to open the
Console Redirection Configuration
page.
3
Configure the console redirection properties. Table 9-2 describes the
settings for console redirection.
4
When completed, click
Apply
.
5
Click the appropriate button to continue. See Table 9-3.
Table 9-2. Console Redirection Configuration Properties
Property Description
Enabled Click to enable or disable Console Redirection.
Checked indicates that Console Redirection is enabled.
Unchecked indicates that Console Redirection is
disabled.
The default is enabled.
Max Sessions Displays the maximum number of Console Redirection
sessions that are possible, 1 or 2. Use the drop-down
menu to change the maximum number of Console
Redirection sessions allowed. The default is 2.
170 Using GUI Console Redirection
Active Sessions Displays the number of Active Console sessions. This
field is read-only.
Keyboard and Mouse Port
Number
The network port number used for connecting to the
Console Redirection Keyboard/Mouse option. This
traffic is always encrypted. You may need to change this
number if another program is using the default port.
The default is 5900.
Video Port Number The network port number used for connecting to the
Console Redirection Screen service. You may need to
change this setting if another program is using the
default port. The default is 5901.
Video Encryption Enabled Checked indicates that video encryption is enabled. All
traffic going to the video port is encrypted.
Unchecked indicates that video encryption is disabled.
Traffic going to the video port is not encrypted.
The default is Encrypted. Disabling encryption can
improve performance on slower networks.
Mouse Mode Choose Windows if the managed server is running on a
Windows operating system.
Choose Linux if your server is running on Linux.
Choose No Access if your server is not running on a
Windows or Linux operating system.
The default is Windows.
Table 9-2. Console Redirection Configuration Properties (continued)
Property Description
Using GUI Console Redirection 171
NOTE: For information about using Virtual Media with Console Redirection, see
"Configuring and Using Virtual Media" on page 185.
The buttons in
Tab l e 9 -5
are available on the Console Redirection
Configuration page.
Console Plug-In Type for
IE
When using Internet Explorer on a Windows operating
system, you can choose from the following viewers:
ActiveX - The ActiveX Console Redirection viewer
Java - Java Console Redirection viewer
NOTE: vKVM may not launch for the first time for Internet
Explorer 8, if Java is selected as the plug-in type.
NOTE: Depending on your version of Internet Explorer,
additional security restrictions may need to be turned off
(see "Configuring and Using Virtual Media" on page 185).
NOTE: You must have the Java runtime environment
installed on your client system to use the Java viewer.
Local Server Video
Enabled
Unchecked indicates that output to the iKVM monitor
is disabled during console redirection. This ensures that
the tasks you perform using Console Redirection are
not visible on the managed server's local monitor.
Table 9-3. Console Redirection Configuration Page Buttons
Button Definition
Print Prints the Console Redirection Configuration page
Refresh Reloads the Console Redirection Configuration page
Apply Saves any new settings made to the console redirection.
Table 9-2. Console Redirection Configuration Properties (continued)
Property Description
172 Using GUI Console Redirection
Opening a Console Redirection Session
When you open a console redirection session, the Dell Virtual KVM Viewer
Application (iDRACView) starts and the remote system’s desktop appears in
the viewer. Using the iDRACView, you can control the remote system’s
mouse and keyboard functions from your local management station.
NOTE: vKVM launch from a Windows Vista® management station may lead to
vKVM restart messages. To avoid this, set the appropriate timeout values in the
following locations: Control PanelPower OptionsPower SaverAdvanced
Settings Hard Disk Turnoff Hard Disk After <time_out> and in the Control Panel
Power Options High–Performance Advanced Settings Hard Disk Turnoff Hard
Disk After <time_out>.
To open a console redirection session in the Web interface, perform the
following steps:
1
Click
System
and then click the
Console
tab.
2
In the
Console Redirection
page, use the information in Table 9-4 to
ensure that a console redirection session is available.
If you wish to reconfigure any of the property values displayed, see
"Configuring Console Redirection in the iDRAC Web Interface" on
page 169.
Table 9-4. Console Redirection Page Information
Property Description
Console Redirection
Enabled
Yes/No
Video Encryption Enabled Yes/No
Max Sessions Displays the maximum number of supported console
redirection sessions
Current Sessions Displays the current number of active console
redirection sessions
Mouse Acceleration Displays the mouse acceleration currently in effect.
Choose the Mouse Acceleration mode based on the
type of operating system installed on the managed
server.
Using GUI Console Redirection 173
NOTE: For information about using Virtual Media with Console Redirection, see
"Configuring and Using Virtual Media" on page 185.
The buttons in
Tab l e 9 -5
are available on the Console Redirection page.
3
If a console redirection session is available, click
Launch Viewer
.
NOTE: Multiple message boxes may appear after you launch the application.
To prevent unauthorized access to the application, you must navigate through
these message boxes within three minutes. Otherwise, you will be prompted
to relaunch the application.
NOTE: If one or more Security Alert windows appear in the following steps,
read the information in the window and click Yes to continue.
Console Plug-in Type Displays the plug-in type currently configured.
ActiveX — An Active-X viewer will be launched. Active-
X viewer will only work on Internet Explorer while
running on a Windows Operating System.
Java — A Java viewer will be launched. The Java viewer
can be used on any browser including Internet Explorer.
If your client runs on an operating system other than
Windows, then you must use the Java Viewer. If you are
accessing the iDRAC using Internet Explorer while
running on a Windows operating system, you may
choose either Active-X or Java as the plug-in type.
Local Server Video
Enabled
Yes, if the local console has not been disabled. If No,
then the console cannot be accessed by anyone using
the iKVM connection on the chassis.
Table 9-5. Console Redirection Page Buttons
Button Definition
Refresh Reloads the Console Redirection Configuration page
Launch Viewer Opens a console redirection session on the targeted
remote system
Print Prints the Console Redirection Configuration page
Table 9-4. Console Redirection Page Information (continued)
Property Description
174 Using GUI Console Redirection
The management station connects to the iDRAC and the remote system’s
desktop appears in the Dell Digital KVM Viewer Application
(iDRACView).
4
Two mouse pointers appear in the viewer window: one for the remote
system and one for your local system. You must synchronize the two mouse
pointers so that the remote mouse pointer follows your local mouse
pointer. See "Synchronizing the Mouse Pointers" on page 178.
Using the Video Viewer
The Video Viewer provides a user interface between the management station
and the managed server, allowing you to see the managed server’s desktop and
control its mouse and keyboard functions from your management station.
When you connect to the remote system, the Video Viewer starts in a
separate window.
The Video Viewer provides various control adjustments such as color mode,
mouse synchronization, snapshots, keyboard macros, and access to Virtual
Media.
When you start a console redirection session and the Video Viewer appears,
you may need to adjust the color mode and synchronize the mouse pointers.
Table 9-6 describes the menu options that are available for use in the viewer.
Using GUI Console Redirection 175
Table 9-6. Viewer Menu Bar Selections
Menu Item Item Description
Video Pause Temporarily pauses console redirection.
Resume Resumes console redirection.
Refresh Redraws the viewer screen image.
Capture
Current Screen
Captures the current remote system screen to a .bmp
file on Windows or a .png file on Linux. A dialog box
is displayed that allows you to save the file to a
specified location.
Full Screen To make the Video Viewer expand into full screen
mode, select Full Screen from the Video menu.
Exit When you have finished using the Console and have
logged out (using the remote system's logout
procedure), select Exit from the Video menu to close
the iDRACView window.
176 Using GUI Console Redirection
Keyboard Hold Right Alt
Key
Select this item before typing keys you want to
combine with the right <Alt> key.
Hold Left Alt
Key
Select this item before typing keys you want to
combine with the left <Alt> key.
Left Windows
Key
Select Hold Down before typing characters you want
to combine with the left Windows key. Select Press
and Release to send a left Windows key keystroke.
Right Windows
Key
Select Hold Down before typing characters you want
to combine with the right Windows key. Select Press
and Release to send a right Windows key keystroke.
Macros When you select a macro, or type the hotkey
specified for the macro, the action is executed on the
remote system. The Video Viewer provides the
following macros:
Ctrl-Alt-Del
•Alt-Tab
Alt-Esc
Ctrl-Esc
Alt-Space
Alt-Enter
Alt-Hyphen
•Alt-F4
•PrtScn
Alt-PrtScn
•F1
•Pause
•Alt+M
•Alt+D
Keyboard Pass-
through
The Keyboard pass–through mode allows all
keyboard functions on the client to be redirected to
the server.
Table 9-6. Viewer Menu Bar Selections (continued)
Menu Item Item Description
Using GUI Console Redirection 177
NOTE: Special keys such as the Windows key, <Ctrl
Prnt Scrn>, and <Alt Fn> key combinations in the
keyboard pass–through mode may be problematic, as
some combinations are sent to the viewer itself and
might produce undesirable behavior. Special
provisions are made in the Java and ActiveX viewers
for macros under the Keyboard menu, which allow you
to send such combinations and special keys directly to
the managed server.
Mouse Synchronize
Cursor
The Mouse menu enables you to synchronize the
cursor so that the mouse on the client is redirected
to the mouse on the server.
Options Color Mode Allows you to select a color depth to improve
performance over the network. For example, if you
are installing software from virtual media, you can
choose the lowest color depth (3-bit gray), so that
less network bandwidth is used by the console viewer
leaving more bandwidth for transferring data from
the media.
The color mode can be set to 15-bit color, 7-bit color,
4-bit color, 4-bit grey, and 3-bit grey.
Media Virtual Media
Wizard
The Media menu provides access to the Virtual
Media Wizard, which allows you to redirect to a
device or image such as a:
Floppy drive
•CD
DVD
Image in ISO format
USB Flash drive
For information about the Virtual Media feature, see
"Configuring and Using Virtual Media" on page 185.
You must keep the Console Viewer window active
when using Virtual Media.
Table 9-6. Viewer Menu Bar Selections (continued)
Menu Item Item Description
178 Using GUI Console Redirection
Synchronizing the Mouse Pointers
When you connect to a remote PowerEdge system using Console
Redirection, the mouse acceleration speed on the remote system may not
synchronize with the mouse pointer on your management station, causing
two mouse pointers to appear in the Video Viewer window.
To synchronize the mouse pointers click Mouse Synchronize cursor or press
<Alt><M>.
The Synchronize cursor menu item is a toggle. Ensure that there is a check
mark next to the item in the menu so that the mouse synchronization is
active.
When using Red Hat® Linux® or Novell® SUSE® Linux, be sure to
configure the mouse mode for Linux before you launch the viewer. See
"Configuring Console Redirection in the iDRAC Web Interface" on page 169
for help with configuration. The operating system’s default mouse settings
are used to control the mouse arrow in the iDRAC Console Redirection
screen.
Disabling or Enabling Local Console
You can configure the iDRAC to disallow iKVM connections using the
iDRAC Web interface. When the local console is disabled, a yellow status dot
appears in the list of servers (OSCAR) to indicate that the console is locked in
the iDRAC. When the local console is enabled, the status dot is green.
If you want to have ensure that you have exclusive access to the managed
server console, you must disable the local console and reconfigure the Max
Sessions to 1 on the Console Redirection Configuration page.
NOTE: The local console feature is supported on all x9xx PowerEdge systems
except PowerEdge SC1435 and 6950.
NOTE: By disabling (turning off) the local video on the server, the monitor,
keyboard, and mouse connected to the iKVM are disabled.
Help About
iDRACView
Displays the iDRACView version.
Table 9-6. Viewer Menu Bar Selections (continued)
Menu Item Item Description
Using GUI Console Redirection 179
To disable or enable the local console, perform the following procedure:
1
On your management station, open a supported Web browser and log into
the iDRAC. See "Accessing the Web Interface" on page 71 for more
information.
2
Click
System
, click the
Console
tab, and then click
Configuration
.
3
If you want to disable (turn off) local video on the server, in the
Console
Redirection Configuration
page, clear the
Local Server Video Enabled
check box and then click
Apply
.
4
If you want to enable (turn on) local video on the server, in the
Console
Redirection Configuration
page, select the
Local Server Video Enabled
check box and then click
Apply
.
The Console Redirection page displays the status of the Local Server Video.
Frequently Asked Questions
Table 9-7 lists frequently asked questions and answers.
Table 9-7. Using Console Redirection: Frequently Asked Questions
Question Answer
vKVM fails to logout
when the out–of–band
Web GUI is logged
out.
The vKVM and vMedia sessions stay active even if the Web
session is logged off. Close the vMedia and vKVM viewer
applications to log out of the corresponding session.
Can a new remote
console video session
be started when the
local video on the
server is turned off?
Yes.
Why does it take
15 seconds to turn off
the local video on the
server after requesting
to turn off the local
video?
It gives a local user an opportunity to take any action before
the video is switched off.
180 Using GUI Console Redirection
Is there a time delay
when turning on the
local video?
No, once a local video turn ON request is received by iDRAC
the video is turned on instantly.
Can the local user also
turn off the video?
Yes, a local user can use the local RACADM CLI to turn off
the video.
Can the local user also
turn on the video?
No. Once the local console is disabled, the local user’s
keyboard and mouse are disabled and they are unable to
change any settings.
Does switching off the
local video also switch
off the local keyboard
and mouse?
Yes.
Does turning off the
local console turn off
the video on the
remote console
session?
No, turning the local video on or off is independent of the
remote console session.
What privileges are
needed for an iDRAC
user to turn on or off
the local server video?
Any user with iDRAC configuration privileges can turn the
local console on or off.
How can I get the
current status of the
local server video?
The status is displayed on the Console Redirection
Configuration page of the iDRAC Web interface.
The RACADM CLI command racadm getconfig –g
cfgRacTuning displays the status in the object
cfgRacTuneLocalServerVideo.
The status is also seen on the iKVM OSCAR display. When
the local console is enabled, a green status appears next to
the server name. When disabled, a yellow dot indicates that
the local console is locked by the iDRAC.
I cannot see the
bottom of the system
screen from the
Console Redirection
window.
Ensure that the management station’s monitor resolution is
set to 1280x1024.
Table 9-7. Using Console Redirection: Frequently Asked Questions (continued)
Question Answer
Using GUI Console Redirection 181
The console window is
garbled.
The console viewer on Linux requires a UTF-8 character set.
Check your locale and reset the character set if needed. See
"Setting the Locale in Linux" on page 58 for more
information.
Why do I get a blank
screen on the
managed server when
loading the
Windows 2000
operating system?
The managed server does not have the correct ATI video
driver. You must update the video driver by using the Dell
Systems Management Tools and Documentation DVD.
Why doesn’t the
mouse sync in DOS
when performing
Console Redirection?
The Dell BIOS is emulating the mouse driver as a PS/2
mouse. By design, the PS/2 mouse uses relative position for
the mouse pointer, which causes the lag in syncing. iDRAC
has a USB mouse driver, which allows absolute position and
closer tracking of the mouse pointer. Even if iDRAC passes
the USB absolute mouse position to the Dell BIOS, the BIOS
emulation would convert it back to relative position and the
behavior would remain. To fix this problem, set the mouse
mode to NONE in the Console Redirection configuration.
Why doesn’t the
mouse sync under the
Linux text console?
Virtual KVM requires the USB mouse driver, but the USB
mouse driver is available only under the X-Window operating
system.
I am still having issues
with mouse
synchronization.
Ensure that the correct mouse is selected for your operating
system before starting a console redirection session.
Ensure that Synchronize Mouse is checked in the Mouse
menu. Press <Alt><M> or select Mouse Synchronize
mouse to toggle mouse synchronization. When
synchronization is enabled, a check mark appears next to the
selection in the Mouse menu.
Table 9-7. Using Console Redirection: Frequently Asked Questions (continued)
Question Answer
182 Using GUI Console Redirection
Why can't I use a
keyboard or mouse
while installing
Windows remotely by
using iDRAC Console
Redirection?
When you remotely install a supported Microsoft operating
system on a system with Console Redirection enabled in the
BIOS, you receive an EMS Connection Message that requires
that you select OK before you can continue. You cannot use
the mouse to select OK remotely. You must either select OK
on the local system or restart the remotely managed server,
reinstall, and then turn Console Redirection off in the BIOS.
This message is generated by Microsoft to alert the user that
Console Redirection is enabled. To ensure that this message
does not appear, always turn off Console Redirection in the
BIOS before installing an operating system remotely.
Why doesn’t the Num
Lock indicator on my
management station
reflect the status of
the Num Lock on the
remote server?
When accessed through the iDRAC, the Num Lock indicator
on the management station does not necessarily coincide
with the state of the Num Lock on the remote server. The
state of the Num Lock is dependent on the setting on the
remote server when the remote session is connected,
regardless of the state of the Num Lock on the management
station.
Why do multiple
Session Viewer
windows appear when
I establish a console
redirection session
from the local host?
You are configuring a console redirection session from the
local system. This is not supported.
If I am running a
console redirection
session and a local user
accesses the managed
server, do I receive a
warning message?
No. If a local user accesses the system, you both have control
of the system.
How much bandwidth
do I need to run a
console redirection
session?
Dell recommends a 5 MB/sec connection for good
performance. A 1 MB/sec connection is required for minimal
performance.
Table 9-7. Using Console Redirection: Frequently Asked Questions (continued)
Question Answer
Using GUI Console Redirection 183
What are the
minimum system
requirements for my
management station
to run console
redirection?
The management station requires an Intel® Pentium III
500 MHz processor with at least 256 MB of RAM.
Table 9-7. Using Console Redirection: Frequently Asked Questions (continued)
Question Answer
184 Using GUI Console Redirection
Configuring and Using Virtual Media 185
Configuring and Using Virtual
Media
Overview
The Virtual Media feature, accessed through the console redirection viewer,
provides the managed server access to media connected to a remote system
on the network. Figure 10-1 shows the overall architecture of Virtual Media.
Figure 10-1. Overall Architecture of Virtual Media
Managed Server Management Station
Modular Server
Remote CD/DVD/USB
Remote Floppy
Network
186 Configuring and Using Virtual Media
Using Virtual Media, administrators can remotely boot their managed
servers, install applications, update drivers, or even install new operating
systems remotely from the virtual CD/DVD and diskette drives.
NOTE: Virtual media requires a minimum available network bandwidth of 128 Kbps.
Virtual media defines two devices for the managed server’s operating system
and BIOS: a floppy disk device and an optical disk device.
The management station provides the physical media or image file across the
network. When Virtual Media is connected, all virtual CD/floppy drive
access requests from the managed server are directed to the management
station across the network. Connecting Virtual Media appears the same as
inserting media into physical devices. When virtual media is not connected,
virtual devices on the managed server appear as two drives without media
installed in the drives.
Table 10-1 lists the supported drive connections for virtual floppy and virtual
optical drives.
NOTE: Changing Virtual Media while connected could stop the system boot
sequence.
Table 10-1. Supported Drive Connections
Supported Virtual Floppy Drive
Connections
Supported Virtual Optical Drive
Connections
Legacy 1.44 floppy drive with a 1.44
floppy diskette
CD-ROM, DVD, CDRW, combination
drive with CD-ROM media
USB floppy drive with a 1.44 floppy
diskette
CD-ROM/DVD image file in the ISO9660
format
1.44 floppy image USB CD-ROM drive with CD-ROM
media
USB removable disk (minimum size
128 MB)
Configuring and Using Virtual Media 187
Windows-Based Management Station
To run the Virtual Media feature on a management station running the
Microsoft® Windows® operating system, install a supported version of
Internet Explorer with the ActiveX Control plug-in (see "Supported Web
Browsers" on page 28). Set the browser security to Medium or a lower setting
to enable Internet Explorer to download and install signed ActiveX controls.
Depending on your version of Internet Explorer, a custom security setting for
ActiveX may be required:
1
Start Internet Explorer.
2
Click
Tools
Internet Options
, and then click the
Security
tab.
3
Under
Select a Web content zone to specify its security settings
, click to
select the desired zone.
4
Under
Security level for this zone
, click
Custom Level
.
The
Security Settings
window appears.
5
Under
ActiveX controls and plugins
, ensure that the following settings are
set to
Enable
:
Allow Scriptlets
Automatic prompting for ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
6
Click
OK
to save any changes and close the
Security Settings
window.
7
Click
OK
to close the
Internet Options
window.
8
Restart Internet Explorer.
You must have administrator rights to install ActiveX. Before installing the
ActiveX control, Internet Explorer may display a security warning. To
complete the ActiveX control installation procedure, accept the ActiveX
control when Internet Explorer prompts you with a security warning.
188 Configuring and Using Virtual Media
Linux-Based Management Station
To run the virtual media feature on a management station running the Linux
operating system, install a supported version of Firefox. See "Supported Web
Browsers" on page 28 for more information.
A Java Runtime Environment (JRE) is required is required to run the console
redirection plugin. You can download a JRE from java.sun.com. JRE
version 1.6 or above is recommended.
Configuring Virtual Media
1
Log in to the iDRAC Web interface.
2
Select
System
in the navigation tree and click the
Console
tab.
3
Click
Configuration
Virtual Media
to configure the Virtual Media
settings.
Table 10-2 describes the
Virtual Media
configuration values.
4
When you have finished configuring the settings, click
Apply
.
5
Click the appropriate button to continue. See Table 10-3.
Table 10-2. Virtual Media Configuration Values
Attribute Value
Attach Virtual Media Attach - Immediately attaches Virtual Media to
the server.
Detach - Immediately detaches Virtual Media
from the server.
Auto-Attach - Attaches Virtual Media to the
server only when a virtual media session is
started.
Maximum Sessions Displays the maximum number of Virtual Media
sessions allowed.
Active Sessions Displays the current number of Virtual Media
sessions.
Configuring and Using Virtual Media 189
Virtual Media Encryption
Enabled
Click the checkbox to enable or disable
encryption on Virtual Media connections.
Checked enables encryption; unchecked disables
encryption.
Virtual Media Port Number The network port number used for connecting to
the Virtual Media service without encryption.
Two consecutive ports starting from the port
number specified are used to connect to the
Virtual Media service. The port number
following the specified port must not be
configured for any other iDRAC service.
Virtual Media SSL Port Number The network port number used for encrypted
connections to the Virtual Media service. Two
consecutive ports starting from the port number
specified are used to connect to the Virtual
Media service. The port number following the
specified port must not be configured for any
other iDRAC service.
Floppy Emulation Indicates whether the Virtual Media appears as a
floppy drive or as a USB key to the server. If
Floppy Emulation is checked, the Virtual Media
device appears as a floppy device on the server. If
it is unchecked, it appears as a USB Key drive.
Enable Boot Once Enables (checked) or disables (not checked) the
boot-once option, which automatically
terminates the Virtual Media session after the
server has booted once. Use this attribute to boot
from the Virtual Media. On the next boot, the
system will boot from the next device in the boot
order. This option is useful for automated
deployments.
Table 10-2. Virtual Media Configuration Values (continued)
Attribute Value
190 Configuring and Using Virtual Media
Running Virtual Media
NOTE: Do not issue a racreset command when running a Virtual Media session.
Otherwise, undesirable results may occur, including loss of data.
NOTE: The Console Viewer window application must remain active while you
access the virtual media.
1
Open a supported Web browser on your management station.
2
Start the iDRAC Web interface.
3
Select
System
in the navigation tree and click the
Console
tab.
The
Console Redirection
page appears. If you want to change the values
of any of the displayed attributes, see "Configuring Virtual Media" on
page 188.
NOTE: The Floppy Image File under Floppy Drive (if applicable) may appear,
as this device can be virtualized as a virtual floppy. You can select one optical
drive and one floppy at the same time, or a single drive.
NOTE: The virtual device drive letters on the managed server do not coincide
with the physical drive letters on the management station.
NOTE: Virtual Media may not function properly on Windows operating system
clients that are configured with Internet Explorer Enhanced Security. To
resolve this issue, see your Microsoft operating system documentation or
contact your administrator.
4
Click
Launch Viewer
.
NOTE: On Linux, the file jviewer.jnlp is downloaded to your desktop and a
dialog box will ask what to do with the file. Choose the option to Open with
program and then select the javaws application, which is located in the bin
subdirectory of your JRE installation directory.
Table 10-3. Virtual Media Configuration Page Buttons
Button Description
Print Prints the Console Configuration values that appear on the
screen.
Refresh Reloads the Console Configuration page.
Apply Saves any new settings made to the Console Configuration
page.
Configuring and Using Virtual Media 191
The
iDRACView
application launches in a separate window.
5
Click
Media
Virtual Media Wizard…
.
The
Media Redirection
wizard appears.
6
View the Status window. If media is connected, you must disconnect it
before connecting a different media source. Click the
Disconnect
button
to the right of the media you wish to disconnect.
7
Select the radio button next to the media types you wish to connect.
You can select one radio button in the
Floppy/USB Drive
section and one
in the
CD/DVD Drive
section.
NOTE: When a management station CD/DVD media is already in use by a
iDRAC blade, the same media can be redirected and made available to
another iDRAC blade. In other words, iDRAC supports same media (Read only)
redirection to two different iDRAC blades. But with a USB media, you will not
be able to attach to two iDRAC blades. iDRAC prompts you with a warning
message indicating the same.
If you want to connect a floppy image or ISO image, enter the path (on
your local computer) to the image, or click the
Browse
button and browse
to the image.
NOTE: You may not be able to mount remote ISO images if you use the Java
plug–in. For example, Linux clients do not allow you to mount the images since
they use the Java plug–in. To avoid this, copy the ISO image to your local
system. The Java based Virtual Media plug–in does not allow you to specify a
share name using the \\computer\share format.
NOTE: Accessing remote floppy disks and CD–ROMs from VMWare Virtual
Media is not supported. Only devices directly connected to an ESX server or a
floppy or CD–ROM ISO image present in the ESX Service Console can be
made accessible to the Virtual Media. To avoid this issue, create an image of
the floppy or CD-ROM and copy it to the Service Console.
8
Click the
Connect
button next to each selected media type. The media is
connected and the
Status
window is updated.
9
Click the
Close
button.
NOTE: When you launch the iDRACview and then log out of the Web GUI,
iDRACView may not terminate and remains active. Close the vMedia and
vKVM viewer applications to log out of the corresponding session.
192 Configuring and Using Virtual Media
Disconnecting Virtual Media
1
Click
Media
Virtual Media Wizard…
.
2
Click
Disconnect
next to the
media you wish to disconnect.
The media is disconnected and the Status window is updated.
3
Click
Close
.
Booting From Virtual Media
The system BIOS enables you to boot from virtual optical drives or virtual
floppy drives. During POST, enter the BIOS setup window and verify that the
virtual drives are enabled and listed in the correct order.
To change the BIOS setting, perform the following steps:
1
Boot the managed server.
2
Press <F2> to enter the BIOS setup window.
3
Scroll to the boot sequence and press <Enter>.
In the pop-up window, the virtual optical drives and virtual floppy drives
are listed with the standard boot devices.
4
Ensure that the virtual drive is enabled and listed as the first device with
bootable media. If required, follow the on-screen instructions to modify
the boot order.
5
Save the changes and exit.
The managed server reboots.
The managed server attempts to boot from a bootable device based on the
boot order. If the virtual device is connected and a bootable media is
present, the system boots to the virtual device. Otherwise, the system
overlooks the device—similar to a physical device without bootable media.
Installing Operating Systems Using Virtual Media
This section describes a manual, interactive method to install the operating
system on your management station that may take several hours to complete.
A scripted operating system installation procedure using Virtual Media may
take less than 15 minutes to complete. See "Deploying the Operating System"
on page 239 for more information.
Configuring and Using Virtual Media 193
1
Verify the following:
The operating system installation CD is inserted in the management
station’s CD drive.
The local CD drive is selected.
You are connected to the virtual drives.
2
Follow the steps for booting from the virtual media in the "Booting From
Virtual Media" section to ensure that the BIOS is set to boot from the CD
drive that you are installing from.
3
Follow the on-screen instructions to complete the installation.
Using Virtual Media When the Server’s Operating System Is Running
Windows-Based Systems
On Windows systems, the virtual media drives are automounted if they are
attached and configured with a drive letter.
Using the virtual drives from within Windows is similar to using your physical
drives. When you connect to the media using the Virtual Media wizard, the
media is available at the system by clicking the drive and browsing its content.
Linux-Based Systems
Depending on the configuration of the software on your system, the virtual
media drives may not be automounted. If your drives are not automounted,
manually mount the drives using the Linux mount command.
194 Configuring and Using Virtual Media
Frequently Asked Questions
Table 10-4 lists frequently asked questions and answers.
Table 10-4. Using Virtual Media: Frequently Asked Questions
Question Answer
Sometimes, I notice my Virtual
Media client connection drop.
Why?
When a network time-out occurs, the iDRAC
firmware drops the connection, disconnecting
the link between the server and the Virtual
Drive.
If the Virtual Media configuration settings are
changed in the iDRAC Web interface or by
local RACADM commands, any connected
media is disconnected when the configuration
change is applied.
To reconnect to the Virtual Drive, use the
Virtual Media wizard.
Why do I sometimes lose my client
connection?
You can sometimes lose your client
connection if the network is slow or if you
change the CD in the client system CD drive.
For example, if you change the CD in the
client system’s CD drive, the new CD might
have an autostart feature. If this is the case,
the firmware can time out and the
connection can be lost if the client system
takes too long before it is ready to read the
CD. If a connection is lost, reconnect from
the GUI and continue the previous operation.
When a network timeout occurs, the iDRAC
firmware drops the connection, disconnecting
the link between the server and the Virtual
Drive. Also, someone may have altered the
Virtual Media configuration settings in the
Web interface or by entering RADACM
commands. To reconnect to the Virtual
Drive, use the
Virtual Media
feature.
Configuring and Using Virtual Media 195
An installation of the Windows
operating system seems to take too
long. Why?
If you are installing the Windows operating
system using the Dell Systems Management
Tools and Documentation DVD and a slow
network connection, the installation procedure
may require an extended amount of time to
access the iDRAC Web interface due to
network latency. While the installation window
does not indicate the installation progress, the
installation procedure is in progress.
I am viewing the contents of a floppy
drive or USB memory key. If I try to
establish a Virtual Media connection
using the same drive, I receive a
connection failure message and am
asked to retry. Why?
Simultaneous access to Virtual Floppy drives is
not allowed. Close the application used to view
the drive contents before you attempt to
virtualize the drive.
How do I configure my virtual device
as a bootable device?
On the managed server, access the BIOS Setup
and navigate to the boot menu. Locate the
virtual CD, Virtual Floppy, or Virtual Flash and
change the device boot order as needed. For
example, to boot from a CD drive, configure
the CD drive as the first drive in the boot order.
What types of media can I boot
from?
The iDRAC allows you to boot from the
following bootable media:
CDROM/DVD Data media
ISO 9660 image
1.44 Floppy disk or floppy image
A USB key that is recognized by the operating
system as a removable disk (minimum size
128 MB)
•A USB key image
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued)
Question Answer
196 Configuring and Using Virtual Media
How can I make my USB key
bootable?
Search support.dell.com for the Dell Boot
Utility, a Windows program you can use to
make your Dell USB key bootable.
You can also boot with a Windows 98 startup
disk and copy system files from the startup disk
to your USB key. For example, from the DOS
prompt, type the following command:
sys a:
x
: /s
where x: is the USB key you want to make
bootable.
You can also use the Dell boot utility to create a
bootable USB key. This utility is only
compatible with Dell-branded USB keys. To
download the utility, open a Web browser,
navigate to the Dell Support website located at
support.dell.com, and search for R122672.exe.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued)
Question Answer
Configuring and Using Virtual Media 197
I cannot locate my Virtual Floppy
device on a system running Red
Hat® Enterprise Linux® or the
SUSE® Linux operating system. My
Virtual Media is attached and I am
connected to my remote floppy.
What should I do?
Some Linux versions do not automount the
Virtual Floppy Drive and the Virtual CD drive
in a similar manner. To mount the Virtual
Floppy Drive, locate the device node that
Linux assigns to the Virtual Floppy Drive.
Perform the following steps to correctly find
and mount the Virtual Floppy Drive:
1
Open a Linux command prompt and run the
following command:
grep "Virtual Floppy"
/var/log/messages
2
Locate the last entry to that message and
note the time.
3
At the Linux prompt, run the following
command:
grep "
hh:mm:ss
"
/var/log/messages
where:
hh:mm:ss
is the time stamp of the message
returned by grep in step 1.
4
In step 3, read the result of the grep
command and locate the device name that is
given to the Dell Virtual Floppy.
5
Ensure that you are attached and connected
to the Virtual Floppy Drive.
6
At the Linux prompt, run the following
command:
mount
/dev/sdx
/mnt/floppy
where:
/dev/sdx
is the device name found in step
4
/mnt/floppy
is the mount point.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued)
Question Answer
198 Configuring and Using Virtual Media
What file system types are
supported on my Virtual Floppy
Drive?
Your Virtual Floppy Drive supports FAT16 or
FAT32 file systems.
When I performed a firmware
update remotely using the iDRAC
Web interface, my virtual drives at
the server were removed. Why?
Firmware updates cause the iDRAC to reset,
drop the remote connection, and unmount the
virtual drives. The drives will reappear when
the iDRAC reset is complete.
Table 10-4. Using Virtual Media: Frequently Asked Questions (continued)
Question Answer
Using the Local RACADM Command Line Interface 199
Using the Local RACADM Command
Line Interface
The local RACADM command line interface (CLI) provides access to the
iDRAC management features from the managed server. RACADM provides
access to the same features as the iDRAC Web interface. However, RACADM
can be used in scripts to ease configuration of multiple servers and iDRACs,
where the Web interface is more useful for interactive management.
Local RACADM commands do not use network connections to access the
iDRAC from the managed server. This means that you can use local
RACADM commands to configure the initial iDRAC networking.
For more information about configuring multiple iDRACs, see "Configuring
Multiple iDRACs" on page 221.
This section provides the following information:
Using RACADM from a command prompt
Configuring your iDRAC using the
racadm
command
Using the RACADM configuration file to configure multiple iDRACs
Using the RACADM Command
You run RACADM commands locally (on the managed server) from a
command prompt or shell prompt.
Log into the managed server, start a command shell, and enter local
RACADM commands in the following format:
racadm <
subcommand
> -g <
group
> -o <
object
> <
value
>
Without options, the RACADM command displays general use information.
To display the RACADM subcommand list, type:
racadm help
200 Using the Local RACADM Command Line Interface
The subcommand list includes all commands that are supported by the
iDRAC.
To get help for a subcommand, type:
racadm help <
subcommand
>
The command displays the syntax and command-line options for the
subcommand.
RACADM Subcommands
Table 11-1 provides a description of each RACADM subcommand that you
can run in RACADM. For a detailed listing of RACADM subcommands
including syntax and valid entries, see "RACADM Subcommand Overview"
on page 283.
CAUTION: The latest iDRAC firmware supports only the latest RACADM version.
You may encounter errors if you use an older version of RACADM to query a iDRAC
with the latest firmware. Install the RACADM version shipped with your latest
Dell™ OpenManage™ DVD media.
Table 11-1. RACADM Subcommands
Command Description
clrraclog Clears the iDRAC log. After clearing, a single entry is made to
indicate the user and time that the log was cleared.
clrsel Clears the managed server’s System Event Log entries.
config Configures the iDRAC.
getconfig Displays the current iDRAC configuration properties.
getniccfg Displays the current IP configuration for the controller.
getraclog Displays the iDRAC log.
getractime Displays the iDRAC time.
getssninfo Displays information about active sessions.
getsvctag Displays service tags.
getsysinfo Displays information about the iDRAC and managed server,
including IP configuration, hardware model, firmware
versions, and operating system information.
Using the Local RACADM Command Line Interface 201
Using the RACADM Utility to Configure the iDRAC
This section describes how to use RACADM to perform various iDRAC
configuration tasks.
Displaying Current iDRAC Settings
The RACADM getconfig subcommand retrieves current configuration
settings from the iDRAC. The configuration values are organized into groups
containing one or more objects, and the objects have values.
See "iDRAC Property Database Group and Object Definitions" on page 313
for a complete description of the groups and objects.
To display a list of all of the iDRAC groups, enter this command:
racadm getconfig -h
gettracelog Displays the iDRAC trace log. If used with -i, the command
displays the number of entries in the iDRAC trace log.
help Lists iDRAC subcommands.
help <subcommand> Lists usage statement for the specified subcommand.
racreset Resets the iDRAC.
racresetcfg Resets the iDRAC to the default configuration.
serveraction Performs power management operations on the managed
server.
setniccfg Sets the IP configuration for the controller.
sslcertdownload Downloads a CA certificate.
sslcertupload Uploads a CA certificate or server certificate to the iDRAC.
sslcertview Views a CA certificate or server certificate in the iDRAC.
sslcsrgen Generates and downloads the SSL CSR.
testemail Forces the iDRAC to send an e-mail over the iDRAC NIC.
testtrap Forces the iDRAC to send an SNMP alert over the iDRAC
NIC.
Table 11-1. RACADM Subcommands (continued)
Command Description
202 Using the Local RACADM Command Line Interface
To display the objects and values for a particular group, enter this command:
racadm getconfig -g
<
group
>
For example, to display a list of all cfgLanNetworking group object settings,
type the following command:
racadm getconfig -g cfgLanNetworking
Managing iDRAC Users with RACADM
NOTE: Use caution when using the racresetcfg command, as all configuration
parameters are reset to the original defaults. Any previous changes are lost.
NOTE: If you are configuring a new iDRAC or if you ran the racadm racresetcfg
command, the only current user is root with the password calvin.
NOTE: Users can be enabled and disabled over time. As a result, a user may have a
different index number on each iDRAC.
You can configure up to 15 users in the iDRAC property database. (A
sixteenth user is reserved for the IPMI LAN user.) Before you manually enable
an iDRAC user, verify if any current users exist.
To verify if a user exists, type the following command at the command
prompt:
racadm getconfig -u <
username
>
OR
type the following command once for each index from 1 to 16:
racadm getconfig -g cfgUserAdmin -i <
index
>
NOTE: You can also type racadm getconfig -f <
filename
> and view the
generated <filename> file, which includes all users, as well as all other iDRAC
configuration parameters.
Several parameters and object IDs are displayed with their current values.
Two objects of interest are:
# cfgUserAdminIndex=
nn
cfgUserAdminUserName=
If the cfgUserAdminUserName object has no value, that index number,
which is indicated by the cfgUserAdminIndex object, is available for use. If a
name appears after the =, that index is assigned to that user name.
Using the Local RACADM Command Line Interface 203
NOTE: Users and groups created for Active Directory environments must conform
to the Active Directory naming convention in your environment.
Adding an iDRAC User
To add a new user to the iDRAC, perform the following steps:
1
Set the user name.
2
Set the password.
3
Set the Login to iDRAC user privilege.
4
Enable the user.
Example
The following example describes how to add a new user named "John" with a
"123456" password and login privileges to the iDRAC:
racadm config -g cfgUserAdmin -o cfgUserAdminUserName
-i 2 john
racadm config -g cfgUserAdmin -o cfgUserAdminPassword
-i 2 123456
racadm config -g cfgUserAdmin -o cfgUserPrivilege -i 2
0x00000001
racadm config -g cfgUserAdmin -o cfgUserAdminEnable
-i 2 1
To verify the new user, use one of the following commands:
racadm getconfig -u john
racadm getconfig –g cfgUserAdmin –i 2
Enabling an iDRAC User With Permissions
To grant a user a specific administrative (role-based) permission, set the
cfgUserAdminPrivilege property to a bitmask constructed from the values
shown in Table 11-2.
204 Using the Local RACADM Command Line Interface
For example, to allow the user Configure iDRAC, Configure Users, Clear
Logs, and Access Console Redirection privileges, add the values 0x00000002,
0x00000004, 0x00000008, and 0x00000010 to construct the bitmap
0x0000002E. Then enter the following command to set the privilege:
racadm config -g cfgUserAdmin -o
cfgUserAdminPrivilege -i
2 0x0000002E
Removing an iDRAC User
When using RACADM, users must be disabled manually and on an
individual basis. Users cannot be deleted by using a configuration file.
The following example illustrates the command syntax that can be used to
delete a RAC user:
racadm config -g cfgUserAdmin -o cfgUserAdminUserName
-i <index> ""
A null string of double quote characters ("") instructs the iDRAC to remove
the user configuration at the specified index and reset the user configuration
to the original factory defaults.
Table 11-2. Bit Masks for User Privileges
User Privilege Privilege Bit Mask
Login to iDRAC 0x0000001
Configure iDRAC 0x0000002
Configure Users 0x0000004
Clear Logs 0x0000008
Execute Server Control Commands 0x0000010
Access Console Redirection 0x0000020
Access Virtual Media 0x0000040
Test Alerts 0x0000080
Execute Debug Commands 0x0000100
Using the Local RACADM Command Line Interface 205
Testing E-mail Alerting
The iDRAC e-mail alert feature allows users to receive e-mail alerts when a
critical event occurs on the managed server. The following example shows
how to test the e-mail alert feature to ensure that the iDRAC can properly
send e-mail alerts across the network.
racadm testemail -i 2
NOTE: Ensure that the SMTP and E-mail Alert settings are configured before
testing the e-mail alert feature. See "Configuring E-Mail Alerts" on page 81 for more
information.
Testing the iDRAC SNMP Trap Alert Feature
The iDRAC SNMP trap alerting feature allows SNMP trap listener
configurations to receive traps for system events that occur on the managed
server.
The following example shows how a user can test the SNMP trap alert
feature.
racadm testtrap -i 2
NOTE: Before you test the iDRAC SNMP trap alerting feature, ensure that the
SNMP and trap settings are configured correctly. See the testtrap and testemail
subcommand descriptions to configure these settings.
Configuring iDRAC Network Properties
To generate a list of available network properties, type the following:
racadm getconfig -g cfgLanNetworking
To use DHCP to obtain an IP address, use the following command to write
the object cfgNicUseDhcp and enable this feature:
racadm config -g cfgLanNetworking -o cfgNicUseDHCP 1
The commands provide the same configuration functionality as the iDRAC
configuration utility when you are prompted to type <Ctrl><E>. For more
information about configuring network properties with the iDRAC
configuration utility, see "LAN" on page 249.
The following is an example of how the command may be used to configure
desired LAN network properties.
racadm config -g cfgLanNetworking -o cfgNicEnable 1
206 Using the Local RACADM Command Line Interface
racadm config -g cfgLanNetworking -o cfgNicIpAddress
192.168.0.120
racadm config -g cfgLanNetworking -o cfgNicNetmask
255.255.255.0
racadm config -g cfgLanNetworking -o cfgNicGateway
192.168.0.120
racadm config -g cfgLanNetworking -o cfgNicUseDHCP 0
racadm config -g cfgLanNetworking -o
cfgDNSServersFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSServer1
192.168.0.5
racadm config -g cfgLanNetworking -o cfgDNSServer2
192.168.0.6
racadm config -g cfgLanNetworking -o
cfgDNSRegisterRac 1
racadm config -g cfgLanNetworking -o cfgDNSRacName
RAC-EK00002
racadm config -g cfgLanNetworking -o
cfgDNSDomainNameFromDHCP 0
racadm config -g cfgLanNetworking -o cfgDNSDomainName
MYDOMAIN
NOTE: If cfgNicEnable is set to 0, the iDRAC LAN is disabled even if DHCP is
enabled.
Configuring IPMI
1
Configure IPMI over LAN by entering the following command:
racadm config -g cfgIpmiLan -o cfgIpmiLanEnable 1
NOTE: This setting determines the IPMI commands that can be executed
from the IPMI over LAN interface. For more information, see the IPMI 2.0
specifications.
Using the Local RACADM Command Line Interface 207
a
Update the IPMI channel privileges by entering the following
command:
racadm config -g cfgIpmiLan -o
cfgIpmiLanPrivilegeLimit
<level>
where
<level>
is one of the following:
2
(
User
)
3
(
Operator
)
4
(
Administrator
)
For example, to set the IPMI LAN channel privilege to 2 (User), type
the following command:
racadm config -g cfgIpmiLan -o
cfgIpmiLanPrivilegeLimit 2
b
Set the IPMI LAN channel encryption key, if required, using a
command such as the following:
NOTE: The iDRAC IPMI supports the RMCP+ protocol. See the IPMI 2.0
specifications for more information.
racadm config -g cfgIpmiLan -o
cfgIpmiEncryptionKey
<key>
where <
key
> is a 20-character encryption key in a valid hexadecimal
format.
2
Configure IPMI Serial over LAN (SOL) using the following command:
racadm config -g cfgIpmiSol -o cfgIpmiSolEnable 1
NOTE: The IPMI SOL minimum privilege level determines the minimum
privilege required to activate IPMI SOL. For more information, see the IPMI 2.0
specification.
a
Update the IPMI SOL minimum privilege level using the following
command:
racadm config -g cfgIpmiSol -o
cfgIpmiSolMinPrivilege
<level>
where
<level>
is one of the following:
2
(
User
)
208 Using the Local RACADM Command Line Interface
3
(
Operator
)
4
(
Administrator
)
For example, to configure the IPMI privileges to 2 (User), enter the
following command:
racadm config -g cfgIpmiSol -o
cfgIpmiSolMinPrivilege 2
NOTE: To redirect the serial console over LAN, ensure that the SOL baud rate
is identical to your managed server’s baud rate.
b
Update the IPMI SOL baud rate using the following command:
racadm config -g cfgIpmiSol -o
cfgIpmiSolBaudRate
<baud-rate>
where
<baud-rate>
is 19200, 57600, or 115200 bps.
For example:
racadm config -g cfgIpmiSol -o
cfgIpmiSolBaudRate 57600
c
Enable SOL by typing the following command at the command
prompt.
NOTE: SOL can be enabled or disabled for each individual user.
racadm config -g cfgUserAdmin -o
cfgUserAdminSolEnable -i
<id>
2
where
<id>
is the user’s unique ID.
Configuring PEF
You can configure the action you wish the iDRAC to take for each platform
alert. Table 11-3 lists the possible actions and the value to identify them in
RACADM.
Table 11-3. Platform Event Action
Action Value
No action 0
Power off 1
Using the Local RACADM Command Line Interface 209
Configure PEF actions using the following command:
racadm config -g cfgIpmiPef -o cfgIpmiPefAction
-i <
index
> <
action-value
>
where <index> is the PEF index (see Table 5-8 on page 79), and <action-
value> is a value from Table 11-3.
For example, to enable PEF to reboot the system and send an IPMI alert
when a processor critical event is detected, type the following command:
racadm config -g cfgIpmiPef -o cfgIpmiPefAction -i 9 2
Configuring PET
1
Enable global alerts using the following command:
racadm config -g cfgIpmiLan -o
cfgIpmiLanAlertEnable 1
2
Enable PET using the following command:
racadm config -g cfgIpmiPet -o
cfgIpmiPetAlertEnable -i <
index
> <0|1>
where
<
index
> is the PET destination index and
0
or
1
disable PET or
enable PET, respectively.
For example, to enable PET with index 4, type the following command:
racadm config -g cfgIpmiPet -o
cfgIpmiPetAlertEnable -i 4 1
3
Configure your PET policy using the following command:
racadm config -g cfgIpmiPet -o
cfgIpmiPetAlertDestIPAddr -i <
index
>
<IP-address>
where <
index
> is the PET destination index and <
IP-address
> is the
destination IP address of the system that receives the platform event alerts.
Reboot 2
Power Cycle 3
Table 11-3. Platform Event Action (continued)
Action Value
210 Using the Local RACADM Command Line Interface
4
Configure the Community Name string.
At the command prompt, type:
racadm config -g cfgIpmiLan -o
cfgIpmiPetCommunityName
<name>
where <
name
> is the PET Community Name.
Configuring E-mail Alerts
1
Enable global alerts by entering the following command:
racadm config -g cfgIpmiLan -o
cfgIpmiLanAlertEnable 1
2
Enable e-mail alerts by entering the following commands:
racadm config -g cfgEmailAlert -o
cfgEmailAlertEnable -i <
index
> <0|1>
where <
index
> is the e-mail destination index and 0 disables the e-mail
alert or 1 enables the alert. The e-mail destination index can be a value
from 1 through 4.
For example, to enable e-mail with index 4, type the following command:
racadm config -g cfgEmailAlert -o
cfgEmailAlertEnable -i 4 1
3
Configure your e-mail settings by entering the following command:
racadm config -g cfgEmailAlert -o
cfgEmailAlertAddress -i 1
<email-address>
where 1 is the e-mail destination index and <
email-address
> is the
destination e-mail address that receives the platform event alerts.
4
To configure a custom message, enter the following command:
racadm config -g cfgEmailAlert -o
cfgEmailAlertCustomMsg -i <
index
>
<custom-message>
where <
index
> is the e-mail destination index and <
custom-message
> is
the custom message.
Using the Local RACADM Command Line Interface 211
5
Test the configured e-mail alert, if desired, by entering the following
command:
racadm testemail -i <
index
>
where <
index
> is the e-mail destination index to test.
Configuring IP Filtering (IpRange)
IP address filtering (or IP Range Checking) allows iDRAC access only from
clients or management workstations whose IP addresses are within a user-
specified range. All other login requests are denied.
IP filtering compares the IP address of an incoming login to the IP address
range that is specified in the following cfgRacTuning properties:
• cfgRacTuneIpRangeAddr
• cfgRacTuneIpRangeMask
The cfgRacTuneIpRangeMask property is applied to both the incoming IP
address and to the cfgRacTuneIpRangeAddr properties. If the results are
identical, the incoming login request is allowed to access the iDRAC. Logins
from IP addresses outside this range receive an error.
The login proceeds if the following expression equals zero:
cfgRacTuneIpRangeMask & (
<incoming-IP-address>
^
cfgRacTuneIpRangeAddr)
where & is the bitwise AND of the quantities and ^ is the bitwise exclusive-
OR.
See "cfgRacTuning" on page 330 for a complete list of cfgRacTuning
properties.
212 Using the Local RACADM Command Line Interface
Configuring IP Filtering
To configure IP filtering in the Web interface, follow these steps:
1
Click
System
Remote Access
iDRAC
Network/Security
.
2
On the
Network Configuration
page, click
Advanced Settings
.
3
Check the
IP Range Enabled
checkbox and enter the
IP Range Address
and
IP Range Subnet Mask
.
4
Click
Apply
.
Following are examples using local RACADM to set up IP filtering.
NOTE: See "Using the Local RACADM Command Line Interface" on page 199 for
more information about RACADM and RACADM commands.
1
The following RACADM commands block all IP addresses except
192.168.0.57:
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
Table 11-4. IP Address Filtering (IpRange) Properties
Property Description
cfgRacTuneIpRangeEnable Enables the IP range checking feature.
cfgRacTuneIpRangeAddr Determines the acceptable IP address bit pattern,
depending on the 1’s in the subnet mask.
This property is bitwise anded with
cfgRacTuneIpRangeMask to determine the upper
portion of the allowed IP address. Any IP address that
contains this bit pattern in its upper bits is allowed to
log in. Logins from IP addresses that are outside this
range fail. The default values in each property allow
an address range from 192.168.1.0 to 192.168.1.255
to log in.
cfgRacTuneIpRangeMask Defines the significant bit positions in the IP address.
The mask should be in the form of a netmask, where
the more significant bits are all 1’s with a single
transition to all zeros in the lower-order bits.
Using the Local RACADM Command Line Interface 213
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeAddr 192.168.0.57
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeMask 255.255.255.255
2
To restrict logins to a small set of four adjacent IP addresses (for example,
192.168.0.212 through 192.168.0.215), select all but the lowest two bits in
the mask, as shown below:
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeAddr 192.168.0.212
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeMask 255.255.255.252
The last byte of the range mask is set to 252, the decimal equivalent of
11111100b.
IP Filtering Guidelines
Use the following guidelines when enabling IP filtering:
Ensure that
cfgRacTuneIpRangeMask
is configured in the form of a
netmask, where all most significant bits are 1’s (which defines the subnet
in the mask) with a transition to all 0’s in the low-order bits.
Use the desired range’s base address as the value of
cfgRacTuneIpRangeAddr
. The 32-bit binary value of this address should
have zeros in all the low-order bits where there are zeros in the mask.
Configuring IP Blocking
IP blocking dynamically determines when excessive login failures occur from
a particular IP address and blocks (or prevents) the address from logging into
the iDRAC for a preselected time span.
The IP blocking features include:
The number of allowed login failures (
cfgRacTuneIpBlkFailcount
)
The time frame in seconds during which these failures must occur
(
cfgRacTuneIpBlkFailWindow
)
214 Using the Local RACADM Command Line Interface
The amount of time in seconds that the blocked IP address is prevented
from establishing a session after the allowed number of failures is exceeded
(
cfgRacTuneIpBlkPenaltyTime
)
As login failures accumulate from a specific IP address, they are registered by
an internal counter. When the user logs in successfully, the failure history is
cleared and the internal counter is reset.
NOTE: When login attempts are refused from the client IP address, some SSH
clients may display the following message: ssh exchange
identification: Connection closed by remote host.
See "iDRAC Property Database Group and Object Definitions" on page 313
for a complete list of cfgRacTune properties.
"Login Retry Restriction Properties" on page 214 lists the user-defined
parameters.
Table 11-5. Login Retry Restriction Properties
Property Definition
cfgRacTuneIpBlkEnable Enables the IP blocking feature.
When consecutive failures
(cfgRacTuneIpBlkFailCount) from a single IP
address are encountered within a specific amount of
time (cfgRacTuneIpBlkFailWindow), all further
attempts to establish a session from that address are
rejected for a certain time span
(cfgRacTuneIpBlkPenaltyTime).
cfgRacTuneIpBlkFailCount Sets the number of login failures from an IP address
before the login attempts are rejected.
cfgRacTuneIpBlkFailWindow The time frame in seconds during which the failure
attempts are counted. When the failures exceed this
limit, they are dropped from the counter.
cfgRacTuneIpBlkPenaltyTime Defines the time span in seconds that login
attempts from an IP address with excessive failures
are rejected.
Using the Local RACADM Command Line Interface 215
Enabling IP Blocking
The following example prevents a client IP address from establishing a session
for five minutes if that client has failed five login attempts in a one-minute
period of time.
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkFailCount 5
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkFailWindow 60
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkPenaltyTime 300
The following example prevents more than three failed attempts within one
minute, and prevents additional login attempts for an hour.
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkFailCount 3
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkFailWindow 60
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkPenaltyTime 360
Configuring iDRAC Telnet and SSH Services Using Local RACADM
The telnet/SSH console can be configured locally (on the managed server)
using RACADM commands.
NOTE: You must have Configure iDRAC permission to execute the commands in
this section.
NOTE: When you reconfigure telnet or SSH settings in the iDRAC, any current
sessions are terminated without warning.
To enable telnet and SSH from the local RACADM, log in to the managed
server and type the following commands at a command prompt:
racadm config -g cfgSerial -o cfgSerialTelnetEnable 1
216 Using the Local RACADM Command Line Interface
racadm config -g cfgSerial -o cfgSerialSshEnable 1
To disable the telnet or SSH service, change the value from 1 to 0:
racadm config -g cfgSerial -o cfgSerialTelnetEnable 0
racadm config -g cfgSerial -o cfgSerialSshEnable 0
Type the following command to change the telnet port number on the
iDRAC:
racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort
<new port number>
For example, to change the telnet port from the default 23 to 8022, type this
command:
racadm config -g cfgRacTuning -o cfgRacTuneTelnetPort
8022
For a complete list of available RACADM CLI commands, see "Using the
Local RACADM Command Line Interface" on page 199.
Using an iDRAC Configuration File
An iDRAC configuration file is a text file that contains a representation of the
values in the iDRAC database. You can use the RACADM getconfig
subcommand to generate a configuration file containing the current values
from the iDRAC. You can then edit the file and use the RACADM config -f
subcommand to load the file back into the iDRAC, or to copy the
configuration to other iDRACs.
Creating an iDRAC Configuration File
The configuration file is a plain (unformatted) text file. You can use any valid
file name; the .cfg file extension is a recommended convention.
The configuration file can be:
Created with a text editor
Obtained from the iDRAC with the RACADM
getconfig
subcommand
Obtained from the iDRAC with the RACADM
getconfig
subcommand
and then edited
Using the Local RACADM Command Line Interface 217
To obtain a configuration file, with the RACADM getconfig command, enter
the following command at a command prompt on the managed server:
racadm getconfig -f myconfig.cfg
This command creates the file myconfig.cfg in the current directory.
Configuration File Syntax
NOTE: Edit the configuration file with a plain text editor, such as Notepad on
Windows or vi on Linux. The racadm utility parses ASCII text only. Any formatting
confuses the parser and may corrupt the iDRAC database.
This section describes the format of the configuration file.
Lines that start with
#
are comments.
A comment
must
start in the first column of the line. A
#
character in any
other column is treated as a normal # character.
Example
:
#
#
This is a comment
[cfgUserAdmin]
cfgUserAdminPrivilege=4
Group entries must be surrounded by
[
and
]
characters.
The starting
[
character denoting a group name
must
start in column one.
This group name
must
be specified before any of the objects in that group.
Objects that do not include an associated group name generate an error.
The configuration data is organized into groups as defined in "iDRAC
Property Database Group and Object Definitions" on page 313.
The following example displays a group name, object, and the object’s
property value.
Example:
[cfgLanNetworking]
(
group name
)
cfgNicIpAddress=192.168.133.121
(
object name
)
218 Using the Local RACADM Command Line Interface
Parameters are specified as
object=value
pairs with no white space between
the object, =, and value.
White space that is included after the value is ignored. White space inside
a value string remains unmodified. Any character to the right of the
=
is
taken as is (for example, a second
=
, or a
#
,
[
,
]
, and so forth).
The parser ignores an index object entry.
Yo u
cannot
specify which index is used. If the index already exists, it is
either used or the new entry is created in the first available index for that
group.
The
racadm getconfig -f
<filename>
command places a
comment in front of index objects, allowing you to see the included
comments.
NOTE: You can create an indexed group manually using the following command:
racadm config -g <groupName> -o <anchored-object> -i <index> <unique-anchor-
name>
The line for an indexed group
cannot
be deleted from a configuration file.
You must remove an indexed object manually using the following
command:
racadm config -g <
groupName
> -o <
objectName
> -i
<
index
> ""
NOTE: A NULL string (identified by two
""
characters) directs the iDRAC to delete the
index for the specified group.
To view the contents of an indexed group, use the following command:
racadm getconfig -g <
groupName
> -i <
index
>
For indexed groups the object anchor
must
be the first object after the
[ ]
pair. The following are examples of the current indexed groups:
[cfgUserAdmin]
cfgUserAdminUserName=<
username
>
If the parser encounters an indexed group, it is the value of the anchored
object that differentiates the various indexes.
The parser reads in all of the indexes from the iDRAC for that group. Any
objects within that group are simple modifications when the iDRAC is
Using the Local RACADM Command Line Interface 219
configured. If a modified object represents a new index, the index is
created on the iDRAC during configuration.
You cannot specify a desired index in a configuration file.
Indexes may be created and deleted, so over time the group may become
fragmented with used and unused indexes. If an index is present, it is
modified. If an index is not present, the first available index is used. This
method allows flexibility when adding indexed entries where you do not
need to make exact index matches between all the RACs being managed.
New users are added to the first available index. A configuration file that
parses and runs correctly on one iDRAC may not run correctly on another
if all indexes are full and you must add a new user.
Modifying the iDRAC IP Address in a Configuration File
When you modify the iDRAC IP address in the configuration file, remove all
unnecessary <variable>=<value> entries. Only the actual variable group’s
label with "[" and "]" remains, including the two <variable>=<value>
entries pertaining to the IP address change.
For example:
#
# Object Group "cfgLanNetworking"
#
[cfgLanNetworking]
cfgNicIpAddress=10.35.10.110
cfgNicGateway=10.35.10.1
This file will be updated as follows:
#
# Object Group "cfgLanNetworking"
#
[cfgLanNetworking]
cfgNicIpAddress=10.35.9.143
220 Using the Local RACADM Command Line Interface
# comment, the rest of this line is ignored
cfgNicGateway=10.35.9.1
Loading the Configuration File Into the iDRAC
The command racadm config -f <
filename
> parses the
configuration file to verify that valid group and object names are present and
that syntax rules are followed. If the file is error-free the command then
updates the iDRAC database with the contents of the file.
NOTE: To verify the syntax only and not update the iDRAC database, add the -c
option to the config subcommand.
Errors in the configuration file are flagged with the line number and a
message that explains the problem. You must correct all errors before the
configuration file can update the iDRAC.
NOTE: Use the racresetcfg subcommand to reset the database and the iDRAC NIC
settings to the original default settings and remove all users and user
configurations. While the root user is available, other users’ settings are also reset
to the default settings.
Before you execute the racadm config -f <
filename
> command, you
can run the racresetcfg subcommand to reset the iDRAC to its default
settings. Ensure that the configuration file you load includes all desired
objects, users, indexes, and other parameters.
To update the iDRAC with the configuration file, execute the following
command at the managed server’s command prompt:
racadm config -f <
filename>
After the command has completed, you can execute the RACADM getconfig
subcommand to confirm that the update succeeded.
Using the Local RACADM Command Line Interface 221
Configuring Multiple iDRACs
Using a configuration file, you can configure other iDRACs with identical
properties. Follow these steps to configure multiple iDRACS:
1
Create the configuration file from the iDRAC whose settings you want to
replicate to the others. At a command prompt on the managed server,
enter the following command:
racadm getconfig -f <
filename
>
where <
filename
> is the name of a file to save the iDRAC properties, such
a
myconfig.cfg
.
See "Creating an iDRAC Configuration File" on page 216 for more
information.
NOTE: Some configuration files contain unique iDRAC information (such as the
static IP address) that must be modified before you export the file to other iDRACs.
2
Edit the configuration file you created in the previous step and remove or
comment-out any settings you
do not
want to replicate.
3
Copy the edited configuration file to a network drive where it is accessible
to each managed server whose iDRAC you want to configure.
4
For each iDRAC you want to configure:
a
Log in to the managed server and start a command prompt.
b
If you want to reconfigure the iDRAC from the default settings, enter
the following command:
racadm racreset
c
Load the configuration file into the iDRAC with the following
command:
racadm config -f <
filename
>
where <
filename
> is the name of the configuration file you created.
Include the full path if the file is not in the working directory.
d
Reset the iDRAC that was configured by entering the following
command:
racadm reset
222 Using the Local RACADM Command Line Interface
Using the iDRAC SM-CLP Command Line Interface 223
Using the iDRAC SM-CLP Command
Line Interface
This section provides information about the Distributed Management Task
Force (DMTF) Server Management-Command Line Protocol (SM-CLP)
that is incorporated in the iDRAC.
NOTE: This section assumes that you are familiar with the Systems Management
Architecture for Server Hardware (SMASH) Initiative and the SM-CLP
specifications. For more information on these specifications, see the Distributed
Management Task Force (DMTF) website at www.dmtf.org.
The iDRAC SM-CLP is a protocol driven by the DMTF and SMWG to
provide standards for systems management CLI implementations. Many
efforts are driven by a defined SMASH architecture that is targeted as a
foundation for more standardized systems management set of components.
The SMWG SM-CLP is a subcomponent of the overall SMASH efforts
driven by DMTF.
SM-CLP provides a subset of the functionality provided by the local
RACADM command line interface, but with a different access path. SM-CLP
executes within the iDRAC, while RACADM executes on the managed server.
Also, RACADM is a Dell proprietary interface, where SM-CLP is an industry
standard interface. See "RACADM and SM-CLP Equivalencies" on page 377
for a mapping of the RACADM and SM-CLP commands.
System Management With SM-CLP
The iDRAC SM-CLP enables you to manage the following system features
from a command line or script:
Server Power Management — Turn on, shutdown, or reboot the system
System Event Log (SEL) Management — Display or clear the SEL records
iDRAC user account management
224 Using the iDRAC SM-CLP Command Line Interface
Active Directory configuration
iDRAC LAN configuration
SSL Certificate Signature Request (CSR) generation
Virtual media configuration
Serial over LAN (SOL) redirection over Telnet or SSH
iDRAC SM-CLP Support
SM-CLP is hosted from the iDRAC firmware and supports telnet and SSH
connections. The iDRAC SM-CLP interface is based on the SM-CLP
Specification Version 1.0 provided by the DMTF organization.
The following sections provide an overview of the SM-CLP feature that is
hosted from the iDRAC.
SM-CLP Features
The SM-CLP specification provides a common set of standard SM-CLP verbs
that can be used for simple systems management through the CLI.
SM-CLP promotes the concept of verbs and targets to provide system
configuration capabilities through the CLI. The verb indicates the operation
to perform and the target determines the entity (or object) that runs the
operation.
The following is the syntax of the SM-CLP command line:
<verb> [<options>] [<target>] [<properties>]
Table 12-1 provides a list of the verbs the iDRAC CLI supports, the syntax of
each command, and a list of the options the verb supports.
Table 12-1. Supported SM-CLP CLI Verbs
Verb Description Options
cd Navigates through the managed system address
space using the shell.
Syntax:
cd [
options
] [
target
]
–default, –examine,
–help, –output,
–version
Using the iDRAC SM-CLP Command Line Interface 225
delete Deletes an object instance.
Syntax:
delete [
options
]
target
–examine, –help,
–output, –version
dump Moves a binary image from the MAP to a URI.
dump -destination <
URI
> [
options
]
[
target
]
–destination, –examine,
–help, –output,
–version
exit Exits from the SM-CLP shell session.
Syntax:
exit [
options
]
–help, –output,
–version
help Displays help for SM-CLP commands.
help
-examine, -help,
-output, -version
load Moves a binary image to the MAP from a URI.
Syntax:
load -source <
URI
> [
options
]
[
target
]
–examine, –help,
–output, –source,
–version
reset Resets the target.
Syntax:
reset [
options
] [
target
]
–examine, –help,
–output, –version
set Sets the properties of a target
Syntax:
set [
options
] [
target
]
<
property name
>=<
value
>
–examine, –help,
–output, –version
show Displays the target properties, verbs, and
subtargets.
Syntax:
show [
options
] [
target
]
<
property name
>=<
value
>
-all, -default, –display,
–examine, –help, –level,
–output, –version
Table 12-1. Supported SM-CLP CLI Verbs (continued)
Verb Description Options
226 Using the iDRAC SM-CLP Command Line Interface
Table 12-2 describes the SM-CLP options. Some options have abbreviated
forms, as shown in the table.
start Starts a target.
Syntax:
start [
options
] [
target
]
–examine, –force,
–help, –output,
–version
stop Shuts down a target.
Syntax:
stop [
options
] [
target
]
–examine, –force,
–help, –output,
–version, –wait
version Displays the version attributes of a target.
Syntax:
version [
options
]
–examine, –help,
–output, –version
Table 12-2. Supported SM-CLP Options
SM-CLP Option Description
–all, –a Instructs the verb to perform all possible functions.
-destination Specifies the location to store an image in the dump
command.
Syntax:
-destination <URI>
-display, -d Filters the command output.
Syntax:
-display <properties | targets | verbs>[,
<properties | targets | verbs>]*
-examine, -x Instructs the command processor to validate the command
syntax without executing the command.
–help, –h Displays help for the verb.
Table 12-1. Supported SM-CLP CLI Verbs (continued)
Verb Description Options
Using the iDRAC SM-CLP Command Line Interface 227
Navigating the MAP Address Space
NOTE: The slash (/) and backslash (\) are interchangeable in SM-CLP address
paths. However, a backslash at the end of a command line continues the command
on the next line and is ignored when the command is parsed.
Objects that can be managed with SM-CLP are represented by targets
arranged in a hierarchical space called the Manageability Access Point (MAP)
address space. An address path specifies the path from the root of the address
space to an object in the address space.
The root target is represented by a slash (/) or a backslash (\). It is the default
starting point when you log in to the iDRAC. Navigate down from the root
using the cd verb. For example to navigate to the third record in the System
Event Log (SEL), enter the following command:
->cd /system1/sp1/logs1/record3
Enter the cd verb with no target to find your current location in the address
space. The .. and . abbreviations work as they do in Windows and Linux:
.. refers to the parent level and . refers to the current level.
–level, -l Instructs the verb to operate on targets at additional levels
beneath the specified target.
Syntax:
-level <
n
| all>
–output, –o Specifies the format for the output.
Syntax:
-output <text | clpcsv | clpxml>
-source Specifies the location of an image in a load command.
Syntax:
-source <URI>
–version, –v Displays the SMASH-CLP version number.
Table 12-2. Supported SM-CLP Options (continued)
SM-CLP Option Description
228 Using the iDRAC SM-CLP Command Line Interface
Targets
Table 12-3 provides a list of targets available through the SM-CLP.
Using the Show Verb
To learn more about a target use the show verb. This verb displays the
target’s properties, sub-targets, and a list of the SM-CLP verbs that are
allowed at that location.
Table 12-3. SM-CLP Targets
Target Definition
/system1/ The managed system target.
/system1/sp1 The service processor.
/system1/sol1 Serial over LAN target.
/system1/sp1/account1 through
/system1/sp1/account16
The sixteen local iDRAC user accounts.
account1 is the root account.
/system1/sp1/enetport1 The iDRAC NIC MAC address.
/system1/sp1/enetport1/lanendpt1/
ipendpt1
The iDRAC IP, gateway, and netmask settings.
/system1/sp1/enetport1/lanendpt1/
ipendpt1/dnsendpt1
The iDRAC DNS server settings.
/system1/sp1/group1 through
/system1/sp1/group5
The Active Directory standard schema
groups.
/system1/sp1/logs1 The log collections target.
/system1/sp1/logs1/record1 An individual SEL record instance on the
managed system.
/system1/sp1/logs1/records The SEL target on the managed system.
/system1/sp1/oemdell_racsecurity1 Storage for parameters used to generate a
Certificate Signing Request.
/system1/sp1/oemdell_ssl1 SSL certificate request state.
/system1/sp1/oemdell_vmservice1 The virtual media configuration and state.
Using the iDRAC SM-CLP Command Line Interface 229
Using the -display Option
The show –display option allows you to limit the output of the command to
one or more of properties, targets, and verbs. For example, to display just the
properties and targets at the current location, use the following command:
show -d properties,targets /system1/sp1/account1
To list only certain properties, qualify them, as in the following command:
show -d properties=(userid,username)
/system1/sp1/account1
If you only want to show one property, you can omit the parentheses.
Using the -level Option
The show -level option executes show over additional levels beneath the
specified target. For example, if you want to see the username and userid
properties of the account1 through account16 targets beneath /system1/sp1,
you could enter the following command:
show -l 1 -d properties=(userid,username)
/system1/sp1/account*
To see all targets and properties in the address space, use the -l all option, as
in the following command:
show -l all -d properties /
Using the -output Option
The -output option specifies one of four formats for the output of SM-CLP
verbs: text, clpcsv, keyword, and clpxml.
The default format is text, and is the most readable output. The clpcsv
format is a comma-separated values format suitable for loading into a
spreadsheet program. The keyword format outputs information as a list of
keyword=value pairs one per line. The clpxml format is an XML document
containing a response XML element. The DMTF has specified the clpcsv and
clpxml formats and their specifications can be found on the DMTF website
at www.dmtf.org.
The following example shows how to output the contents of the SEL in XML:
show -l all -output format=clpxml /system1/sp1/logs1
230 Using the iDRAC SM-CLP Command Line Interface
iDRAC SM-CLP Examples
The following subsections provide examples for using the SM-CLP to
perform the following operations:
Server power management
SEL management
MAP target navigation
Display system properties
Setting the iDRAC IP address, subnet mask, and gateway address
For information on the use of the iDRAC SM-CLP interface, see "iDRAC
SMCLP Property Database" on page 355.
Server Power Management
Table 12-4 provides examples of using SM-CLP to perform power
management operations on a managed server.
Table 12-4. Server Power Management Operations
Operation Syntax
Logging into the
iDRAC using the
SSH interface
>ssh 192.168.0.120
>login: root
>password:
Power down the
server
->stop /system1
system1 has been stopped successfully
Power up the server
from a powered-off
state
->start /system1
system1 has been started successfully
Reboot the server ->reset /system1
system1 has been reset successfully
Using the iDRAC SM-CLP Command Line Interface 231
SEL Management
Table 12-5 provides examples of using the SM-CLP to perform SEL-related
operations on the managed system.
Table 12-5. SEL Management Operations
Operation Syntax
Viewing the
SEL
->show /system1/sp1/logs1
Targets:
record1
record2
record3
record4
record5
Properties:
Description=IPMI SEL
MaxNumberOfRecords=512
CurrentNumberOfRecords=5
Verbs:
cd
delete
exit
help
show
version
232 Using the iDRAC SM-CLP Command Line Interface
MAP Target Navigation
Table 12-6 provides examples of using the cd verb to navigate the MAP. In all
examples, the initial default target is assumed to be /.
Viewing the
SEL record
->show /system1/sp1/logs1/record4
ufip=/system1/sp1/logs1/log1/record4
Properties:
Caption=Not defined
Description=Backplane Drive 0: drive slot
sensor for Backplane, drive presence was
asserted
ElementName=Not Supported
LogCreationClassName=CIM_RecordLog
LogName=IPMI SEL
CreationClassName=CIM_LogRecord
RecordID=4
MessageTimeStamp=16:37:10,January 13,2007
Verbs:
cd
exit
help
show
version
Clearing the
SEL
->delete /system1/sp1/logs1
All records deleted successfully
Table 12-6. Map Target Navigation Operations
Operation Syntax
Navigate to the
system target and
reboot
->cd system1
->reset
NOTE: The current default target is /.
Table 12-5. SEL Management Operations (continued)
Operation Syntax
Using the iDRAC SM-CLP Command Line Interface 233
Setting the iDRAC IP Address, Subnet Mask, and Gateway Address
Using SM-CLP to update the iDRAC network properties is a two-part
process:
1
Set new values for the NIC properties at location
/system1/sp1/enetport1/lanendpt1/ipendpt1:
oemdell_nicenable
— set to 1 to enable iDRAC networking, 0 to
disable
ipaddress
— the IP address
subnetmask
— the subnet mask
oemdell_usedhcp
— set to 1 to enable using DHCP to set the
ipaddress
and
subnetmask
properties, 0 to set static values
2
Commit the new values by setting the
committed
property to 1.
Whenever the commit property has the value of 1, the current settings of the
properties are active. When you change any of the properties, the commit
property is reset to 0 to indicate that the values have not been committed.
NOTE: The commit property only affects the properties at the
/system1/sp1/enetport1/lanendpt1/ipendpt1
MAP location. All other SM-CLP
commands take effect immediately.
NOTE: If you use local RACADM to set the iDRAC network properties, your
changes take affect immediately because local RACADM does not depend upon a
network connection.
Navigate to the SEL
target and display the
log records
->cd system1
->cd sp1
->cd logs1
->show
->cd system1/sp1/logs1
->show
Display current target ->cd .
Move up one level ->cd ..
Exiting the shell ->exit
Table 12-6. Map Target Navigation Operations (continued)
Operation Syntax
234 Using the iDRAC SM-CLP Command Line Interface
When you commit the changes, the new network settings take effect, which
causes your telnet or ssh session to be terminated. By introducing the commit
step, you can delay the termination of your session until you have completed
all of your SM-CLP commands.
Table 12-7 provides examples of setting the iDRAC properties using SM-CLP.
Updating the iDRAC Firmware Using SM-CLP
To update the iDRAC firmware using SM-CLP, you must know the TFTP
URI for the Dell update package.
Follow these steps to update the firmware using SM-CLP:
1
Log in to the iDRAC using telnet or SSH.
2
Check the current firmware version by entering the following command:
version
Table 12-7. Setting iDRAC Networking Properties with SM-CLP
Operation Syntax
Navigate to the
iDRAC NIC
properties location
->cd
/system1/sp1/enetport1/lanendpt1/ipendpt1
Set the new IP
address
->set ipaddress=10.10.10.10
Set the subnet
mask
->set subnetmask=255.255.255.255
Turn on the DHCP
flag
->set oemdell_usedhcp=1
Enable the NIC ->set oemdell_nicenable=1
Commit the
changes
->set committed=1
Using the iDRAC SM-CLP Command Line Interface 235
3
Enter the following command:
load -source tftp://<
tftp-server
>/<
update-path
>
/system1/sp1
where <
tftp-server
> is the DNS name or IP address of your TFTP server
and <
update-path
> is the path to the update package on the TFTP server.
Your telnet or SSH session will be terminated. You may need to wait several
minutes for the firmware update to complete.
4
To verify that the new firmware was written, start a new telnet or SSH
session and re-enter the version command again.
236 Using the iDRAC SM-CLP Command Line Interface
Deploying Your Operating System Using iVM-CLI 237
Deploying Your Operating System
Using iVM-CLI
The Virtual Media Command Line Interface (iVM-CLI) utility is a
command-line interface that provides virtual media features from the
management station to the iDRAC in the remote system. Using iVM-CLI
and scripted methods, you can deploy your operating system on multiple
remote systems in your network.
This section provides information on integrating the iVM-CLI utility into
your corporate network.
Before You Begin
Before using the iVM-CLI utility, ensure that your targeted remote systems
and corporate network meet the requirements listed in the following sections.
Remote System Requirements
The iDRAC is configured in each remote system.
Network Requirements
A network share must contain the following components:
Operating system files
Required drivers
Operating system boot image file(s)
The image file must be an operating system CD or a CD/DVD ISO image
with an industry-standard, bootable format.
238 Deploying Your Operating System Using iVM-CLI
Creating a Bootable Image File
Before you deploy your image file to the remote systems, ensure that a
supported system can boot from the file. To test the image file, transfer the
image file to a test system using the iDRAC Web user interface and then
reboot the system.
The following sections provide specific information for creating image files
for Linux and Windows systems.
Creating an Image File for Linux Systems
Use the Data Duplicator (dd) utility to create a bootable image file for your
Linux system.
To run the utility, open a command prompt and type the following:
dd if=
<input-device>
of=
<output-file>
For example:
dd if=/dev/sdc0 of=mycd.img
Creating an Image File for Windows Systems
When choosing a data replicator utility for Windows image files, select a
utility that copies the image file and the CD/DVD boot sectors.
Preparing for Deployment
Configuring the Remote Systems
1
Create a network share that can be accessed by the management station.
2
Copy the operating system files to the network share.
3
If you have a bootable, preconfigured deployment image file to deploy the
operating system to the remote systems, skip this step.
If you do not have a bootable, preconfigured deployment image file, create
the file. Include any programs and/or scripts used for the operating system
deployment procedures.
For example, to deploy a Microsoft
®
Windows
®
operating system, the
image file may include programs that are similar to deployment methods
used by Microsoft Systems Management Server (SMS).
Deploying Your Operating System Using iVM-CLI 239
When you create the image file, do the following:
Follow standard network-based installation procedures
Mark the deployment image as "read only" to ensure that each target
system boots and executes the same deployment procedure
4
Perform one of the following procedures:
Integrate
ipmitool
and the Virtual Media command line interface
(iVM-CLI) into your existing operating system deployment
application. Use the sample
ivmdeploy
script as a guide to using the
utility.
Use the existing
ivmdeploy
script to deploy your operating system.
NOTE: ivmdeploy internally uses the iVM–CLI and ipmitool. You should have
IPMI over LAN privilege to use this tool. Also, the virtual media should be in
the attached state when using the ivmdeploy script.
Deploying the Operating System
Use the iVM-CLI utility and the ivmdeploy script included with the utility to
deploy the operating system to your remote systems.
Before you begin, review the sample ivmdeploy script included with the iVM-
CLI utility. The script shows the detailed steps needed to deploy the
operating system to remote systems in your network.
The following procedure provides a high-level overview for deploying the
operating system on targeted remote systems.
1
List the iDRAC IP addresses of the remote systems that will be deployed in
the
ip.txt
text file, one IP address per line.
2
Insert a bootable operating system CD or DVD into the client media drive.
3
Run
ivmdeploy
at the command line.
To run the ivmdeploy script, enter the following command at the command
prompt:
ivmdeploy -r ip.txt -u <
idrac-user
> -p <
idrac-passwd
>
-c {<
iso9660-img>
| <
path>
}
where:
•<
idrac-user
> is the iDRAC user name, for example
root
240 Deploying Your Operating System Using iVM-CLI
•<
idrac-passwd
> is the password for the iDRAC user, for example
calvin
•<
iso9660-img
> is the path to an ISO9660 image of the operating system
installation CD or DVD
•<
path
> is the path to the device containing the operating system
installation CD or DVD
The ivmdeploy script passes its command line options to the iVMCLI utility.
See "Command Line Options" on page 242 for details about these options.
The script processes the -r option slightly differently than the iVMCLI -r
option. If the argument to the -r option is the name of an existing file, the
script reads iDRAC IP addresses from the specified file and runs the iVMCLI
utility once for each line. If the argument to the -r option is not a filename,
then it should be the address of a single iDRAC. In this case, the -r works as
described for the iVMCLI utility.
The ivmdeploy script supports installation only from a CD/DVD or a
CD/DVD ISO9660 image. If you need to install from a floppy disk or a floppy
disk image, you can modify the script to use the iVMCLI -f option.
Using the Virtual Media Command Line Interface
Utility
The Virtual Media Command Line Interface (iVM-CLI) utility is a scriptable
command-line interface that provides virtual media features from the
management station to the iDRAC.
The iVM-CLI utility provides the following features:
NOTE: When virtualizing read-only image files, multiple sessions may share
the same image media. When virtualizing physical drives, only one session
can access a given physical drive at a time.
Removable media devices or image files that are consistent with the
Virtual Media plug-ins
Automatic termination when the iDRAC firmware boot once option is
enabled
Secure communications to the iDRAC using Secure Sockets Layer (SSL)
Before you run the utility, ensure that you have Virtual Media user privilege to
the iDRAC.
Deploying Your Operating System Using iVM-CLI 241
If your operating system supports Administrator privileges or an operating
system-specific privilege or group membership, Administrator privileges are
also required to run the iVM-CLI command.
The client system’s administrator controls user groups and privileges, thereby
controlling the users who can run the utility.
For Windows systems, you must have Power User privileges to run the iVM-
CLI utility.
For Linux systems, you can access the iVM-CLI utility without Administrator
privileges by using the sudo command. This command provides a centralized
means of providing non-Administrator access and logs all user commands. To
add or edit users in the iVM-CLI group, the Administrator uses the visudo
command. Users without Administrator privileges can add the sudo
command as a prefix to the iVM-CLI command line (or to the iVM-CLI
script) to obtain access to the iDRAC in the remote system and run the
utility.
Installing the iVM-CLI Utility
The iVM-CLI utility is located on the
Dell Systems Management Tools and
Documentation
DVD
, which is included with your Dell OpenManage System
Management Software Kit. To install the utility, insert the
Dell Systems
Management Tools and Documentation
DVD
into your system’s DVD drive and
follow the on-screen instructions.
The
Dell Systems Management Tools and Documentation
DVD
contains the
latest systems management software products, including diagnostics, storage
management, remote access service, and the RACADM utility. This DVD also
contains readme files, which provide the latest systems management software
product information.
The
Dell Systems Management Tools and Documentation
DVD
includes
ivmdeploy—a sample script that illustrates how to use the iVM-CLI and
RACADM utilities to deploy software to multiple remote systems.
NOTE: The ivmdeploy script is dependent upon the other files that are present in its
directory when it is installed. If want to use the script from another directory, you
must copy all of the files with it.
242 Deploying Your Operating System Using iVM-CLI
Command Line Options
The iVM-CLI interface is identical on both Windows and Linux systems. The
utility uses options that are consistent with the RACADM utility options. For
example, an option to specify the iDRAC IP address requires the same syntax
for both RACADM and iVM-CLI utilities.
The iVM-CLI command format is as follows:
iVMCLI
[parameter] [operating_system_shell_options]
Command-line syntax is case sensitive. See "iVM-CLI Parameters" for more
information.
If the remote system accepts the commands and the iDRAC authorizes the
connection, the command continues to run until either of the following
occurs:
The iVM-CLI connection terminates for any reason.
The process is manually terminated using an operating system control. For
example, in Windows, you can use the Task Manager to terminate the
process.
iVM-CLI Parameters
iDRAC IP Address
-r
<iDRAC-IP-address>[:<iDRAC-SSL-port>]
This parameter provides the iDRAC IP address and SSL port, which the
utility needs to establish a Virtual Media connection with the target iDRAC.
If you enter an invalid IP address or DDNS name, an error message appears
and the command is terminated.
<iDRAC-IP-address> is a valid, unique IP address or the iDRAC Dynamic
Domain Naming System (DDNS) name (if supported). If <iDRAC-SSL-
port> is omitted, port 443 (the default port) is used. The optional SSL port is
not required unless you change the iDRAC default SSL port.
Deploying Your Operating System Using iVM-CLI 243
iDRAC User Name
-u
<iDRAC-user-name>
This parameter provides the iDRAC user name that will run Virtual Media.
The <iDRAC-user-name> must have the following attributes:
Valid user name
iDRAC Virtual Media User permission
If iDRAC authentication fails, an error message appears and the command is
terminated.
iDRAC User Password
-p
<iDRAC-user-password>
This parameter provides the password for the specified iDRAC user.
If iDRAC authentication fails, an error message displays and the command
terminates.
Floppy/Disk Device or Image File
-f {
<device-name>
|
<image-file>
}
where <device-name> is a valid drive letter (for Windows systems) or a valid
device file name, including the mountable file system partition number, if
applicable (for Linux systems); and <image-file> is the filename and path of
a valid image file.
This parameter specifies the device or file to supply the virtual floppy/disk
media.
For example, an image file is specified as:
-f c:\temp\myfloppy.img (Windows system)
-f /tmp/myfloppy.img (Linux system)
If the file is not write-protected, Virtual Media may write to the image file.
Configure the operating system to write-protect a floppy image file that
should not be overwritten.
For example, a device is specified as:
-f a:\ (Windows system)
244 Deploying Your Operating System Using iVM-CLI
-f /dev/sdb4 # 4th partition on device /dev/sdb (Linux
system)
If the device provides a write-protection capability, use this capability to
ensure that Virtual Media will not write to the media.
Omit this parameter from the command line if you are not virtualizing floppy
media. If an invalid value is detected, an error message displays and the
command terminates.
CD/DVD Device or Image File
-c {<
device-name
> | <
image-file
>}
where <device-name> is a valid CD/DVD drive letter (Windows systems) or
a valid CD/DVD device file name (Linux systems) and <image-file> is the
file name and path of a valid ISO-9660 image file.
This parameter specifies the device or file that will supply the virtual
CD/DVD-ROM media:
For example, an image file is specified as:
-c c:\temp\mydvd.img (Windows systems)
-c /tmp/mydvd.img (Linux systems)
For example, a device is specified as:
-c d:\ (Windows systems)
-c /dev/cdrom (Linux systems)
Omit this parameter from the command line if you are not virtualizing
CD/DVD media. If an invalid value is detected, an error message is listed and
the command terminates.
Specify at least one media type (floppy or CD/DVD drive) with the
command, unless only switch options are provided. Otherwise, an error
message displays and the command terminates and generates an error.
Version Display
-v
This parameter is used to display the iVM-CLI utility version. If no other
non-switch options are provided, the command terminates without an error
message.
Deploying Your Operating System Using iVM-CLI 245
Help Display
-h
This parameter displays a summary of the iVM-CLI utility parameters. If no
other non-switch options are provided, the command terminates without
error.
Manual Display
-m
This parameter displays a detailed “man page” for the iVM-CLI utility,
including descriptions of all of the possible options.
Encrypted Data
-e
When this parameter is included in the command line, iVM-CLI will use an
SSL-encrypted channel to transfer data between the management station and
the iDRAC in the remote system. If this parameter is not included in the
command line, the data transfer is not encrypted.
iVM-CLI Operating System Shell Options
The following operating system features can be used in the iVM-CLI
command line:
stderr/stdout redirection — Redirects any printed utility output to a file.
For example, using the greater-than character (>) followed by a filename
overwrites the specified file with the printed output of the iVM-CLI
utility.
NOTE: The iVM-CLI utility does not read from standard input (stdin). As a
result, stdin redirection is not required.
Background execution — By default, the iVM-CLI utility runs in the
foreground. Use the operating system's command shell features to cause
the utility to run in the background. For example, under a Linux operating
system, the ampersand character (&) following the command causes the
program to be spawned as a new background process.
The latter technique is useful in script programs, as it allows the script to
proceed after a new process is started for the iVM-CLI command (otherwise,
the script would block until the iVM-CLI program is terminated). When
246 Deploying Your Operating System Using iVM-CLI
multiple iVM-CLI instances are started in this way, and one or more of the
command instances must be manually terminated, use the operating system-
specific facilities for listing and terminating processes.
iVM-CLI Return Codes
0 = No error
1 = Unable to connect
2 = iVM-CLI command line error
3 = RAC firmware connection dropped
English-only text messages are also issued to standard error output whenever
errors are encountered.
Using the iDRAC Configuration Utility 247
Using the iDRAC Configuration
Utility
Overview
The iDRAC Configuration Utility is a pre-boot configuration environment
that allows you to view and set parameters for the iDRAC and for the
managed server. Specifically, you can:
View the firmware revision numbers for the iDRAC and Primary Backplane
firmware
Configure, enable, or disable the iDRAC local area network
Enable or disable IPMI over LAN
Enable a LAN Platform Event Trap (PET) destination
Attach or detach the Virtual Media devices
Change the administrative username and password
Reset the iDRAC configuration to the factory defaults
View System Event Log (SEL) messages or clear messages from the log
The tasks you can perform using iDRAC configuration utility can also be
performed using other utilities provided by the iDRAC or OpenManage
software, including the Web interface, the SM-CLP command line interface,
the local RACADM command line interface and, in the case of basic network
configuration, at the CMC LCD during initial CMC configuration.
248 Using the iDRAC Configuration Utility
Starting the iDRAC Configuration Utility
You must use an iKVM-connected console to access the iDRAC
Configuration Utility initially or after a resetting the iDRAC to the default
settings.
1
At the keyboard connected to the iKVM console, press <Print Screen> to
display the iKVM On Screen Configuration and Reporting (OSCAR)
menu. Use <Up Arrow> and <Down Arrow> to highlight the slot
containing your server, then press <Enter>.
2
Turn on or restart the server by pressing the power button on the front of
the server.
3
When you see the
Press <Ctrl-E> for Remote Access Setup within
5 sec.....
message, immediately press <Ctrl><E>.
NOTE: If your operating system begins to load before you press <Ctrl><E>, allow
the system to finish booting, then restart your server and try again.
The iDRAC Configuration Utility displays. The first two lines provide
information about the iDRAC firmware and primary backplane firmware
revisions. The revision levels can be useful in determining whether a firmware
upgrade is needed.
The iDRAC firmware is the portion of the firmware concerned with external
interfaces, such as the Web interface, SM-CLP, and Web interfaces. The
primary backplane firmware is the portion of the firmware that interfaces with
and monitors the server hardware environment.
Using the iDRAC Configuration Utility
Beneath the firmware revision messages, the remainder of the iDRAC
Configuration Utility is a menu of items that you can access by using
<Up Arrow> and <Down Arrow>.
If a menu item leads to a submenu or an editable text field, press
<Enter> to access the item and <Esc> to leave it when you have
finished configuring it.
If an item has selectable values, such as Yes/No or Enabled/Disabled, press
<Left Arrow>, <Right Arrow>, or <Spacebar> to choose a value.
If an item is not editable, it appears in blue. Some items become editable
depending upon other selections you make.
Using the iDRAC Configuration Utility 249
The bottom line of the screen displays instructions for the current item.
You can press <F1> to display help for the current item.
When you have finished using the iDRAC Configuration Utility, press
<Esc> to view the exit menu, where you can choose to save or discard
your changes or return to the utility.
The following sections describe the iDRAC Configuration Utility menu
items.
LAN
Use <Left Arrow>, <Right Arrow>, and the spacebar to select between
Enabled and Disabled.
The iDRAC LAN is disabled in the default configuration. The LAN must be
enabled to permit use of iDRAC facilities, such as the Web interface,
telnet/SSH access to the SM-CLP command line interface, console
redirection, and virtual media.
If you choose to disable the LAN the following warning is displayed:
iDRAC Out-of-Band interface will be disabled if the
LAN Channel is OFF.
Press any key to clear the message and continue.
The message informs you that in addition to facilities that you access by
connecting to the iDRAC HTTP, HTTPS, telnet or SSH ports directly, out-of-
band management network traffic, such as IPMI messages sent to the iDRAC
from a management station, are not received when the LAN is disabled. The
local RACADM interface remains available and can be used to reconfigure
the iDRAC LAN.
IPMI Over LAN (On/Off)
Press <Left Arrow>, <Right Arrow> and the spacebar to choose between
On and Off. When Off is selected, the iDRAC will not accept IPMI messages
arriving over the LAN interface.
If you choose Off, the following warning is displayed:
iDRAC Out-of-Band interface will be disabled if the
LAN Channel is OFF.
250 Using the iDRAC Configuration Utility
Press any key to clear the message and continue. See "LAN" on page 249 for
an explanation of the message.
LAN Parameters
Press <Enter> to display the LAN Parameters submenu. When you have
finished configuring the LAN parameters, press <Esc> to return to the
previous menu.
Table 14-1. LAN Parameters
Item Description
RMCP+
Encryption Key
Press <Enter> to edit the value, <Esc> when finished. The
RMCP+ Encryption key is a 40-character hexadecimal string
(characters 0-9, a-f, and A-F). RMCP+ is an IPMI extension
that adds authentication and encryption to IPMI. The default
value is a string of 40 0s.
IP Address Source Select between DHCP and Static. When DHCP is selected,
the Ethernet IP Address, Subnet Mask, and Default Gateway
fields are obtained from a DHCP server. If no DHCP server is
found on the network, the fields are set to zeros.
When Static is selected, the Ethernet IP Address, Subnet
Mask, and Default Gateway items become editable.
Ethernet IP Address If the IP Address Source is set to DHCP, this field displays the
IP address obtained from DHCP.
If the IP Address Source is set to Static, enter the IP address
you wish to assign to the iDRAC.
The default is 192.168.0.120 plus the number of the slot
containing the server.
MAC Address This is the non-editable MAC address of the iDRAC network
interface.
Subnet Mask If the IP Address Source is set to DHCP, this field displays the
subnet mask address obtained from DHCP.
If the IP Address Source is set to Static, enter the subnet mask
for the iDRAC.
The default is 255.255.255.0.
Using the iDRAC Configuration Utility 251
Default Gateway If the IP Address Source is set to DHCP, this field displays the
IP address of the default gateway obtained from DHCP.
If the IP Address Source is set to Static, enter the IP address of
the default gateway.
The default is 192.168.0.1.
LAN Alert Enabled Select On to enable the Platform Event Trap (PET) LAN alert.
Alert Policy Entry 1 Select Enable or Disable to activate the first alert destination.
Alert Destination 1 Enter the IP address where PET LAN alerts will be forwarded.
Host Name String Press <Enter> to edit. Enter the name of the host for PET
alerts.
DNS Servers from
DHCP
Select On to retrieve DNS server addresses from a DHCP
service on the network. Select Off to specify the DNS server
addresses below.
DNS Server 1 If DNS Servers from DHCP is Off, enter the IP address of the
first DNS server.
DNS Server 2 If DNS Servers from DHCP is Off, enter the IP address of the
second DNS server.
Register iDRAC
Name
Select On to register the iDRAC name in the DNS service.
Select Off if you do not want users to be able to find the
iDRAC name in DNS.
iDRAC Name If Register iDRAC Name is set to On, press <Enter> to edit
the Current DNS iDRAC Name text field. Press <Enter>
when you have finished editing the iDRAC name. Press <Esc>
to return to the previous menu. The iDRAC name must be a
valid DNS host name.
Domain Name from
DHCP
Select On if you want to obtain the domain name from a
DHCP service on the network. Select Off if you want to specify
the domain name.
Domain Name If Domain Name from DHCP is Off, press <Enter> to edit
the Current Domain Name text field. Press <Enter> when
you have finished editing. Press <Esc> to return to the
previous menu. The domain name must be a valid DNS
domain, for example mycompany.com.
Table 14-1. LAN Parameters (continued)
Item Description
252 Using the iDRAC Configuration Utility
Virtual Media
Use <Left Arrow> and <Right Arrow> to select Attached or Detached.
When you select Attached, the virtual media devices are attached to the USB
bus, making them available for use during Console Redirection sessions.
If you select Detached, users cannot access virtual media devices during
Console Redirection sessions.
NOTE: To use a USB Flash Drive with the Virtual Media feature, the USB Flash
Drive Emulation Type must be set to Hard disk in the BIOS Setup Utility. The BIOS
Setup Utility is accessed by pressing <F2> during server start-up. If the USB Flash
Drive Emulation Type is set to Auto, the Flash Drive will appear as a floppy drive to
the system.
LAN User Configuration
The LAN user is the iDRAC Administrator account, which is root by default.
Press <Enter> to display the LAN User Configuration submenu. When you
have finished configuring the LAN user, press <Esc> to return to the
previous menu.
Table 14-2. Lan User Configuration Page
Item Description
Account Access Select Enabled to enable the Administrator account. Select
Disabled to disable the Administrator account.
Account Privilege Select between Admin, User, Operator, and No Access.
Account User Name Press <Enter> to edit the user name and press <Esc> when
you have finished. The default user name is root.
Enter Password Type the new password for the Administrator account. The
characters are not echoed on the display as you type them.
Confirm Password Retype the new password for the Administrator account. If the
characters you enter do not match the characters you entered
in the Enter Password field, a message is displayed and you
must re-enter the password.
Using the iDRAC Configuration Utility 253
Reset to Default
Use the Reset to Default menu item to reset all of the iDRAC configuration
items to the factory defaults. This may be required, for example, if you have
forgotten the administrative user password or if you want to reconfigure the
iDRAC from the default settings.
NOTE: In the default configuration, the iDRAC networking is disabled. You cannot
reconfigure the iDRAC over the network until you have enabled the iDRAC network
in the iDRAC Configuration Utility.
Press <Enter> to select the item. The following warning message appears:
Resetting to factory defaults will restore remote Non-
Volatile user settings. Continue?
< NO (Cancel) >
< YES (Continue) >
Select YES and press <Enter> to reset the iDRAC to the defaults.
System Event Log Menu
The System Event Log Menu allows you to view System Event Log (SEL)
messages and to clear the log messages. Press <Enter> to display the System
Event Log Menu. The system counts the log entries and then displays the
total number of records and the most recent message. The SEL retains a
maximum of 512 messages.
To view SEL messages, select View System Event Log and press <Enter>.
Use <Left Arrow> to move to the previous (older) message and
<Right Arrow> to move to the next (newer) message. Enter a record number
to jump to that record. Press <Esc> when you are through viewing SEL
messages.
NOTE: You can only clear the SEL in the iDRAC Configuration Utility or in the iDRAC
Web interface.
To clear the SEL, select Clear the System Event Log and press <Enter>.
When you have finished with the SEL menu, press <Esc> to return to the
previous menu.
254 Using the iDRAC Configuration Utility
Exiting the iDRAC Configuration Utility
When you have finished making changes to the iDRAC configuration, press
the <Esc> key to display the Exit menu.
Select Save Changes and Exit and press <Enter> to retain your changes.
Select Discard Changes and Exit and press <Enter> to ignore any changes
you made.
Select Return to Setup and press <Enter> to return to the iDRAC
Configuration Utility.
Recovering and Troubleshooting the Managed Server 255
Recovering and Troubleshooting the
Managed Server
This section explains how to perform tasks related to diagnosing and
troubleshooting a remote managed server using the iDRAC facilities. It
contains the following subsections:
Trouble Indications — helps you to find messages and other system
indications that can lead to a diagnosis of the problem
Problem-solving tools — describes iDRAC tools that you can use to
troubleshoot your system
Troubleshooting and frequently asked questions — answers to typical
situations you may encounter
Safety First – For You and Your System
To perform certain procedures in this section, you must work with the chassis,
the PowerEdge server, or other hardware modules. Do not attempt to service
the system hardware except as explained in this guide or elsewhere in your
system documentation.
CAUTION: Many repairs may only be done by a certified service technician. You
should only perform troubleshooting and simple repairs as authorized in your
product documentation, or as directed by online or telephone service and support
team. Damage due to servicing that is not authorized by Dell is not covered by your
warranty. Read and follow the safety instructions enclosed with the product.
256 Recovering and Troubleshooting the Managed Server
Trouble Indicators
This section describes indications that there may be a problem with your
system.
LED Indicators
The initial indication of system trouble may be the LEDs on the chassis or
components installed in the chassis. The following components and modules
have status LEDs:
Chassis LCD display
• Servers
•Fans
•CMCs
I/O modules
Power supplies
The single LED on the chassis LCD summarizes the status of all of the
components in the system. A solid blue LED on the LCD indicates that no
fault conditions have been detected in the system. A blinking amber LED on
the LCD indicates that one or more fault conditions have been detected.
If the chassis LCD has a blinking amber LED, you can use the LCD menu to
locate the component that has a fault. See the Dell Chassis Management
Controller User Guide for help using the LCD.
Table 15-1 describes the meanings of the LED on the PowerEdge Server:
Table 15-1. Server LED Indicators
LED indicator Meaning
solid green The server is powered on. Absence of the green LED means the
server is not powered on.
solid blue The iDRAC is healthy.
flashing amber The iDRAC has detected a fault condition or may be in the
process of updating firmware.
flashing blue A user has activated the locator ID for this server.
Recovering and Troubleshooting the Managed Server 257
Hardware Trouble Indicators
Indications that a module has a hardware problem include the following:
Failure to power up
Noisy fans
Loss of network connectivity
Battery, temperature, voltage, or power monitoring sensor alerts
Hard drive failures
USB media failure
Physical damage caused by dropping, water, or other external stress
When these kinds of problems occur, you can try to correct the problem
using these strategies:
Reseat the module and restart it
Try inserting the module into a different bay in the chassis
Try replacing hard drives or USB keys
Reconnect or replace the power and network cables
If these steps do not correct the problem, consult the Hardware Owner’s
Manual for specific troubleshooting information for the hardware device.
Other Trouble Indicators
Table 15-2. Trouble Indicators
Look for: Action:
Alert messages from the systems
management software
See the systems management software
documentation.
Messages in the System Event Log See "Checking the System Event Log
(SEL)" on page 259.
Messages in the start-up POST codes See "Checking the Post Codes" on
page 260.
Messages on the last crash screen See "Viewing the Last System Crash
Screen" on page 260.
Alert Messages on the Server Status
Screen in the LCD
See "Checking the Server Status Screen
for Error Messages" on page 262.
258 Recovering and Troubleshooting the Managed Server
Problem Solving Tools
This section describes iDRAC facilities you can use to diagnose problems
with your system, especially when you are trying to solve problems remotely.
Checking the system health
Checking the System Event Log for error messages
Checking the POST codes
Viewing the last crash screen
Checking the Server Status Screen on the LCD for Error Messages
Viewing the iDRAC log
Accessing system information
Identifying the managed server in the chassis
Using the diagnostics console
Managing power on a remote system
Checking the System Health
When you log in to the iDRAC Web interface, the first page displayed
describes the health of the system components. Table 15-3 describes the
meaning of the system health indicators.
Messages in the iDRAC Log See "Viewing the iDRAC Log" on
page 270.
Table 15-3. System Health Indicators
Indicator Description
A green check mark indicates a healthy (normal) status condition.
A yellow triangle containing an exclamation point indicates a warning
(noncritical) status condition.
A red X indicates a critical (failure) status condition.
A question mark icon indicates that the status is unknown.
Table 15-2. Trouble Indicators (continued)
Look for: Action:
Recovering and Troubleshooting the Managed Server 259
Click any component on the Health page to see information about the
component. Sensor readings are displayed for batteries, temperatures,
voltages, and power monitoring, helping to diagnose some types of problems.
The iDRAC and CMC information pages provide useful current status and
configuration information.
Checking the System Event Log (SEL)
The SEL Log page displays messages for events that occur on the managed
server.
To view the System Event Log, perform the following steps:
1
Click
System
and then click the
Logs
tab.
2
Click
System Event Log
to display the
System Event Log
page.
The
System Event Log
page displays a system health indicator (see
Table 15-3), a time stamp, and a description of the event.
3
Click the appropriate
System Event Log
page button to continue (see
Table 15-4).
Table 15-4. SEL Page Buttons
Button Action
Print Prints the SEL in the sort order that it appears in the window.
Clear Log Clears the SEL.
NOTE: The Clear Log button appears only if you have Clear Logs permission.
Save As Opens a pop-up window that enables you to save the SEL to a directory of
your choice.
NOTE: If you are using Internet Explorer and encounter a problem when
saving, be sure to download the Cumulative Security Update for Internet
Explorer, located on the Microsoft® Support website at
support.microsoft.com.
Refresh Reloads the SEL page.
260 Recovering and Troubleshooting the Managed Server
Checking the Post Codes
The Post Codes page displays the last system post code prior to booting the
operating system. Post codes are progress indicators from the system BIOS,
indicating various stages of the boot sequence from Power on Reset, and allow
you to diagnose any faults related to system boot-up.
NOTE: View the text for POST code message numbers in the LCD display or in the
Hardware Owner’s Manual.
To view the Post Codes, perform the following steps:
1
Click
System
Logs
Post Code
.
The
Post Code
page displays a system health indicator (see Table 15-3), a
hexadecimal code, and a description of the code.
2
Click the appropriate
Post Code
page button to continue (see Table 15-5).
Viewing the Last System Crash Screen
NOTE: The last crash screen feature must be configured in the Server
Administrator and in the iDRAC Web interface. See "Configuring the Managed
Server to Capture the Last Crash Screen" on page 68 for instructions on configuring
this feature.
The Last Crash Screen page displays the most recent crash screen, which
includes information about the events that occurred before the system crash.
The last system crash image is saved in the iDRAC persistent store and is
remotely accessible.
To view the Last Crash Screen page, perform the following steps:
Click
System
, the
Logs
tab, and then
Last Crash
.
The Last Crash Screen page provides the buttons shown in Table 15-6:
NOTE: The Save and Delete buttons do not appear if there is no saved crash
screen.
Table 15-5. Post Code Buttons
Button Action
Print Prints the Post Codes page.
Refresh Reloads the Post Codes page.
Recovering and Troubleshooting the Managed Server 261
NOTE: Due to fluctuations in the Auto Recovery timer, the Last Crash Screen may
not be captured when the System Reset Timer is configured with a value that is too
high. The default setting is 480 seconds. Use Server Administrator or IT Assistant to
set the System Reset Timer to 60 seconds and ensure that the Last Crash Screen
functions properly. See "Configuring the Managed Server to Capture the Last Crash
Screen" on page 68 for additional information.
Viewing the Most Recent Boot Sequences
If you experience boot problems, you can view the screen activity of what
happened during the last three boot sequences from the Boot Capture page.
Playback of the boot screens occurs at a rate of 1 frame per second. Table 15-7
lists the control actions available.
NOTE: You must have Administrator privileges to view playback of the Boot
Capture sequences.
Table 15-6. Last Crash Screen Page Buttons
Button Action
Print Prints the Last Crash Screen page.
Save Opens a pop-up window that enables you to save the Last Crash Screen
page to a directory of your choice.
Delete Deletes the Last Crash Screen page.
Refresh Reloads the Last Crash Screen page.
Table 15-7. Boot Capture Options
Button/Option Description
Select the boot
sequence
Allows you to select the boot sequence to load and play.
Boot Capture 1 — Loads the most recent boot sequence.
Boot Capture 2 — Loads the (second most recent) boot
sequence that occurred prior to Boot Capture 1.
Boot Capture 3 — Loads the (third most recent) boot
sequence that occurred prior to Boot Capture 2.
Save As Creates a compressed .zip file that contains all boot capture
images of the current sequence. The user must have
Administrator privileges to perform this action.
262 Recovering and Troubleshooting the Managed Server
Checking the Server Status Screen for Error Messages
When a flashing amber LED is lit, and a particular server has an error, the
main Server Status Screen on the LCD will highlight the affected server in
orange. Use the LCD navigation buttons to highlight the affected server, then
click the center button. Error and warning messages will be displayed on the
second line. The following table lists all of the error messages and their
severity.
Previous Screen Takes you to previous screen, if any, in the replay console.
Play Starts the screenplay from current screen in the replay console.
Pause Pauses the screenplay on the current screen being displayed in
the replay console.
Stop Stops the screenplay and loads the first screen of that boot
sequence.
Next Screen Takes you to next screen, if any, in the replay console.
Print Prints the Boot Capture image that appears on the screen.
Refresh Reloads the Boot Capture page.
Table 15-8. Server Status Screen
Severity Message Cause
Warning System Board Ambient Temp:
Temperature sensor for System
Board, warning event
Server Ambient
temperature crossed a
warning threshold
Critical System Board Ambient Temp:
Temperature sensor for System
Board, failure event
Server Ambient
temperature crossed a
failure threshold
Critical System Board CMOS Battery:
Battery sensor for System Board,
failed was asserted
CMOS battery is not
present or has no voltage
Warning System Board System Level:
Current sensor for System
Board, warning event
Current crossed a
warning threshold
Table 15-7. Boot Capture Options (continued)
Button/Option Description
Recovering and Troubleshooting the Managed Server 263
Critical System Board System Level:
Current sensor for System
Board, failure event
Current crossed a failure
threshold
Critical CPU<number> <voltage
sensor name>: Voltage sensor
for CPU<number>, state
asserted was asserted
Voltage out of range
Critical System Board <voltage sensor
name>: Voltage sensor for
System Board, state asserted was
asserted
Voltage out of range
Critical CPU<number> <voltage
sensor name>: Voltage sensor
for CPU<number>, state
asserted was asserted
Voltage out of range
Critical CPU<number> Status:
Processor sensor for
CPU<number, IERR was
asserted
CPU failure
Critical CPU<number> Status:
Processor sensor for
CPU<number>, thermal
tripped was asserted
CPU overheated
Critical CPU<number> Status:
Processor sensor for
CPU<number, configuration
error was asserted
Incorrect processor type
or in wrong location
Critical CPU<number> Status:
Processor sensor for
CPU<number>, presence was
deasserted
Required CPU is missing
or not present
Critical System Board Video Riser:
Module sensor for System
Board, device removed was
asserted
Required module was
removed
Table 15-8. Server Status Screen (continued)
Severity Message Cause
264 Recovering and Troubleshooting the Managed Server
Critical Mezz B<slot number> Status:
Add-in Card sensor for Mezz
B<slot number>, install error
was asserted
Incorrect Mezzanine
card installed for IO
fabric
Critical Mezz C<slot number> Status:
Add-in Card sensor for Mezz
C<slot number>, install error
was asserted
Incorrect Mezzanine
card installed for I/O
fabric
Critical Backplane Drive <number>:
Drive Slot sensor for Backplane,
drive removed
Storage Drive was
removed
Critical Backplane Drive <number>:
Drive Slot sensor for Backplane,
drive fault was asserted
Storage Drive failed
Critical System Board PFault Fail Safe:
Voltage sensor for System Board,
state asserted was asserted
This event is generated
when the system board
voltages are not at
normal levels.
Critical System Board OS Watchdog:
Watchdog sensor for System
Board, timer expired was
asserted
The iDRAC watchdog
timer expired and no
action is set.
Critical System Board OS Watchdog:
Watchdog sensor for System
Board, reboot was asserted
The iDRAC watchdog
detected that the system
has crashed (timer
expired because no
response was received
from Host) and the
action is set to reboot.
Critical System Board OS Watchdog:
Watchdog sensor for System
Board, power off was asserted
The iDRAC watchdog
detected that the system
has crashed (timer
expired because no
response was received
from Host) and the
action is set to power off.
Table 15-8. Server Status Screen (continued)
Severity Message Cause
Recovering and Troubleshooting the Managed Server 265
Critical System Board OS Watchdog:
Watchdog sensor for System
Board, power cycle was asserted
The iDRAC watchdog
detected that the system
has crashed (timer
expired because no
response was received
from Host) and the
action is set to power
cycle.
Critical System Board SEL: Event Log
sensor for System Board, log full
was asserted
The SEL device detects
that only one entry can
be added to the SEL
before it is full.
Warning ECC Corr Err: Memory sensor,
correctable ECC ( <DIMM
Location> ) was asserted
Correctable ECC errors
reached a critical rate.
Critical ECC Uncorr Err: Memory
sensor, uncorrectable ECC
( <DIMM Location> ) was
asserted
An uncorrectable ECC
error was detected.
Critical I/O Channel Chk: Critical
Event sensor, I/O channel check
NMI was asserted
A critical interrupt is
generated in the I/O
Channel.
Critical PCI Parity Err: Critical Event
sensor, PCI PERR was asserted
Parity error was detected
on the PCI bus.
Critical PCI System Err: Critical Event
sensor, PCI SERR ( <Slot
number or PCI Device ID>)
was asserted
PCI error detected by
device
Critical SBE Log Disabled: Event Log
sensor, correctable memory error
logging disabled was asserted
Single bit error logging is
disabled when too many
SBE get logged
Critical Logging Disabled: Event Log
sensor, all event logging disabled
was asserted
All error logging is
disabled
Non-Recoverable CPU Protocol Err: Processor
sensor, transition to non-
recoverable was asserted
The processor protocol
entered a non-
recoverable state.
Table 15-8. Server Status Screen (continued)
Severity Message Cause
266 Recovering and Troubleshooting the Managed Server
Non-Recoverable CPU Bus PERR: Processor
sensor, transition to non-
recoverable was asserted
The processor bus PERR
entered a non-
recoverable state.
Non-Recoverable CPU Init Err: Processor sensor,
transition to non-recoverable
was asserted
The processor
initialization entered a
non-recoverable state.
Non-Recoverable CPU Machine Chk: Processor
sensor, transition to non-
recoverable was asserted
The processor machine
check entered a non-
recoverable state.
Critical Memory Spared: Memory
sensor, redundancy lost
( <DIMM Location> ) was
asserted
Memory spare is no
longer redundant.
Critical Memory Mirrored: Memory
sensor, redundancy lost
( <DIMM Location> ) was
asserted
Mirrored Memory is no
longer redundant
Critical Memory RAID: Memory sensor,
redundancy lost ( <DIMM
Location> ) was asserted
RAID Memory is no
longer redundant
Warning Memory Added: Memory sensor,
presence ( <DIMM
Location> ) was deasserted
Added memory module
was removed.
Warning Memory Removed: Memory
sensor, presence ( <DIMM
Location> ) was deasserted
Memory module was
removed.
Critical Memory Cfg Err: Memory
sensor, configuration error
( <DIMM Location> ) was
asserted
Memory configuration is
incorrect for the system.
Warning Mem Redun Gain: Memory
sensor, redundancy degraded
( <DIMM Location> ) was
asserted
Memory redundancy is
downgraded but not lost
Critical PCIE Fatal Err: Critical Event
sensor, bus fatal error was
asserted
Fatal error is detected on
the PCIE bus.
Table 15-8. Server Status Screen (continued)
Severity Message Cause
Recovering and Troubleshooting the Managed Server 267
Critical Chipset Err: Critical Event
sensor, PCI PERR was asserted
Chip error is detected.
Warning Mem ECC Warning: Memory
sensor, transition to non-critical
from OK (<DIMM
Location> ) was asserted
Correctable ECC errors
have increased from a
normal rate.
Critical Mem ECC Warning: Memory
sensor, transition to critical from
less severe ( <DIMM
Location> ) was asserted
Correctable ECC errors
have reached a critical
rate.
Critical POST Err: POST sensor, No
memory installed
No memory detected on
board
Critical POST Err: POST sensor,
Memory configuration error
Memory detected but is
not configurable
Critical POST Err: POST sensor,
Unusable memory error
Memory configured but
not usable
Critical POST Err: POST sensor,
Shadow BIOS failed
System BIOS shadow
failure
Critical POST Err: POST sensor, CMOS
failed
CMOS failure
Critical POST Err: POST sensor, DMA
controller failed
DMA controller failure
Critical POST Err: POST sensor,
Interrupt controller failed
Interrupt controller
failure
Critical POST Err: POST sensor, Timer
refresh failed
Timer refresh failure
Critical POST Err: POST sensor,
Programmable interval timer
error
Programmable interval
timer error
Critical POST Err: POST sensor, Parity
error
Parity error
Critical POST Err: POST sensor, SIO
failed
SIO failure
Critical POST Err: POST sensor,
Keyboard controller failed
Keyboard controller
failure
Table 15-8. Server Status Screen (continued)
Severity Message Cause
268 Recovering and Troubleshooting the Managed Server
Critical POST Err: POST sensor, System
management interrupt
initialization failed
System Management
Interrupt initialization
failure
Critical POST Err: POST sensor, BIOS
shutdown test failed
BIOS shutdown test
failure
Critical POST Err: POST sensor, BIOS
POST memory test failed
BIOS POST memory
test failure
Critical POST Err: POST sensor, Dell
remote access controller
configuration failed
Dell Remote Access
Controller configuration
failure
Critical POST Err: POST sensor, CPU
configuration failed
CPU configuration
failure
Critical POST Err: POST sensor,
Incorrect memory configuration
Incorrect memory
configuration
Critical POST Err: POST sensor, POST
failure
General failure after
video
Critical Hdwar version err: Version
Change sensor, hardware
incompatibility was asserted
Incompatible hardware
was detected
Critical Hdwar version err: Version
Change sensor, hardware
incompatibility (BMC
firmware) was asserted
Hardware is
incompatible with the
firmware
Critical Hdwar version err: Version
Change sensor, hardware
incompatibility (BMC firmware
and CPU mismatch) was
asserted
CPU and firmware not
compatible
Critical Mem Overtemp: Memory
sensor, correctable ECC
<DIMM Location> was
asserted
Memory module
overheating
Critical Mem Fatal SB CRC: Memory
sensor, uncorrectable ECC was
asserted
South bridge memory
failed
Table 15-8. Server Status Screen (continued)
Severity Message Cause
Recovering and Troubleshooting the Managed Server 269
Critical Mem Fatal NB CRC: Memory
sensor, uncorrectable ECC was
asserted
North bridge memory
failed
Critical WatchDog Timer: Watchdog
sensor, reboot was asserted
Watch dog timer caused
system to reboot
Critical WatchDog Timer: Watchdog
sensor, timer expired was
asserted
Watch dog timer expired
but no action taken
Warning Link Tuning: Version Change
sensor, successful software or
F/W change was deasserted
Failed to update link
tuning setting for proper
NIC operation
Warning Link Tuning: Version Change
sensor, successful hardware
change <device slot number>
was deasserted
Failed to update link
tuning setting for proper
NIC operation
Critical LinkT/FlexAddr: Link Tuning
sensor, failed to program virtual
MAC address (Bus # Device #
Function #) was asserted
Flex address could not
be programmed for this
device
Critical LinkT/FlexAddr: Link Tuning
sensor, device option ROM
failed to support link tuning or
flex address (Mezz <location>)
was asserted
Option ROM does not
support Flex address or
linking tuning.
Critical LinkT/FlexAddr: Link Tuning
sensor, failed to get link tuning
or flex address data from
BMC/iDRAC was asserted
Failed to obtain linking
tuning or Flex address
information from
BMC/iDRAC
Critical LinkT/FlexAddr: Link Tuning
sensor, device option ROM
failed to support link tuning or
flex address (Mezz XX) was
asserted
This event is generated
when the PCI device
Option ROM for a NIC
does not support link
tuning or the Flex
addressing feature.
Table 15-8. Server Status Screen (continued)
Severity Message Cause
270 Recovering and Troubleshooting the Managed Server
Viewing the iDRAC Log
The iDRAC Log is a persistent log maintained in the iDRAC firmware. The
log contains a list of user actions (such as log in, log out, and security policy
changes) and alerts issued by the iDRAC. The oldest entries are overwritten
when the log becomes full.
Where the System Event Log (SEL) contains records of events that occur in
the managed server, the iDRAC log contains records of events that occur in
the iDRAC.
To access the iDRAC Log, perform the following steps:
Click
System
Remote Access
iDRAC
Logs
.
The iDRAC Log provides the information in Table 15-9.
Critical LinkT/FlexAddr: Link Tuning
sensor, failed to program the
virtual MAC address
(<location>) was asserted
This event is generated
when the BIOS fails to
program the virtual
MAC address on the
given NIC device.
Critical I/O Fatal Err: Fatal IO Group
sensor, fatal IO error
(<location>)
This event is generated
in association with a
CPU IERR and indicates
which device caused the
CPU IERR.
Warning PCIE NonFatal Er: Non Fatal
I/O Group sensor, PCIe error
(<location>)
This event is generated
in association with a
CPU IERR.
Table 15-9. iDRAC Log Page Information
Field Description
Date/Time The date and time (for example, Dec 19 16:55:47).
The iDRAC sets its clock from the managed server’s clock. When the
iDRAC initially starts and is unable to communicate with the managed
server, the time is displayed as the string System Boot.
Source The interface that caused the event.
Table 15-8. Server Status Screen (continued)
Severity Message Cause
Recovering and Troubleshooting the Managed Server 271
Using the iDRAC Log Page Buttons
The iDRAC Log page provides the following buttons (see Table 15-10).
Viewing System Information
The System Summary page displays information about the following system
components:
Main System enclosure
Integrated Dell Remote Access Controller
To access the system information, click System Properties Summary.
Description A brief description of the event and the user name that logged into the
iDRAC.
Table 15-10. iDRAC Log Buttons
Button Action
Print Prints the iDRAC Log page.
Clear Log Clears the iDRAC Log entries.
NOTE: The Clear Log button only appears if you have Clear Logs
permission.
Save As Opens a pop-up window that enables you to save the iDRAC Log to a
directory of your choice.
NOTE: If you are using Internet Explorer and encounter a problem when
saving, be sure to download the Cumulative Security Update for Internet
Explorer, located on the Microsoft Support website at
support.microsoft.com.
Refresh Reloads the iDRAC Log page.
Table 15-9. iDRAC Log Page Information (continued)
Field Description
272 Recovering and Troubleshooting the Managed Server
Main System enclosure
Table 15-11 and Table 15-12 describe the main system enclosure properties.
Integrated Dell Remote Access Controller
Table 15-13 describes the iDRAC properties.
Table 15-11. System Information Fields
Field Description
Description Provides a system description.
BIOS Version Lists the system BIOS version.
Service Tag Lists the system Service Tag number.
Host Name Provides the host system’s name.
OS Name Lists the operating system running on the system.
Table 15-12. Auto Recovery Fields
Field Description
Recovery Action When a system hang is detected, the iDRAC can be configured
to perform one of the following actions: No Action, Hard Reset,
Power Down, or Power Cycle.
Initial Countdown The number of seconds after a system hang is detected at which
the iDRAC will perform a Recovery Action.
Present Countdown The current value, in seconds, of the countdown timer.
Table 15-13. iDRAC Information Fields
Field Description
Date/Time Provides the current date and time on the iDRAC in GMT.
Firmware Version Lists the version of the iDRAC firmware.
CPLD Version Displays the complex programmable logic device (CPLD)
version.
Firmware Updated Lists the date the firmware was last updated. The date is
displayed in UTC format, for example: Tue, 8 May 2007,
22:18:21 UTC.
Recovering and Troubleshooting the Managed Server 273
Identifying the Managed Server in the Chassis
The PowerEdge M1000e chassis holds up to sixteen servers. To locate a
specific server in the chassis, you can use the iDRAC Web interface to turn on
a blue flashing LED on the server. When you turn on the LED, you can
specify the number of seconds that you want the LED to flash to ensure that
you can reach the chassis while the LED is still flashing. Entering 0 leaves the
LED flashing until you disable it.
To identify the server:
1
Click
System
Remote Access
iDRAC
Troubleshooting
.
2
On the
Identify
page, select the check box next to
Identify Server
.
Hardware Version The version number of the primary planar (circuit board) of the
managed server.
IP Address The 32-bit address that identifies the network interface. The
value is displayed in a dot separated format, such as
192.168.154.127.
Gateway The IP Address of the gateway that acts as a bridge to other
networks. This value is in a dot separated format, such as
192.168.150.5.
Subnet Mask The subnet mask identifies the parts of the IP Address that
make up the Extended Network Prefix and the Host Number.
The value is displayed in a dot separated format, such as
255.255.0.0.
MAC Address The Media Access Control (MAC) Address that uniquely
identifies each NIC in a network, for example 00-00-0c-ac-08.
This is a Dell-assigned ID and cannot be edited.
DHCP Enabled Enabled indicates that the Dynamic Host Configuration
Protocol (DHCP) is enabled.
Disabled indicates that DHCP is not enabled.
Preferred DNS
Address 1
Set to the currently active primary DNS server.
Alternate DNS
Address 2
Set to the alternate DNS server address.
Table 15-13. iDRAC Information Fields (continued)
Field Description
274 Recovering and Troubleshooting the Managed Server
3
In the
Identify Server Timeout
field, enter the number of seconds that you
want the LED to blink. Enter 0 if you want the LED to remain flashing
until you disable it.
4
Click
Apply
.
A blue LED on the server will flash for the number of seconds you specified.
If you entered 0 leave the LED flashing, follow these steps to disable it:
1
Click
System
Remote Access
iDRAC
Troubleshooting
.
2
On the
Identify
page, clear the value box next to
Identify Server
.
3
Click
Apply.
Using the Diagnostics Console
The iDRAC provides a standard set of network diagnostic tools (see
Table 15-14) that are similar to the tools included with Microsoft®
Windows® or Linux-based systems. Using the iDRAC Web interface, you can
access the network debugging tools.
To access the Diagnostics Console page, perform the following steps:
1
Click
System
iDRAC
Troubleshooting
.
2
Click the
Diagnostics
tab.
Table 15-14 describes the commands that can be entered on the Diagnostics
Console page. Type a command and click Submit. The debugging results
appear in the Diagnostics Console page.
Click the Clear button to clear the results displayed by the previous
command.
To refresh the Diagnostics Console page, click Refresh.
Table 15-14. Diagnostic Commands
Command Description
arp Displays the contents of the Address Resolution Protocol
(ARP) table. ARP entries may not be added or deleted.
ifconfig Displays the contents of the network interface table.
netstat Prints the content of the routing table.
Recovering and Troubleshooting the Managed Server 275
Managing Power on a Remote System
The iDRAC enables you to remotely perform several power management
actions on the managed server. Use the Power Management page to perform
an orderly shutdown through the operating system when rebooting and
powering on and off.
Before a server powers up, iDRAC provides the CMC with its power envelope
requirement. It may request for a smaller power envelope after the server is
powered up based on the actual power consumed by the server. If the power
consumption increases over time and if the server is consuming power near its
maximum allocation, iDRAC may request for an increase of the maximum
potential power consumption thus increasing the power envelope. iDRAC
only increases its maximum potential power consumption request to the
CMC. It does not request for a lesser minimum potential power if the
consumption decreases.
The CMC reclaims any unused power from lower priority servers and
subsequently allocates the reclaimed power to a higher priority infrastructure
module or a server.
NOTE: You must have Execute Server Action Commands permission to perform
power management actions. See "Adding and Configuring iDRAC Users" on page 83
for help configuring user permissions.
1
Click
System
, then click the
Power Management
tab.
2
Select a
Power Control Action
, for example
Reset System (warm boot)
.
Table 15-15 provides information about Power Control Actions.
3
Click
Apply
to perform the selected action.
ping <IP Address> Verifies that the destination IP address is reachable from the
iDRAC with the current routing-table contents. A
destination IP address must be entered in the field to the
right of this option. An Internet control message protocol
(ICMP) echo packet is sent to the destination IP address
based on the current routing-table contents.
gettracelog Displays the iDRAC trace log. See "gettracelog" on page 302
for more information.
Table 15-14. Diagnostic Commands (continued)
Command Description
276 Recovering and Troubleshooting the Managed Server
4
Click the appropriate button to continue. See Table 15-15.
NOTE: A graceful shutdown of the server operating system may not be possible if
the server software stops responding or if an administrator is not logged in at the
local console of a Windows 2000 Server or newer system. In these cases, you must
specify a forced shutdown instead of a graceful shutdown due to the Windows
security design. Windows Server 2003 and newer contains a group policy security
setting to allow graceful shutdowns without Administrator login. Consult Microsoft
documentation for the local computer policy “Shutdown: Allow system to be shut
down without having to login.”
Table 15-15. Power Control Actions
Power On
System
Turns on the system power (equivalent to pressing the power button
when the system power is off).
Power Off
System
Turns off the system power (equivalent to pressing the power button
when the system power is on).
NMI (Non-
Masking
Interrupt)
Sends a high-level interrupt to the operating system, which causes
the system to halt operation to allow for critical diagnostic or
troubleshooting activities.
Graceful
Shutdown
Attempts to cleanly shut down the operating system, then powers
off the system. It requires an ACPI (Advanced Configuration and
Power Interface) aware operating system, which allows for system
directed power management.
Reset System
(warm boot)
Reboots the system without powering off (warm boot).
Power Cycle
System (cold
boot)
Powers off, then reboots the system (cold boot).
Table 15-16. Power Management Page Buttons
Button Action
Print Prints the Power Management values that appear on the screen.
Refresh Reloads the Power Management page.
Apply Saves any new settings that you make while viewing the Power
Management page.
Recovering and Troubleshooting the Managed Server 277
Troubleshooting and Frequently Asked Questions
Table 15-17 contains frequently asked questions about troubleshooting
issues.
Table 15-17. Frequently Asked Questions/Troubleshooting
Question Answer
The LED on the server is
blinking amber.
Check the SEL for messages and then clear the SEL to
stop the blinking LED.
From the iDRAC Web interface:
See "Checking the System Event Log (SEL)" on
page 259
From SM-CLP:
See "SEL Management" on page 231
From the iDRAC Configuration Utility:
See "System Event Log Menu" on page 253
There is a blinking blue
LED on the server.
A user has activated the locator ID for the server. This is
a signal to help them identify the server in the chassis.
See "Identifying the Managed Server in the Chassis" on
page 273 for information about this feature.
278 Recovering and Troubleshooting the Managed Server
How can I find the IP
address of the iDRAC?
From the CMC Web interface:
1
Click
Chassis
Servers
, then click the
Setup
tab.
2
Click
Deploy
.
3
Read the IP address for your server from the table that
is displayed.
From the iKVM:
Reboot the server and enter the iDRAC Configuration
Utility by pressing <Ctrl><E>
OR
Watch for the IP address to display during BIOS POST.
OR
Select the "Dell CMC" console in the OSCAR to log
into the CMC through a local serial connection.
CMC RACADM commands can be issued from this
connection. See the
Dell Chassis Management
Controller Administrator Reference Guide
for a
complete list of the CMC RACADM subcommands.
How can I find the IP
address of the iDRAC?
(continued)
For example:
$ racadm getniccfg -m server-1
DHCP Enabled = 1
IP Address = 192.168.0.1
Subnet Mask = 255.255.255.0
Gateway = 192.168.0.1
From local RACADM:
1
Enter the following command at a command prompt:
racadm getsysinfo
From the LCD:
1
On the Main Menu, highlight
Server
and press the
check button.
2
Select the server whose IP address you seek and press
the check button.
Table 15-17. Frequently Asked Questions/Troubleshooting (continued)
Question Answer
Recovering and Troubleshooting the Managed Server 279
How can I find the IP
address of the CMC?
From the iDRAC Web interface:
Click
System
Remote Access
CMC
.
The CMC IP address is displayed on the
CMC
page.
OR
Select the "Dell CMC" console in the OSCAR to log
into the CMC through a local serial connection. CMC
RACADM commands can be issued from this
connection. See the
Dell Chassis Management
Controller Administrator Reference Guide
for a
complete list of the CMC RACADM subcommands.
$ racadm getniccfg -m chassis
NIC Enabled = 1
DHCP Enabled = 1
Static IP Address = 192.168.0.120
Static Subnet Mask = 255.255.255.0
Static Gateway = 192.168.0.1
Current IP Address = 10.35.155.151
Current Subnet Mask = 255.255.255.0
Current Gateway = 10.35.155.1
Speed = Autonegotiate
Duplex = Autonegotiate
The iDRAC network
connection is not working.
Ensure the LAN cable is connected to the CMC.
Ensure the iDRAC LAN is enabled.
I inserted the server into
the chassis and pressed the
power button, but nothing
happened.
The iDRAC requires about 30 seconds to initialize
before the server can power up. Wait for 30 seconds and
then press the power button again.
Check the CMC power budget. The chassis power
budget may be exceeded.
Table 15-17. Frequently Asked Questions/Troubleshooting (continued)
Question Answer
280 Recovering and Troubleshooting the Managed Server
I have forgotten the
iDRAC administrative user
name and password.
You must restore the iDRAC to its default settings.
1
Reboot the server and press <Ctrl><E> when
prompted to enter the iDRAC Configuration Utility.
2
On the configuration utility menu, highlight
Reset to
Default
and press <Enter>.
For more information, see "Reset to Default" on
page 253.
How can I change the
name of the slot for my
server?
1
Log in to the CMC Web interface.
2
Open the
Chassis
tree and click
Servers
.
3
Click the
Setup
tab.
4
Type the new name for the slot in the row for your
server.
5
Click
Apply
.
When starting a console
redirection session from
the iDRAC Web interface,
an ActiveX security popup
appears.
The iDRAC may not be a trusted site from the client
browser.
To prevent the security popup from appearing every time
you begin a console redirection session, add the iDRAC
to the trusted site list:
1
Click
Tools
Internet Options…
Security
Trusted
sites
.
2
Click
Sites
and enter the IP address or DNS name of
the iDRAC.
3
Click
Add
.
When I start a console
redirection session, the
viewer screen is blank.
If you have Virtual Media privilege but not Console
Redirection privilege, you are able to start the viewer so
that you can access the virtual media feature, but the
managed server’s console will not display.
The iDRAC does not boot. Remove and reinsert the server.
Check the CMC Web interface to see if the iDRAC
appears as an upgradable component. If it does, follow
the instructions at "Recovering iDRAC Firmware Using
the CMC" on page 103.
If this does not correct the problem, contact Technical
Support.
Table 15-17. Frequently Asked Questions/Troubleshooting (continued)
Question Answer
Recovering and Troubleshooting the Managed Server 281
When attempting to boot
the managed server, the
power indicator is green,
but there is no POST or no
video at all.
This can happen if any of the following conditions is
true:
Memory is not installed or is inaccessible.
The CPU is not installed or is inaccessible.
The video riser card is missing or improperly connected.
Also, look for error messages in the iDRAC log from the
iDRAC Web interface or from the LCD.
Table 15-17. Frequently Asked Questions/Troubleshooting (continued)
Question Answer
282 Recovering and Troubleshooting the Managed Server
RACADM Subcommand Overview 283
RACADM Subcommand Overview
This section provides descriptions of the subcommands that are available in
the RACADM command line interface.
CAUTION: The latest iDRAC firmware supports only the latest RACADM version.
You may encounter errors if you use an older version of RACADM to query an
iDRAC with the latest firmware. Install the RACADM version shipped with your
latest Dell™ OpenManage™ DVD media.
help
Table A-1 describes the help command.
Synopsis
racadm help
racadm help <
subcommand
>
Description
The help subcommand lists all of the subcommands that are available when
using the racadm command along with a one-line description. You may also
type a subcommand after help to get the syntax for a specific subcommand.
Output
The racadm help command displays a complete list of subcommands.
Table A-1. Help Command
Command Definition
help Lists all of the subcommands available to use with
racadm and provides a short description for each.
284 RACADM Subcommand Overview
The racadm help <subcommand> command displays information for the
specified subcommand only.
Supported Interfaces
Local RACADM
config
Table A-2 describes the config and getconfig subcommands.
Synopsis
racadm config [-c|-p] -f <
filename
>
racadm config -g <
groupName
> -o <
objectName
> [-i
<
index
>] <
value
>
Supported Interfaces
Local RACADM
Description
The config subcommand allows you to set iDRAC configuration parameters
individually or to batch them as part of a configuration file. If the data is
different, that iDRAC object is written with the new value.
Input
Table A-3 describes the config subcommand options.
Table A-2. config/getconfig
Subcommand Definition
config Configures the iDRAC.
getconfig Gets the iDRAC configuration data.
RACADM Subcommand Overview 285
Output
This subcommand generates error output upon encountering either of the
following:
Invalid syntax, group name, object name, index, or other invalid database
members
RACADM CLI failures
This subcommand returns an indication of how many configuration objects
that were written out of how many total objects were in the .cfg file.
Examples
racadm config -g cfgLanNetworking -o
cfgNicIpAddress 10.35.10.110
Table A-3. config Subcommand Options and Descriptions
Option Description
-f The -f <filename> option causes config to read the contents of the file
specified by <filename> and configure the iDRAC. The file must contain
data in the format specified in "Configuration File Syntax" on page 217.
-p The -p, or password, option directs config to delete the password entries
contained in the config file -f <filename> after the configuration is
complete.
-g The -g <groupName>, or group, option must be used with the -o option.
The <groupName> specifies the group containing the object that is to be
set.
-o The -o <objectName> <value>, or object, option must be used with the
-g option. This option specifies the object name that is written with the
string <value>.
-i The -i <index>, or index, option is only valid for indexed groups and can
be used to specify a unique group. The index is specified here by the index
value, not a "named" value.
-c The -c, or check, option is used with the config subcommand and allows
you to parse the .cfg file to find syntax errors. If errors are found, the line
number and a short description of what is incorrect are displayed. Writes
do not occur to the iDRAC. This option is a check only.
286 RACADM Subcommand Overview
Sets the
cfgNicIpAddress
configuration parameter (object) to the value
10.35.10.110. This IP address object is contained in the group
cfgLanNetworking
.
racadm config -f myrac.cfg
Configures or reconfigures the iDRAC. The
myrac.cfg
file may be created
with the
getconfig
command. The
myrac.cfg
file may also be edited
manually as long as the parsing rules are followed.
NOTE: The myrac.cfg file does not contain passwords. To include passwords
in the file, you must enter them manually. If you want to remove passwords
from the myrac.cfg file during configuration, use the -p option.
getconfig
The getconfig subcommand allows you to retrieve iDRAC configuration
parameters individually, or all the iDRAC configuration groups may be
retrieved and saved into a file.
Input
Table A-4 describes the getconfig subcommand options.
NOTE: The -f option without a file specification will output the contents of the file to
the terminal screen.
Table A-4. getconfig Subcommand Options
Option Description
-f The -f <filename> option directs getconfig to write the entire iDRAC
configuration to a configuration file. This file can then be used for batch
configuration operations using the config subcommand.
NOTE: The -f option does not create entries for the cfgIpmiPet and
cfgIpmiPef groups. You must set at least one trap destination to capture the
cfgIpmiPet group to the file.
-g The -g <groupName>, or group, option can be used to display the
configuration for a single group. The groupName is the name for the group
used in the racadm.cfg files. If the group is an indexed group, use the -i
option.
RACADM Subcommand Overview 287
Output
This subcommand generates error output upon encountering either of the
following:
Invalid syntax, group name, object name, index, or other invalid database
members
RACADM CLI transport failures
If errors are not encountered, this subcommand displays the contents of the
specified configuration.
Examples
racadm getconfig -g cfgLanNetworking
Displays all of the configuration properties (objects) that are contained in
the group
cfgLanNetworking
.
racadm getconfig -f myrac.cfg
Saves all group configuration objects from the iDRAC to
myrac.cfg
.
racadm getconfig -h
-h The -h, or help, option displays a list of all available configuration groups
that you can use. This option is useful when you do not remember exact
group names.
-i The -i <index>, or index, option is valid only for indexed groups and can
be used to specify a unique group. If -i <index> is not specified, a value of
1 is assumed for groups, which are tables that have multiple entries. The
index is specified by the index value, not a "named" value.
-o The -o <objectname>, or object, option specifies the object name that is
used in the query. This option can be used with the -g option.
-u The -u <username>, or user name, option can be used to display the
configuration for the specified user. The <username> option is the login
name for the user.
-v The -v, or verbose, option displays additional details with the display of the
properties and is used with the -g option.
Table A-4. getconfig Subcommand Options (continued)
Option Description
288 RACADM Subcommand Overview
Displays a list of the available configuration groups on the iDRAC.
racadm getconfig -u root
Displays the configuration properties for the user named
root
.
racadm getconfig -g cfgUserAdmin -i 2 -v
Displays the user group instance at index 2 with extensive information for
the property values.
Synopsis
racadm getconfig -f <
filename
>
racadm getconfig -g <
groupName
> [-i <
index
>]
racadm getconfig -u <
username
>
racadm getconfig -h
Supported Interfaces
Local RACADM
getssninfo
Table A-5 describes the getssninfo subcommand.
Synopsis
racadm getssninfo [-A] [-u <
username
> | *]
Description
The getssninfo command returns a list of users that are connected to the
iDRAC. The summary information provides the following information:
•Username
Table A-5. getssninfo Subcommand
Subcommand Definition
getssninfo Retrieves session information for one or more
currently active or pending sessions from the Session
Manager's session table.
RACADM Subcommand Overview 289
IP address (if applicable)
Session type (for example, SSH or telnet)
Consoles in use (for example, Virtual Media or Virtual KVM)
Supported Interfaces
Local RACADM
Input
Table A-6 describes the getssninfo subcommand options.
Examples
racadm getssninfo
Table A-7 provides an example of output from the racadm getssninfo
command.
racadm getssninfo -A
"root" 192.168.174.19 "Telnet" "NONE"
racadm getssninfo -A -u *
"root" "192.168.174.19" "Telnet" "NONE"
"bob" "192.168.174.19" "GUI" "NONE"
Table A-6. getssninfo Subcommand Options
Option Description
-A The -A option eliminates the printing of data headers.
-u The -u <username> user name option limits the printed output to only the
detail session records for the given user name. If an asterisk (*) symbol is
given as the user name, all users are listed. Summary information is not
printed when this option is specified.
Table A-7. getssninfo Subcommand Output Example
User IP Address Type Consoles
root 192.168.0.10 Telnet Virtual KVM
290 RACADM Subcommand Overview
getsysinfo
Table A-8 describes the racadm getsysinfo subcommand.
Synopsis
racadm getsysinfo [-d] [-s] [-w] [-A]
Description
The getsysinfo subcommand displays information related to the iDRAC,
managed server, and watchdog configuration.
Supported Interfaces
Local RACADM
Input
Table A-9 describes the getsysinfo subcommand options.
Output
The getsysinfo subcommand displays information related to the iDRAC,
managed server, and watchdog configuration.
Table A-8. getsysinfo
Command Definition
getsysinfo Displays iDRAC information, system information,
and watchdog status information.
Table A-9. getsysinfo Subcommand Options
Option Description
-d Displays iDRAC information.
-s Displays system information
-w Displays watchdog information
-A Eliminates the printing of headers/labels.
RACADM Subcommand Overview 291
Sample Output
RAC Information:
RAC Date/Time = Wed Aug 22 20:01:33 2007
Firmware Version = 0.32
Firmware Build = 13661
Last Firmware Update = Mon Aug 20 08:09:36 2007
Hardware Version = NA
Current IP Address = 192.168.0.120
Current IP Gateway = 192.168.0.1
Current IP Netmask = 255.255.255.0
DHCP Enabled = 1
MAC Address = 00:14:22:18:cd:f9
Current DNS Server 1 = 10.32.60.4
Current DNS Server 2 = 10.32.60.5
DNS Servers from DHCP = 1
Register DNS RAC Name = 1
DNS RAC Name = iDRAC-783932693338
Current DNS Domain = us.dell.com
System Information:
System Model = PowerEdge M600
System BIOS Version = 0.2.1
BMC Firmware Version = 0.32
Service Tag = 48192
Host Name = dell-x92i38xc2n
OS Name =
Power Status = OFF
Watchdog Information:
Recovery Action = None
Present countdown value = 0 seconds
Initial countdown value = 0 seconds
292 RACADM Subcommand Overview
Examples
racadm getsysinfo -A -s
"System Information:" "PowerEdge M600" "0.2.1"
"0.32" "48192" "dell-x92i38xc2n" "" "ON"
racadm getsysinfo -w -s
System Information:
System Model = PowerEdge M600
System BIOS Version = 0.2.1
BMC Firmware Version = 0.32
Service Tag = 48192
Host Name = dell-x92i38xc2n
OS Name =
Power Status = ON
Watchdog Information:
Recovery Action = None
Present countdown value = 0 seconds
Initial countdown value = 0 seconds
Restrictions
The Hostname and OS Name fields in the getsysinfo output display accurate
information only if Dell OpenManage is installed on the managed server. If
OpenManage is not installed on the managed server, these fields may be
blank or inaccurate.
getractime
Table A-10 describes the getractime subcommand.
Table A-10. getractime
Subcommand Definition
getractime Displays the current time from the remote access
controller.
RACADM Subcommand Overview 293
Synopsis
racadm getractime [-d]
Description
With no options, the getractime subcommand displays the time in a
common readable format.
With the -d option, getractime displays the time in the format,
yyyymmddhhmmss.mmmmmms
, which is the same format returned by the
UNIX date command.
Output
The getractime subcommand displays the output on one line.
Sample Output
racadm getractime
Thu Dec 8 20:15:26 2005
racadm getractime -d
20071208201542.000000
Supported Interfaces
Local RACADM
setniccfg
Table A-11 describes the setniccfg subcommand.
Table A-11. setniccfg
Subcommand Definition
setniccfg Sets the IP configuration for the controller.
294 RACADM Subcommand Overview
Synopsis
racadm setniccfg -d
racadm setniccfg -s [<
ipAddress
> <
netmask
> <
gateway
>]
racadm setniccfg -o [<
ipAddress
> <
netmask
> <
gateway
>]
Description
The setniccfg subcommand sets the iDRAC IP address.
•The
-d
option enables DHCP for the NIC (default is DHCP enabled).
•The
-s
option enables static IP settings. The IP address, netmask, and
gateway can be specified. Otherwise, the existing static settings are used.
<
ipAddress
>, <
netmask
>, and <
gateway
> must be typed as dot-
separated strings.
racadm setniccfg -s 192.168.0.120 255.255.255.0
192.168.0.1
•The
-o
option disables the NIC completely.
<
ipAddress
>
,
<
netmask
>
,
and
<
gateway
>
must be typed as dot-separated strings.
racadm setniccfg -o 192.168.0.120 255.255.255.0
192.168.0.1
Output
The setniccfg subcommand displays an appropriate error message if the
operation is not successful. If successful, a message is displayed.
Supported Interfaces
Local RACADM
RACADM Subcommand Overview 295
getniccfg
Table A-12 describes the getniccfg subcommand.
Synopsis
racadm getniccfg
Description
The getniccfg subcommand displays the current NIC settings.
Sample Output
The getniccfg subcommand will display an appropriate error message if the
operation is not successful. Otherwise, on success, the output is displayed in
the following format:
NIC Enabled = 1
DHCP Enabled = 1
IP Address = 192.168.0.1
Subnet Mask = 255.255.255.0
Gateway = 192.168.0.1
Supported Interfaces
Local RACADM
Table A-12. getniccfg
Subcommand Definition
getniccfg Displays the current IP configuration for the
iDRAC.
296 RACADM Subcommand Overview
getsvctag
Table A-13 describes the getsvctag subcommand.
Synopsis
racadm getsvctag
Description
The getsvctag subcommand displays the service tag of the host system.
Example
Type getsvctag at the command prompt. The output is displayed as
follows:
Y76TP0G
The command returns 0 on success and nonzero on errors.
Supported Interfaces
Local RACADM
racreset
Table A-14 describes the racreset subcommand.
NOTE: When you issue a racreset subcommand, the iDRAC may require up to one
minute to return to a usable state.
Table A-13. getsvctag
Subcommand Definition
getsvctag Displays a service tag.
Table A-14. racreset
Subcommand Definition
racreset Resets the iDRAC.
RACADM Subcommand Overview 297
Synopsis
racadm racreset
Description
The racreset subcommand issues a reset to the iDRAC. The reset event is
written into the iDRAC log.
Examples
racadm racreset
Start the iDRAC soft reset sequence.
Supported Interfaces
Local RACADM
racresetcfg
Table A-15 describes the racresetcfg subcommand.
Synopsis
racadm racresetcfg
Supported Interfaces
Local RACADM
Description
The racresetcfg command removes all user-configured database property
entries. The database has default properties for all entries that are used to
restore the iDRAC back to the default settings.
Table A-15. racresetcfg
Subcommand Definition
racresetcfg Resets the entire RAC configuration to factory default values.
298 RACADM Subcommand Overview
NOTE: This command deletes your current iDRAC configuration and resets the
iDRAC configuration to the default settings. After reset, the default name and
password are root and calvin, respectively, and the IP address is 192.168.0.120 plus
the number of the slot the server inhabits in the chassis.
serveraction
Table A-16 describes the serveraction subcommand.
Synopsis
racadm serveraction <
action
>
Description
The serveraction subcommand enables users to perform power management
operations on the host system. Table A-17 describes the serveraction power
control options.
Table A-16. serveraction
Subcommand Definition
serveraction Executes a managed server reset or power-on/off/cycle.
Table A-17. serveraction Subcommand Options
String Definition
<action>Specifies the action. The <action> string options are:
powerdown
— Powers down the managed server.
powerup
— Powers up the managed server.
powercycle
— Issues a power-cycle operation on the managed server.
This action is similar to pressing the power button on the system’s
front panel to power down and then power up the system.
powerstatus
— Displays the current power status of the server (
ON
, or
OFF
).
hardreset
— Performs a reset (reboot) operation on the managed
server.
RACADM Subcommand Overview 299
Output
The serveraction subcommand displays an error message if the requested
operation could not be performed, or a success message if the operation
completed successfully.
Supported Interfaces
Local RACADM
getraclog
Table A-18 describes the racadm getraclog command.
Synopsis
racadm getraclog -i
racadm getraclog [-A] [-o] [-c
count
] [-s
start-
record
] [-m]
Description
The getraclog -i command displays the number of entries in the iDRAC log.
NOTE: If no options are provided, the entire log is displayed.
The following options allow the getraclog command to read entries:
Table A-18. getraclog
Command Definition
getraclog -i Displays the number of entries in the iDRAC log.
getraclog Displays the iDRAC log entries.
Table A-19. getraclog Subcommand Options
Option Description
-A Displays the output with no headers or labels.
-c Provides the maximum count of entries to be returned.
-m Displays one screen of information at a time and prompts the user to
continue (similar to the UNIX more command).
300 RACADM Subcommand Overview
Output
The default output display shows the record number, time stamp, source, and
description. The timestamp begins at midnight, January 1 and increases until
the managed server boots. After the managed server boots, the managed
server’s system time is used for the timestamp.
Sample Output
Record: 1
Date/Time: Dec 8 08:10:11
Source: login[433]
Description: root login from 192.168.157.103
Supported Interfaces
Local RACADM
clrraclog
Synopsis
racadm clrraclog
Description
The clrraclog subcommand removes all existing records from the iDRAC log.
A new single record is created to record the date and time when the log was
cleared.
-o Displays the output in a single line.
-s Specifies the starting record used for the display.
Table A-19. getraclog Subcommand Options (continued)
Option Description
RACADM Subcommand Overview 301
getsel
Table A-20 describes the getsel command.
Synopsis
racadm getsel -i
racadm getsel [-E] [-R] [-A] [-o] [-c
count
] [-s
count
] [-m]
Description
The getsel -i command displays the number of entries in the SEL.
The following getsel options (without the -i option) are used to read entries.
NOTE: If no arguments are specified, the entire log is displayed.
Table A-20. getsel
Command Definition
getsel -i Displays the number of entries in the System
Event Log.
getsel Displays SEL entries.
Table A-21. getsel Subcommand Options
Option Description
-A Specifies output with no display headers or labels.
-c Provides the maximum count of entries to be returned.
-o Displays the output in a single line.
-s Specifies the starting record used for the display.
-E Places the 16 bytes of raw SEL at the end of each line of output as a
sequence of hex values.
-R Only the raw data is printed.
-m Displays one screen at a time and prompts the user to continue (similar to
the UNIX more command).
302 RACADM Subcommand Overview
Output
The default output display shows the record number, timestamp, severity, and
description.
For example:
Record: 1
Date/Time: 11/16/2005 22:40:43
Severity: Ok
Description: System Board SEL: event log sensor for
System Board, log cleared was asserted
Supported Interfaces
Local RACADM
clrsel
Synopsis
racadm clrsel
Description
The clrsel command removes all existing records from the System Event Log
(SEL).
Supported Interfaces
Local RACADM
gettracelog
Table A-22 describes the gettracelog subcommand.
Table A-22. gettracelog
Command Definition
gettracelog -i Displays the number of entries in the iDRAC trace
log.
gettracelog Displays the iDRAC trace log.
RACADM Subcommand Overview 303
Synopsis
racadm gettracelog -i
racadm gettracelog [-A] [-o] [-c count] [-s
startrecord] [-m]
Description
The gettracelog (without the -i option) command reads entries. The
following gettracelog entries are used to read entries:
Output
The default output display shows the record number, timestamp, source, and
description. The timestamp begins at midnight, January 1 and increases until
the managed system boots. After the managed system boots, the managed
system’s system time is used for the timestamp.
For example:
Record: 1
Date/Time: Dec 8 08:21:30
Source: ssnmgrd[175]
Description: root from 192.168.157.103: session
timeout sid 0be0aef4
Table A-23. gettracelog Subcommand options
Option Description
-i Displays the number of entries in the iDRAC trace log.
-m Displays one screen at a time and prompts the user to continue (similar
to the UNIX more command).
-o Displays the output in a single line.
-c specifies the number of records to display.
-s specifies the starting record to display.
-A do not display headers or labels.
304 RACADM Subcommand Overview
Supported Interfaces
Local RACADM
sslcsrgen
Table A-24 describes the sslcsrgen subcommand.
Synopsis
racadm sslcsrgen [-g] [-f <
filename
>]
racadm sslcsrgen -s
Description
The sslcsrgen subcommand can be used to generate a CSR and download the
file to the client’s local file system. The CSR can be used for creating a
custom SSL certificate that can be used for SSL transactions on the RAC.
Options
Table A-25 describes the sslcsrgen subcommand options.
NOTE: If the -f option is not specified, the filename defaults to sslcsr in your current
directory.
Table A-24. sslcsrgen
Subcommand Description
sslcsrgen Generates and downloads an SSL certificate signing
request (CSR) from the RAC.
Table A-25. sslcsrgen Subcommand Options
Option Description
-g Generates a new CSR.
-s Returns the status of a CSR generation process (generation in progress,
active, or none).
-f Specifies the filename of the location, <filename>, where the CSR will be
downloaded.
RACADM Subcommand Overview 305
If no options are specified, a CSR is generated and downloaded to the local
file system as sslcsr by default. The -g option cannot be used with the -s
option, and the -f option can only be used with the -g option.
The sslcsrgen -s subcommand returns one of the following status codes:
CSR was generated successfully.
CSR does not exist.
CSR generation in progress.
NOTE: Before a CSR can be generated, the CSR fields must be configured in the
RACADM cfgRacSecurity group. For example: racadm config -g
cfgRacSecurity -o cfgRacSecCsrCommonName MyCompany
Examples
racadm sslcsrgen -s
or
racadm sslcsrgen -g -f c:\csr\csrtest.txt
Supported Interfaces
•Local RACADM
sslcertupload
Table A-26 describes the sslcertupload subcommand.
Synopsis
racadm sslcertupload -t <
type
> [-f <
filename
>]
Table A-26. sslcertupload
Subcommand Description
sslcertupload Uploads a custom SSL server or CA certificate from
the client to the iDRAC.
306 RACADM Subcommand Overview
Options
Table A-27 describes the sslcertupload subcommand options.
The sslcertupload command returns 0 when successful and returns a nonzero
number when unsuccessful.
Example
racadm sslcertupload -t 1 -f c:\cert\cert.txt
Supported Interfaces
Local RACADM
sslcertdownload
Table A-28 describes the sslcertdownload subcommand.
Synopsis
racadm sslcertdownload -t <
type
> [-f <
filename
>]
Table A-27. sslcertupload Subcommand Options
Option Description
-t Specifies the type of certificate to upload, either the CA certificate or
server certificate.
1 = server certificate
2 = CA certificate
-f Specifies the file name of the certificate to be uploaded. If the file is not
specified, the sslcert file in the current directory is selected.
Table A-28. sslcertdownload
Subcommand Description
sslcertdownload Downloads an SSL certificate from the RAC to the
client’s file system.
RACADM Subcommand Overview 307
Options
Table A-29 describes the sslcertdownload subcommand options.
The sslcertdownload command returns 0 when successful and returns a
nonzero number when unsuccessful.
Example
racadm sslcertdownload -t 1 -f c:\cert\cert.txt
Supported Interfaces
Local RACADM
sslcertview
Table A-30 describes the sslcertview subcommand.
Synopsis
racadm sslcertview -t <
type
> [-A]
Table A-29. sslcertdownload Subcommand Options
Option Description
-t Specifies the type of certificate to download, either the Microsoft®
Active Directory® certificate or server certificate.
1 = server certificate
2 = Microsoft Active Directory certificate
-f Specifies the file name of the certificate to be downloaded. If the -f
option or the filename is not specified, the sslcert file in the current
directory is selected.
Table A-30. sslcertview
Subcommand Description
sslcertview Displays the SSL server or CA certificate that exists
on the iDRAC.
308 RACADM Subcommand Overview
Options
Table A-31 describes the sslcertview subcommand options.
Output Example
racadm sslcertview -t 1
Serial Number : 00
Subject Information:
Country Code (CC) : US
State (S) : Texas
Locality (L) : Round Rock
Organization (O) : Dell Inc.
Organizational Unit (OU) : Remote Access Group
Common Name (CN) : iDRAC default certificate
Issuer Information:
Country Code (CC) : US
State (S) : Texas
Locality (L) : Round Rock
Organization (O) : Dell Inc.
Organizational Unit (OU) : Remote Access Group
Common Name (CN) : iDRAC default certificate
Table A-31. sslcertview Subcommand Options
Option Description
-t Specifies the type of certificate to view, either the Microsoft Active
Directory certificate or server certificate.
1 = server certificate
2 = Microsoft Active Directory certificate
-A Prevents printing headers/labels.
RACADM Subcommand Overview 309
Valid From : Jul 8 16:21:56 2005 GMT
Valid To : Jul 7 16:21:56 2010 GMT
racadm sslcertview -t 1 -A
00
US
Texas
Round Rock
Dell Inc.
Remote Access Group
iDRAC default certificate
US
Texas
Round Rock
Dell Inc.
Remote Access Group
iDRAC default certificate
Jul 8 16:21:56 2005 GMT
Jul 7 16:21:56 2010 GMT
Supported Interfaces
Local RACADM
testemail
Table A-32 describes the testemail subcommand.
Synopsis
racadm testemail -i <
index
>
Table A-32. testemail configuration
Subcommand Description
testemail Tests the iDRAC’s e-mail alerting feature.
310 RACADM Subcommand Overview
Description
Sends a test e-mail from the iDRAC to a specified destination.
Prior to executing the testemail command, ensure that the SMTP server
is configured and the specified index in the RACADM cfgEmailAlert group is
enabled and configured properly. Table A-33 provides an example of
commands for the cfgEmailAlert group.
Options
Table A-34 describes the testemail subcommand options.
Table A-33. testemail Configuration
Action Command
Enable the alert racadm config -g cfgEmailAlert -o
cfgEmailAlertEnable
-i 1 1
Set the destination e-
mail address
racadm config -g cfgEmailAlert -o
cfgEmailAlertAddress -i 1
user1@mycompany.com
Set the custom message
that is sent to the
destination e-mail
address
racadm config -g cfgEmailAlert -o
cfgEmailAlertCustomMsg -i 1 "This is a
test!"
Ensure the SNMP IP
address is configured
properly
racadm config -g cfgRemoteHosts -o
cfgRhostsSmtpServerIpAddr -i
192.168.0.152
View the current e-mail
alert settings
racadm getconfig -g cfgEmailAlert -i
<index>
where
<index>
is a number from 1 to 4
Table A-34. testemail Subcommand Option
Option Description
-i Specifies the index of the e-mail alert to
test.
RACADM Subcommand Overview 311
Output
None.
Supported Interfaces
Local RACADM
testtrap
Table A-35 describes the testtrap subcommand.
Synopsis
racadm testtrap -i <
index
>
Description
The testtrap subcommand tests the iDRAC’s SNMP trap alerting feature by
sending a test trap from the iDRAC to a specified destination trap listener on
the network.
Before you execute the testtrap subcommand, ensure that the specified index
in the RACADM cfgIpmiPet group is configured properly.
Table A-36 provides a list and associated commands for the cfgIpmiPet
group.
Table A-35. testtrap
Subcommand Description
testtrap Tests the iDRAC’s SNMP trap alerting feature.
Table A-36. cfg e-mail Alert Commands
Action Command
Enable the alert racadm config -g cfgIpmiPet -o
cfgIpmiPetAlertEnable -i 1 1
Set the destination e-
mail IP address
racadm config -g cfgIpmiPet -o
cfgIpmiPetAlertDestIpAddr -i 1
192.168.0.110
312 RACADM Subcommand Overview
Input
Table A-37 describes the testtrap subcommand options.
Supported Interfaces
Local RACADM
clearasrscreen
Synopsis
racadm clearasrscreen
Description
Clear the last crash (ASR) screen.
Supported Interfaces
Local RACADM
View the current test trap
settings
racadm getconfig -g cfgIpmiPet -i
<index>
where <index> is a number from 1 to 4
Table A-37. testtrap Subcommand Options
Option Description
-i Specifies the index of the trap configuration to use for the test Valid
values are from 1 to 4.
Table A-36. cfg e-mail Alert Commands
Action Command
iDRAC Property Database Group and Object Definitions 313
iDRAC Property Database Group
and Object Definitions
The iDRAC property database contains the configuration information for the
iDRAC. Data is organized by associated object, and objects are organized by
object group. The IDs for the groups and objects that the property database
supports are listed in this section.
Use the group and object IDs with the RACADM utility to configure the
iDRAC. The following sections describe each object and indicate whether the
object is readable, writable, or both.
All string values are limited to displayable ASCII characters, except where
otherwise noted.
Displayable Characters
Displayable characters include the following set:
abcdefghijklmnopqrstuvwxwz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
0123456789~`!@#$%^&*()_+-={}[]|\:";'<>,.?/
idRacInfo
This group contains display parameters to provide information about the
specifics of the iDRAC being queried.
One instance of the group is allowed. The following subsections describe the
objects in this group.
314 iDRAC Property Database Group and Object Definitions
idRacProductInfo (Read Only)
Legal Values
String of up to 63 ASCII characters.
Default
Integrated Dell Remote Access Controller
Description
A text string that identifies the product.
idRacDescriptionInfo (Read Only)
Legal Values
String of up to 255 ASCII characters.
Default
This system component provides a complete set of remote management
functions for Dell PowerEdge servers.
Description
A text description of the RAC type.
idRacVersionInfo (Read Only)
Legal Values
String of up to 63 ASCII characters.
Default
1.0
Description
A string containing the current product firmware version.
iDRAC Property Database Group and Object Definitions 315
idRacBuildInfo (Read Only)
Legal Values
String of up to 16 ASCII characters.
Default
The current RAC firmware build version. For example, "05.12.06".
Description
A string containing the current product build version.
idRacName (Read Only)
Legal Values
String of up to 15 ASCII characters.
Default
iDRAC
Description
A user assigned name to identify this controller.
idRacType (Read Only)
Default
8
Description
Identifies the remote access controller type as the iDRAC.
316 iDRAC Property Database Group and Object Definitions
cfgLanNetworking
This group contains parameters to configure the iDRAC NIC.
One instance of the group is allowed. All objects in this group will require the
iDRAC NIC to be reset, which may cause a brief loss in connectivity. Objects
that change the iDRAC NIC IP address settings will close all active user
sessions and require users to reconnect using the updated IP address settings.
cfgDNSDomainNameFromDHCP (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Specifies that the iDRAC DNS domain name should be assigned from the
network DHCP server.
cfgDNSDomainName (Read/Write)
Legal Values
String of up to 250 ASCII characters. At least one of the characters must be
alphabetic. Characters are restricted to alphanumeric, '-' and '.'.
NOTE: Microsoft® Active Directory® only supports Fully Qualified Domain Names
(FQDN) of 64 bytes or fewer.
Default
""
Description
The DNS domain name. This parameter is only valid if
cfgDNSDomainNameFromDHCP is set to 0 (FALSE).
iDRAC Property Database Group and Object Definitions 317
cfgDNSRacName (Read/Write)
Legal Values
String of up to 63 ASCII characters. At least one character must be
alphabetic.
NOTE: Some DNS servers only register names of 31 characters or fewer.
Default
rac-service tag
Description
Displays the RAC name, which is rac-service tag by default. This parameter is
only valid if cfgDNSRegisterRac is set to 1 (TRUE).
cfgDNSRegisterRac (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Registers the iDRAC name on the DNS server.
cfgDNSServersFromDHCP (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
318 iDRAC Property Database Group and Object Definitions
Description
Specifies that the DNS server IP addresses should be assigned from the
DHCP server on the network.
cfgDNSServer1 (Read/Write)
Legal Values
A string representing a valid IP address. For example: 192.168.0.20.
Description
Specifies the IP address for DNS server 1. This property is only valid if
cfgDNSServersFromDHCP is set to 0 (FALSE).
NOTE: cfgDNSServer1 and cfgDNSServer2 may be set to identical values while
swapping addresses.
cfgDNSServer2 (Read/Write)
Legal Values
A string representing a valid IP address. For example: 192.168.0.20.
Default
0.0.0.0
Description
Retrieves the IP address for DNS server 2. This parameter is only valid if
cfgDNSServersFromDHCP is set to 0 (FALSE).
NOTE: cfgDNSServer1 and cfgDNSServer2 may be set to identical values while
swapping addresses.
cfgNicEnable (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
iDRAC Property Database Group and Object Definitions 319
Default
0
Description
Enables or disables the iDRAC network interface controller. If the NIC is
disabled, the remote network interfaces to the iDRAC will no longer be
accessible, and the iDRAC will only be available through the local RACADM
interface.
cfgNicIpAddress (Read/Write)
NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set
to 0 (FALSE).
Legal Values
A string representing a valid IP address. For example: 192.168.0.20.
Default
192.168.0.n
where n is 120 plus the server slot number.
Description
Specifies the static IP address to assign to the RAC. This property is only valid
if cfgNicUseDhcp is set to 0 (FALSE).
cfgNicNetmask (Read/Write)
NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set
to 0 (FALSE).
Legal Values
A string representing a valid subnet mask. For example: 255.255.255.0.
Default
255.255.255.0
320 iDRAC Property Database Group and Object Definitions
Description
The subnet mask used for static assignment of the iDRAC IP address. This
property is only valid if cfgNicUseDhcp is set to 0 (FALSE).
cfgNicGateway (Read/Write)
NOTE: This parameter is only configurable if the cfgNicUseDhcp parameter is set
to 0 (FALSE).
Legal Values
A string representing a valid gateway IP address. For example: 192.168.0.1.
Default
192.168.0.1
Description
The gateway IP address used for static assignment of the RAC IP address.
This property is only valid if cfgNicUseDhcp is set to 0 (FALSE).
cfgNicUseDhcp (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Specifies whether DHCP is used to assign the iDRAC IP address. If this
property is set to 1 (TRUE), then the iDRAC IP address, subnet mask, and
gateway are assigned from the DHCP server on the network. If this property is
set to 0 (FALSE), the static IP address, subnet mask, and gateway is assigned
from the cfgNicIpAddress, cfgNicNetmask, and cfgNicGateway properties.
iDRAC Property Database Group and Object Definitions 321
cfgNicMacAddress (Read Only)
Legal Values
A string representing the RAC NIC MAC address.
Default
The current MAC address of the iDRAC NIC. For example,
00:12:67:52:51:A3.
Description
The iDRAC NIC MAC address.
cfgNicVLanEnable (Read/Write)
NOTE: The VLAN settings can be configured through the CMC Web Interface.
iDRAC displays only the current enablement status and you cannot modify the
settings from iDRAC.
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Enables or disables the VLAN capabilities of the iDRAC from the CMC.
cfgNicVLanId (Read/Write)
Legal Values
1-4094
Default
1
322 iDRAC Property Database Group and Object Definitions
Description
Specifies the VLAN ID for the network VLAN configuration in the CMC.
This property is valid only if cfgNicVLanEnable is set to 1 (enabled).
cfgNicVLanPriority (Read/Write)
Legal Values
0 – 7
Default
0
Description
Specifies the VLAN priority for the network VLAN configuration in the
CMC. This property is valid only if cfgNicVLanEnable is set to 1 (enabled).
cfgUserAdmin
This group provides configuration information about the users who are
allowed to access the RAC through the available remote interfaces.
Up to 16 instances of the user group are allowed. Each instance represents the
configuration for an individual user.
cfgUserAdminIpmiLanPrivilege (Read/Write)
Legal Values
2 (User)
3 (Operator)
4 (Administrator)
15 (No access)
Default
4 (User 2)
15 (All others)
iDRAC Property Database Group and Object Definitions 323
Description
The maximum privilege on the IPMI LAN channel.
cfgUserAdminPrivilege (Read/Write)
Legal Values
0x00000000 to 0x000001ff
Default
0x00000000
Description
This property specifies the role-based authority privileges allowed for the user.
The value is represented as a bit mask that allows for any combination of
privilege values. Table B-1 describes the user privilege bit values that can be
combined to create bit masks.
Examples
Table B-2 provides sample privilege bit masks for users with one or more
privileges.
Table B-1. Bit Masks for User Privileges
User Privilege Privilege Bit Mask
Login to iDRAC 0x00000001
Configure iDRAC 0x00000002
Configure Users 0x00000004
Clear Logs 0x00000008
Execute Server Control Commands 0x00000010
Access Console Redirection 0x00000020
Access Virtual Media 0x00000040
Test Alerts 0x00000080
Execute Debug Commands 0x00000100
324 iDRAC Property Database Group and Object Definitions
cfgUserAdminUserName (Read/Write)
Legal Values
String. Maximum length = 16.
Default
""
Description
The name of the user for this index. The user index is created by writing a
string into this name field if the index is empty. Writing a string of double
quotes ("") deletes the user at that index. You cannot change the name. You
must delete and then recreate the name. The string must not contain /
(forward slash), \ (backslash), . (period), @ (at symbol) or quotation marks.
NOTE: This property value must be unique among user names.
cfgUserAdminPassword (Write Only)
Legal Values
A string of up to 20 ASCII characters.
Table B-2. Sample Bit Masks for User Privileges
User Privilege(s) Privilege Bit Mask
The user is not allowed to access
the iDRAC.
0x00000000
The user may only login to the
iDRAC and view iDRAC and
server configuration information.
0x00000001
The user may login to the iDRAC
and change configuration.
0x00000001 + 0x00000002 = 0x00000003
The user may login to RAC,
access virtual media, and access
console redirection.
0x00000001 + 0x00000040 + 0x00000080 =
0x000000C1
iDRAC Property Database Group and Object Definitions 325
Default
""
Description
The password for this user. User passwords are encrypted and cannot be seen
or displayed after the property is written.
cfgUserAdminEnable
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Enables or disables an individual user.
cfgUserAdminSolEnable
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Enables or disables Serial Over LAN (SOL) user access.
326 iDRAC Property Database Group and Object Definitions
cfgEmailAlert
This group contains parameters to configure the RAC e-mail alerting
capabilities.
The following subsections describe the objects in this group. Up to four
instances of this group are allowed.
cfgEmailAlertIndex (Read Only)
Legal Values
1–4
Default
This parameter is populated based on the existing instances.
Description
The unique index of an alert instance.
cfgEmailAlertEnable (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Specifies the destination email address for email alerts. For example,
user1@company.com.
cfgEmailAlertAddress
Legal Values
E-mail address format, with a maximum length of 64 ASCII characters.
iDRAC Property Database Group and Object Definitions 327
Default
""
Description
The e-mail address of the alert source.
cfgEmailAlertCustomMsg
Legal Values
String. Maximum Length = 32.
Default
""
Description
Specifies a custom message that is sent with the alert.
cfgSessionManagement
This group contains parameters to configure the number of sessions that can
connect to the iDRAC.
One instance of the group is allowed. The following subsections describe the
objects in this group.
cfgSsnMgtConsRedirMaxSessions (Read/Write)
Legal Values
1 – 2
Default
2
Description
Specifies the maximum number of console redirection sessions allowed on
the iDRAC.
328 iDRAC Property Database Group and Object Definitions
cfgSsnMgtWebserverTimeout (Read/Write)
Legal Values
60 – 1920
Default
300
Description
Defines the web server time-out. This property sets the amount of time in
seconds that a connection is allowed to remain idle (there is no user input).
The session is cancelled if the time limit set by this property is reached.
Changes to this setting do not affect the current session; you must log out
and log in again to make the new settings effective.
An expired web server session logs out the current session.
cfgSsnMgtSshIdleTimeout (Read/Write)
Legal Values
0 (No time-out)
60 – 1920
Default
300
Description
Defines the secure shell idle time-out. This property sets the amount of time
in seconds that a connection is allowed to remain idle (there is no user input).
The session is cancelled if the time limit set by this property is reached.
Changes to this setting do not affect the current session; you must log out
and log in again to make the new settings effective.
An expired secure shell session displays the following error message only after
you press <Enter>:
Warning: Session no longer valid, may have timed out
iDRAC Property Database Group and Object Definitions 329
After the message appears, the system returns you to the shell that generated
the Secure Shell session.
cfgSsnMgtTelnetIdleTimeout (Read/Write)
Legal Values
0 (No timeout)
60 – 1920
Default
300
Description
Defines the telnet idle time-out. This property sets the amount of time in
seconds that a connection is allowed to remain idle (there is no user input).
The session is cancelled if the time limit set by this property is reached.
Changes to this setting do not affect the current session (you must log out
and log in again to make the new settings effective).
An expired telnet session displays the following error message only after you
press <Enter>:
Warning: Session no longer valid, may have timed out
After the message appears, the system returns you to the shell that generated
the telnet session.
cfgSerial
This group contains configuration parameters for the iDRAC services.
One instance of the group is allowed. The following subsections describe the
objects in this group.
cfgSerialSshEnable (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
330 iDRAC Property Database Group and Object Definitions
Default
1
Description
Enables or disables the secure shell (SSH) interface on the iDRAC.
cfgSerialTelnetEnable (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Enables or disables the telnet console interface on the iDRAC.
cfgRacTuning
This group is used to configure various iDRAC configuration properties, such
as valid ports and security port restrictions.
cfgRacTuneHttpPort (Read/Write)
Legal Values
10 – 65535
Default
80
Description
Specifies the port number to use for HTTP network communication with the
RAC.
iDRAC Property Database Group and Object Definitions 331
cfgRacTuneHttpsPort (Read/Write)
Legal Values
10 – 65535
Default
443
Description
Specifies the port number to use for HTTPS network communication with
the iDRAC.
cfgRacTuneIpRangeEnable
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Enables or disables the IP Address Range validation feature of the iDRAC.
cfgRacTuneIpRangeAddr
Legal Values
String, IP address formatted. For example, 192.168.0.44.
Default
192.168.1.1
Description
Specifies the acceptable IP address bit pattern in positions determined by the
1's in the range mask property (cfgRacTuneIpRangeMask).
332 iDRAC Property Database Group and Object Definitions
cfgRacTuneIpRangeMask
Legal Values
Standard IP mask values with left-justified bits
Default
255.255.255.0
Description
String, IP-address formatted. For example, 255.255.255.0.
cfgRacTuneIpBlkEnable
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
Enables or disables the IP address blocking feature of the RAC.
cfgRacTuneIpBlkFailCount
Legal Values
2 – 16
Default
5
Description
The maximum number of login failures to occur within the window
(cfgRacTuneIpBlkFailWindow) before login attempts from the IP address are
rejected.
iDRAC Property Database Group and Object Definitions 333
cfgRacTuneIpBlkFailWindow
Legal Values
10 – 65535
Default
60
Description
Defines the time span in seconds that the failed attempts are counted. When
failure attempts age beyond this limit, they are dropped from the count.
cfgRacTuneIpBlkPenaltyTime
Legal Values
10 – 65535
Default
300
Description
Defines the time span in seconds that session requests from an IP address
with excessive failures are rejected.
cfgRacTuneSshPort (Read/Write)
Legal Values
1 – 65535
Default
22
Description
Specifies the port number used for the iDRAC SSH interface.
334 iDRAC Property Database Group and Object Definitions
cfgRacTuneTelnetPort (Read/Write)
Legal Values
1 – 65535
Default
23
Description
Specifies the port number used for the iDRAC telnet interface.
cfgRacTuneConRedirEncryptEnable (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
Default
1
Description
Encrypts the video in a console redirection session.
cfgRacTuneConRedirPort (Read/Write)
Legal Values
1 – 65535
Default
5900
iDRAC Property Database Group and Object Definitions 335
Description
Specifies the port to be used for keyboard and mouse traffic during console
redirection activity with the iDRAC.
cfgRacTuneConRedirVideoPort (Read/Write)
Legal Values
1 – 65535
Default
5901
Description
Specifies the port to be used for video traffic during console redirection
activity with the iDRAC.
NOTE: This object requires an iDRAC reset before it becomes active.
cfgRacTuneAsrEnable (Read/Write)
Legal Values
0 (FALSE)
1 (TRUE)
Default
0
Description
Enables or disables the iDRAC last crash screen capture feature.
NOTE: This object requires an iDRAC reset before it becomes active.
cfgRacTuneWebserverEnable (Read/Write)
Legal Values
0 (FALSE)
1 (TRUE)
336 iDRAC Property Database Group and Object Definitions
Default
1
Description
Enables and disables the iDRAC web server. If this property is disabled, the
iDRAC will not be accessible using client web browsers. This property has no
effect on the telnet/SSH or local RACADM interfaces.
cfgRacTuneLocalServerVideo (Read/Write)
Legal Values
1 (Enables)
0 (Disables)
Default
1
Description
Enables (switches ON) or disables (switches OFF) the local server video.
cfgRacTuneLocalConfigDisable (Read/Write)
Legal Values
0 (Enables)
1 (Disables)
Default
0
Description
Disables write access to iDRAC configuration data. The default is for access
to be enabled.
NOTE: Access can be disabled using the local RACADM or the iDRAC Web
interface; however, once disabled, access can be re-enabled only through the
iDRAC Web interface.
iDRAC Property Database Group and Object Definitions 337
ifcRacManagedNodeOs
This group contains properties that describe the Managed Server operating
system.
One instance of the group is allowed. The following subsections describe the
objects in this group.
ifcRacMnOsHostname (Read/Write)
Legal Values
String. Maximum Length = 255.
Default
""
Description
The host name of the managed server.
ifcRacMnOsOsName (Read/Write)
Legal Values
String. Maximum Length = 255.
Default
""
Description
The operating system name of the managed server.
cfgRacSecurity
This group is used to configure settings related to the iDRAC SSL certificate
signing request (CSR) feature. The properties in this group must be
configured before generating a CSR from the iDRAC.
See the RACADM sslcsrgen subcommand details for more information on
generating certificate signing requests.
338 iDRAC Property Database Group and Object Definitions
cfgSecCsrCommonName (Read/Write)
Legal Values
String. Maximum Length = 254.
Default
""
Description
Specifies the CSR Common Name (CN).
cfgSecCsrOrganizationName (Read/Write)
Legal Values
String. Maximum Length = 254.
Default
""
Description
Specifies the CSR Organization Name (O).
cfgSecCsrOrganizationUnit (Read/Write)
Legal Values
String. Maximum Length = 254.
Default
""
Description
Specifies the CSR Organization Unit (OU).
iDRAC Property Database Group and Object Definitions 339
cfgSecCsrLocalityName (Read/Write)
Legal Values
String. Maximum Length = 254.
Default
""
Description
Specifies the CSR Locality (L).
cfgSecCsrStateName (Read/Write)
Legal Values
String. Maximum Length = 254.
Default
""
Description
Specifies the CSR State Name (S).
cfgSecCsrCountryCode (Read/Write)
Legal Values
String. Maximum Length = 2.
Default
""
Description
Specifies the CSR Country Code (CC)
340 iDRAC Property Database Group and Object Definitions
cfgSecCsrEmailAddr (Read/Write)
Legal Values
String. Maximum Length = 254.
Default
""
Description
Specifies the CSR Email Address.
cfgSecCsrKeySize (Read/Write)
Legal Values
1024
2048
4096
Default
1024
Description
Specifies the SSL asymmetric key size for the CSR.
cfgRacVirtual
This group contains parameters to configure the iDRAC virtual media
feature. One instance of the group is allowed. The following subsections
describe the objects in this group.
cfgVirMediaAttached (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
iDRAC Property Database Group and Object Definitions 341
Default
1
Description
This object is used to attach virtual devices to the system via the USB bus.
When the devices are attached the server will recognize valid USB mass
storage devices attached to the system. This is equivalent to attaching a local
USB CDROM/floppy drive to a USB port on the system. When the devices
are attached you then can connect to the virtual devices remotely using the
iDRAC Web interface or the CLI. Setting this object to 0 will cause the
devices to detach from the USB bus.
NOTE: You must restart your system to enable all changes.
cfgVirAtapiSrvPort (Read/Write)
Legal Values
1 – 65535
Default
3668
Description
Specifies the port number used for encrypted virtual media connections to
the iDRAC.
cfgVirAtapiSrvPortSsl (Read/Write)
Legal Values
Any unused port number between 0 and 65535 decimal.
Default
3670
Description
Sets the port used for SSL virtual media connections.
342 iDRAC Property Database Group and Object Definitions
cfgVirMediaBootOnce (Read/Write)
Legal Values
1 (Enabled)
0 (Disabled)
Default
0
Description
Enables or disables the virtual media boot-once feature of the iDRAC. If this
property is enabled when the host server is rebooted, this feature will attempt
to boot from the virtual media devices—if the appropriate media is installed
in the device.
cfgFloppyEmulation (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
Description
When set to 0, the virtual floppy drive is recognized as a removable disk by
Windows operating systems. Windows operating systems will assign a drive
letter that is C: or higher during enumeration. When set to 1, the Virtual
Floppy drive will be seen as a floppy drive by Windows operating systems.
Windows operating systems will assign a drive letter of A: or B:.
cfgActiveDirectory
This group contains parameters to configure the iDRAC Active Directory
feature.
iDRAC Property Database Group and Object Definitions 343
cfgADRacDomain (Read/Write)
Legal Values
Any printable text string with no white space. Length is limited to 254
characters.
Default
""
Description
Active Directory Domain in which the DRAC resides.
cfgADRacName (Read/Write)
Legal Values
Any printable text string with no white space. Length is limited to 254
characters.
Default
""
Description
Name of iDRAC as recorded in the Active Directory forest.
cfgADEnable (Read/Write)
Legal Values
1 (TRUE)
0 (FALSE)
Default
0
344 iDRAC Property Database Group and Object Definitions
Description
Enables or disables Active Directory user authentication on the iDRAC. If
this property is disabled, local iDRAC authentication is used for user logins
instead.
cfgADAuthTimeout (Read/Write)
NOTE: To modify this property, you must have Configure iDRAC permission.
Legal Values
15 – 300
Default
120
Description
Specifies the number of seconds to wait for Active Directory authentication
requests to complete before timing out.
cfgADRootDomain (Read/Write)
Legal Values
Any printable text string with no white space. Length is limited to 254
characters.
Default
""
Description
Root domain of the Domain Forest.
cfgADSpecifyServerEnable (Read/Write)
Legal Values
1 or 0 (True or False)
iDRAC Property Database Group and Object Definitions 345
Default
0
Description
1 (True) enables you to specify an LDAP or a Global Catalog server. 0 (False)
disables this option.
cfgADDomainController (Read/Write)
Valid IP address or a fully qualified domain name (FQDN)
Default
No default value
Description
The iDRAC uses the value you specify to search the LDAP server for user
names.
cfgADGlobalCatalog (Read/Write)
Legal Values
Valid IP address or a fully qualified domain name (FQDN)
Default
No default value
Description
iDRAC uses the value you specify to search the Global Catalog server for user
names.
cfgADType (Read/Write)
Legal Values
1 = Enables Active Directory with the extended schema.
2 = Enables Active Directory with the standard schema.
346 iDRAC Property Database Group and Object Definitions
Default
1 = Extended schema
Description
Determines the schema type to use with Active Directory.
cfgStandardSchema
This group contains parameters to configure the Active Directory standard
schema settings.
cfgSSADRoleGroupIndex (Read Only)
Legal Values
Integer from 1 to 5.
Description
Index of the Role Group as recorded in the Active Directory.
cfgSSADRoleGroupName (Read/Write)
Legal Values
Any printable text string with no white space. Length is limited to 254
characters.
Default
(blank)
Description
Name of the Role Group as recorded in the Active Directory forest.
cfgSSADRoleGroupDomain (Read/Write)
Legal Values
Any printable text string with no white space. Length is limited to 254
characters.
iDRAC Property Database Group and Object Definitions 347
Default
(blank)
Description
Active Directory Domain in which the Role Group resides.
cfgSSADRoleGroupPrivilege (Read/Write)
Legal Values
0x00000000 to 0x000001ff
Default
(blank)
Description
Use the bit mask numbers in Table B-3 to set role-based authority privileges
for a Role Group.
cfgIpmiSol
This group is used to configure the Serial Over LAN (SOL) capabilities of the
system.
Table B-3. Bit Masks for Role Group Privileges
Role Group Privilege Bit Mask
Login to iDRAC 0x00000001
Configure iDRAC 0x00000002
Configure Users 0x00000004
Clear Logs 0x00000008
Execute Server Control Commands 0x00000010
Access Console Redirection 0x00000020
Access Virtual Media 0x00000040
Test Alerts 0x00000080
Execute Debug Commands 0x00000100
348 iDRAC Property Database Group and Object Definitions
cfgIpmiSolEnable (Read/Write)
Legal Values
0 (FALSE)
1 (TRUE)
Default
1
Description
Enables or disables SOL.
cfgIpmiSolBaudRate (Read/Write)
Legal Values
19200, 57600, 115200
Default
115200
Description
The baud rate for serial communication over LAN.
cfgIpmiSolMinPrivilege (Read/Write)
Legal Values
2 (User)
3 (Operator)
4 (Administrator)
Default
4
Description
Specifies the minimum privilege level required for SOL access.
iDRAC Property Database Group and Object Definitions 349
cfgIpmiSolAccumulateInterval (Read/Write)
Legal Values
1 – 255.
Default
10
Description
Specifies the typical amount of time that the iDRAC waits before
transmitting a partial SOL character data packet. This value is 1-based 5ms
increments.
cfgIpmiSolSendThreshold (Read/Write)
Legal Values
1 – 255
Default
255
Description
The SOL threshold limit value. Specifies the maximum number of bytes to
buffer before sending an SOL data packet.
cfgIpmiLan
This group is used to configure the IPMI over LAN capabilities of the system.
cfgIpmiLanEnable (Read/Write)
Legal Values
0 (FALSE)
1 (TRUE)
350 iDRAC Property Database Group and Object Definitions
Default
0
Description
Enables or disables the IPMI over LAN interface.
cfgIpmiLanPrivLimit (Read/Write)
Legal Values
2 (User)
3 (Operator)
4 (Administrator)
Default
4
Description
Specifies the maximum privilege level allowed for IPMI over LAN access.
cfgIpmiLanAlertEnable (Read/Write)
Legal Values
0 (FALSE)
1 (TRUE)
Default
0
Description
Enables or disables global e-mail alerting. This property overrides all
individual e-mail alerting enable/disable properties.
iDRAC Property Database Group and Object Definitions 351
cfgIpmiEncryptionKey (Read/Write)
Legal Values
A string of hexadecimal digits from 0 to 20 characters with no spaces.
Default
00000000000000000000
Description
The IPMI encryption key.
cfgIpmiPetCommunityName (Read/Write)
Legal Values
A string up to 18 characters.
Default
public
Description
The SNMP community name for traps.
cfgIpmiPef
This group is used to configure the platform event filters available on the
managed server.
The event filters can be used to control policy related to actions that are
triggered when critical events occur on the managed server.
cfgIpmiPefName (Read Only)
Legal Values
String. Maximum Length = 255.
Default
The name of the index filter.
352 iDRAC Property Database Group and Object Definitions
Description
Specifies the name of the platform event filter.
cfgIpmiPefIndex (Read Only)
Legal Values
1 – 17
Default
The index value of a platform event filter object.
Description
Specifies the index of a specific platform event filter.
cfgIpmiPefAction (Read/Write)
Legal Values
0 (None)
1 (Power Down)
2 (Reset)
3 (Power Cycle)
Default
0
Description
Specifies the action that is performed on the managed server when the alert is
triggered.
cfgIpmiPefEnable (Read/Write)
Legal Values
0 (FALSE)
1 (TRUE)
iDRAC Property Database Group and Object Definitions 353
Default
1
Description
Enables or disables a specific platform event filter.
cfgIpmiPet
This group is used to configure platform event traps on the managed server.
cfgIpmiPetIndex (Read/Write)
Legal Values
1 – 4
Default
The appropriate index value.
Description
Unique identifier for the index corresponding to the trap.
cfgIpmiPetAlertDestIpAddr (Read/Write)
Legal Values
String representing a valid IP address. For example, 192.168.0.67.
Default
0.0.0.0
Description
Specifies the destination IP address for the trap receiver on the network. The
trap receiver receives an SNMP trap when an event is triggered on the
managed server.
354 iDRAC Property Database Group and Object Definitions
cfgIpmiPetAlertEnable (Read/Write)
Legal Values
0 (FALSE)
1 (TRUE)
Default
1
Description
Enables or disables a specific trap.
iDRAC SMCLP Property Database 355
iDRAC SMCLP Property Database
/system1/sp1/account<1-16>
This target provides configuration information about the local users who are
allowed to access the RAC through available remote interfaces. Up to 16
instances of the user group are allowed. Each instance <1-16> represents the
configuration for an individual local user.
userid (Read Only)
Legal values
1-16
Default
Depends on the account instance being accessed.
Description
Specifies the instance ID or the local user ID.
username (Read/Write)
Legal values
String. Maximum length = 16
Default
“”
356 iDRAC SMCLP Property Database
Description
A text string that contains the name of the local user for this account. The
string must not contain a forward slash (/), period (.), at symbol (@), or
quotation marks ("). Deleting the user is done by deleting the account.
(delete account<1-16>).
NOTE: This property value must be unique among usernames.
oemdell_ipmilanprivileges (Read/Write)
Legal Values
2 (User)
3 (Operator)
4 (Administrator)
15 (No access)
Default
4 (User 2)
15 (All others)
Description
The maximum privilege on the IPMI LAN channel.
password (Write Only)
Legal Values
A text string between 4 and 20 characters in length.
Default
“”
Description
Holds the password for this local user. User passwords are encrypted and
cannot be seen or displayed after the property is written.
iDRAC SMCLP Property Database 357
enabledstate (Read/Write)
Legal Values
0 (Disabled)
1 (Enabled)
Default
0
Description
Helps enable or disable an individual user.
solenabled (Read/Write)
Legal Values
0 (Disabled)
1 (Enabled)
Default
0
Description
Enables or disables Serial Over LAN (SOL) user access.
oemdell_extendedprivileges (Read/Write)
Legal Values
0x00000000 to 0x000001ff
Default
0x00000000
358 iDRAC SMCLP Property Database
Description
Specifies the role-based authority privileges allowed for the user. The value is
represented as a bit mask that allows for any combination of privilege values.
Table C-1 describes the user privilege bit values that can be combined to
create bit masks.
Examples
Table C-2 provides sample privilege bit masks for users with one or more
privileges.
Table C-1. Bit Masks for User Privileges
User Privilege Privilege Bit Mask
Login to iDRAC 0x0000001
Configure iDRAC 0x0000002
Configure Users 0x0000004
Clear Logs 0x0000008
Execute Server Control
Commands
0x0000010
Access Console Redirection 0x0000020
Access Virtual Media 0x0000040
Test Alerts 0x0000080
Execute Debug Commands 0x0000100
Table C-2. Sample Bit Masks for User Privileges
User Privilege(s) Privilege Bit Mask
The user is not allowed to access
the iDRAC.
0x00000000
The user may only login to the
iDRAC and view iDRAC and
server configuration information.
0x00000001
The user may login to the iDRAC
and change configuration.
0x00000001 + 0x00000002 =
0x00000003
iDRAC SMCLP Property Database 359
/system1/sp1/enetport1/*
This group contains parameters to configure the iDRAC NIC. One instance
of the group is allowed. All objects in this group require the iDRAC NIC to be
reset, which may cause a brief loss in connectivity. Objects that change the
iDRAC NIC IP address settings close all active user sessions and require users
to reconnect using the updated IP address settings.
macaddress (Read Only)
Legal Values
A string representing the RAC NIC MAC address.
Default
The current MAC address of the iDRAC NIC. For example,
00:12:67:52:51:A3.
Description
Holds the iDRAC NIC MAC address.
/system1/sp1/enetport1/lanendpt1/ipendpt1
oemdell_nicenable (Read/Write)
Legal Values
0 (Disabled)
1 (Enabled)
The user may login to RAC, access
virtual media, and access console
redirection.
0x00000001 + 0x00000040 +
0x00000080 = 0x000000C1
Table C-2. Sample Bit Masks for User Privileges (continued)
User Privilege(s) Privilege Bit Mask
360 iDRAC SMCLP Property Database
Default
0
Description
Enables or disables the iDRAC network interface controller. If the NIC is
disabled, the remote network interfaces to the iDRAC become inaccessible,
rendering the iDRAC available only through the local RACADM interface.
ipaddress (Read/Write)
Legal Values
A string representing a valid IP address. For example: 192.168.0.20.
Default
192.168.0.n (where n is 120 plus the server slot number)
Description
Specifies the static IP address to assign to the RAC. This property is only valid
if oemdell_usedhcp is set to 0 (Disabled).
subnetmask (Read/Write)
Legal Values
A string representing a valid subnet mask. For example: 255.255.255.0.
Default
255.255.255.0
Description
The subnet mask used for static assignment of the iDRAC IP address. This
property is only valid if oemdell_usedhcp is set to 0 (Disabled).
oemdell_usedhcp (Read/Write)
Legal Values
0 (Disabled)
iDRAC SMCLP Property Database 361
1 (Enabled)
Default
0
Description
Specifies whether DHCP is used to assign the iDRAC IP address. If this
property is set to 1 (Enabled), the iDRAC IP address, subnet mask, and
gateway are assigned from the DHCP server on the network. If this property is
set to 0 (Disabled), the static IP address, subnet mask, and gateway gain
values inserted manually by the user.
committed (Read/Write)
Legal Values
0 (Pending commit)
1 (Committed)
Default
1
Description
Enables the user to change the IP address and/or subnet mask without
terminating the current session. If this property is set to 1 (Committed), the
IP address and subnet mask are valid. A change in either the IP address or the
subnet mask automatically converts this property to 0 (Pending commit). For
the network settings to take effect, the property must be set back to 1.
/system1/sp1/enetport1/lanendpt1/ipendpt1/dnse
ndpt1
oemdell_domainnamefromdhcp (Read/Write)
Legal Values
0 (Disabled)
362 iDRAC SMCLP Property Database
1 (Enabled)
Default
0
Description
Specifies that the iDRAC DNS domain name should be assigned from the
network DHCP server.
oemdell_dnsdomainname (Read/Write)
Legal Values
A string of up to 254 ASCII characters. At least one of the characters must be
alphabetic.
Default
“”
Description
Holds the DNS domain name. This parameter is only valid if
oemdell_domainnamefromdhcp is set to 0 (Disabled).
oemdell_dnsregisterrac (Read/Write)
Legal Values
0 (Unregistered)
1 (Registered)
Default
0
Description
Registers the iDRAC name on the DNS server.
iDRAC SMCLP Property Database 363
oemdell_dnsracname (Read/Write)
Legal Values
A string of up to 63 ASCII characters. At least one character must be
alphabetic.
NOTE: Some DNS servers only register names of up to 31 characters.
Default
rac-service tag
Description
Displays the RAC name, which is the RAC service tag by default. This
parameter is only valid if oemdell_dnsregisterrac is set to 1 (Registered).
oemdell_serversfromdhcp (Read/Write)
Legal Values
0 (Disabled)
1 (Enabled)
Default
0
Description
Specifies that the DNS server IP addresses should be assigned from the
DHCP server on the network.
/system1/sp1/enetport1/lanendpt1/ipendpt1/dnse
ndpt1/remotesap1
dnsserveraddress (Read/Write)
Legal Values
A string representing a valid IP address. For example: 192.168.0.20.
364 iDRAC SMCLP Property Database
Default
0.0.0.0
Description
Specifies the IP address for DNS Server 1. This property is only valid if
oemdell_serversfromdhcp is set to 0 (Disabled).
/system1/sp1/enetport1/lanendpt1/ipendpt1/dnse
ndpt1/remotesap2
dnsserveraddress (Read/Write)
Legal Values
A string representing a valid IP address. For example: 192.168.0.20.
Default
0.0.0.0
Description
Specifies the IP address for DNS Server 2. This property is only valid if
oemdell_serversfromdhcp is set to 0 (Disabled).
/system1/sp1/enetport1/lanendpt1/ipendpt1/remot
esap1
defaultgatewayaddress (Read/Write)
Legal Values
A string representing a valid gateway IP address. For example: 192.168.0.1.
Default
192.168.0.1
iDRAC SMCLP Property Database 365
Description
The gateway IP address used for static assignment of the RAC IP address.
This property is only valid if oemdell_usedhcp is set to 0 (Disabled).
/system1/sp1/group<1-5>
These groups contain parameters to configure the Active Directory standard
schema settings.
oemdell_groupname (Read/Write)
Legal Values
Any printable text string up to 254 characters with no blank spaces.
Default
“”
Description
Holds the name of the Role Group as recorded in the Active Directory forest.
oemdell_groupdomain (Read/Write)
Legal Values
Any printable text string up to 254 characters with no blank spaces.
Default
“”
Description
Holds the Active Directory domain in which the Role Group resides.
oemdell_groupprivilege (Read/Write)
Legal Values
0x00000000 to 0x000001ff
366 iDRAC SMCLP Property Database
Default
“”
Description
Use the bit mask numbers in Table B-3 to set role-based authority privileges
for a Role Group.
/system1/sp1/oemdell_adservice1
This group contains parameters to configure the iDRAC Active Directory
feature.
enabledstate (Read/Write)
Legal Values
0 (Disabled)
1 (Enabled)
Default
0
Table C-3. Bit Masks for Role Group Privileges
Role Group Privilege Bit Mask
Login to iDRAC 0x00000001
Configure iDRAC 0x00000002
Configure Users 0x00000004
Clear Logs 0x00000008
Execute Server Control
Commands
0x00000010
Access Console Redirection 0x00000020
Access Virtual Media 0x00000040
Test Alerts 0x00000080
Execute Debug Commands 0x00000100
iDRAC SMCLP Property Database 367
Description
Enables or disables Active Directory user authentication on the iDRAC. If
this property is disabled, only local iDRAC authentication is used for user
logins.
oemdell_adracname (Read/Write)
Legal Values
Any printable text string up to 254 characters with no blank spaces.
Default
""
Description
Name of iDRAC as recorded in the Active Directory forest.
oemdell_adracdomain (Read/Write)
Legal Values
Any printable text string up to 254 characters with no blank spaces.
Default
""
Description
The Active Directory Domain in which the iDRAC resides.
oemdell_adrootdomain (Read/Write)
Legal Values
Any printable text string up to 254 characters with no blank spaces.
Default
""
368 iDRAC SMCLP Property Database
Description
The root domain of the Domain Forest.
oemdell_timeout (Read/Write)
Legal Values
15 – 300
Default
120
Description
Specifies the number of seconds to wait for Active Directory authentication
requests to complete before timing out.
oemdell_schematype (Read/Write)
Legal Values
1 (Extended schema)
2 (Standard schema)
Default
1
Description
Determines the schema type to use with Active Directory.
oemdell_adspecifyserverenable (Read/Write)
Legal Values
0 (Disabled)
1 (Enabled)
Default
0
iDRAC SMCLP Property Database 369
Description
Enables the user to specify an LDAP or a Global Catalog server.
oemdell_addomaincontroller (Read/Write)
Legal Values
A valid IP address or a fully qualified domain name (FQDN).
Default
“”
Description
Value specified by the user that the iDRAC uses to search the LDAP server for
usernames.
oemdell_adglobalcatalog (Read/Write)
Legal Values
A valid IP address or an FQDN.
Default
No default value
Description
Value specified by the user that the iDRAC uses to search the Global Catalog
server for usernames.
/system1/sp1/oemdell_racsecurity1
This group is used to configure settings related to the iDRAC SSL certificate
signing request (CSR) feature. All of the properties in this group must be
configured before generating a CSR from the iDRAC.
370 iDRAC SMCLP Property Database
commonname (Read/Write)
Legal Values
A string of up to 254 characters.
Default
""
Description
Specifies the CSR Common Name.
organizationname (Read/Write)
Legal Values
A string of up to 254 characters.
Default
""
Description
Specifies the CSR Organization Name.
oemdell_organizationunit (Read/Write)
Legal Values
A string of up to 254 characters.
Default
""
Description
Specifies the CSR Organization Unit.
iDRAC SMCLP Property Database 371
oemdell_localityname (Read/Write)
Legal Values
A string of up to 254 characters.
Default
""
Description
Specifies the CSR Locality.
oemdell_statename (Read/Write)
Legal Values
A string of up to 254 characters.
Default
""
Description
Specifies the CSR State Name.
oemdell_countrycode (Read/Write)
Legal Values
A string of up to 2 characters.
Default
""
Description
Specifies the CSR Country Code.
372 iDRAC SMCLP Property Database
oemdell_emailaddress (Read/Write)
Legal Values
A string of up to 254 characters.
Default
""
Description
Specifies the CSR Email Address.
oemdell_keysize (Read/Write)
Legal Values
1024
2048
4096
Default
1024
Description
Specifies the SSL asymmetric key size for the CSR.
/system1/sp1/oemdell_ssl1
Contains parameters necessary to generate Certificate Signing Requests
(CSRs) and view certificates.
generate (Read/Write)
Legal Values
0 (Do not generate)
1 (Generate)
iDRAC SMCLP Property Database 373
Default
0
Description
Generates a CSR when set to 1. Set the properties in the
oemdell_racsecurity1 target before generating a CSR.
oemdell_status (Read Only)
Legal values
CSR not found
CSR generated
Default
CSR not found
Description
Shows the status of the previous generate command issued, if any, during the
current session.
oemdell_certtype (Read / Write)
Legal values
SSL
AD
CSR
Default
SSL
Description
Specifies the type of certificate to be viewed (AD or SSL) and helps generate
a CSR with the help of the generate property.
374 iDRAC SMCLP Property Database
/system1/sp1/oemdell_vmservice1
This group contains parameters to configure the iDRAC virtual media
feature.
enabledstate (Read/Write)
Legal Values
VMEDIA_DETACH
VMEDIA_ATTACH
VMEDIA_AUTO_ATTACH
Default
VMEDIA_ATTACH
Description
Used to attach virtual devices to the system via the USB bus, allowing the
server to recognize valid USB mass storage devices attached to the system.
This is equivalent to attaching a local USB CDROM/floppy drive to a USB
port on the system. When the devices are attached, you then can connect to
the virtual devices remotely using the iDRAC Web interface or the CLI.
Setting this property to 0 causes the devices to detach from the USB bus.
oemdell_singleboot (Read/Write)
Legal Values
0 (Disabled)
1 (Enabled)
Default
0
Description
Enables or disables the virtual media boot-once feature of the iDRAC. If this
property is enabled when the host server is rebooted, the server attempts to
boot from the virtual media devices.
iDRAC SMCLP Property Database 375
oemdell_floppyemulation (Read/Write)
Legal Values
0 (Disabled)
1 (Enabled)
Default
0
Description
When set to 0, the virtual floppy drive is recognized as a removable disk by
Windows operating systems. Windows operating systems will assign a drive
letter that is C: or higher during enumeration. When set to 1, the Virtual
Floppy drive will be seen as a floppy drive by Windows operating systems.
Windows operating systems will assign a drive letter of A: or B:
/system1/sp1/oemdell_vmservice1/tcpendpt1
portnumber (Read/Write)
Legal Values
1 – 65535
Default
3668
Description
Specifies the port number used for encrypted virtual media connections to
the iDRAC.
oemdell_sslenabled (Read Only)
Legal Value
FALSE
376 iDRAC SMCLP Property Database
Default
FALSE
Description
Indicates that the port has SSL disabled.
portnumber (Read/Write)
Legal Values
1 – 65535
Default
3670
Description
Specifies the port number used for encrypted virtual media connections to
the iDRAC.
oemdell_sslenabled (Read Only)
Legal Value
TRUE
Default
TRUE
Description
Indicates that the port has SSL enabled.
RACADM and SM-CLP Equivalencies 377
RACADM and SM-CLP
Equivalencies
Table D-1 lists the RACADM groups and objects and, where they exist, SM-
SLP equivalent locations in the SM-CLP MAP.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies
RACADM Groups/Objects SM-CLP Description
idRacInfo
idRacName String of up to 15 ASCII
characters. Default:
iDRAC.
idRacProductInfo String of up to 63 ASCII
characters. Default:
Integrated Dell Remote
Access Controller.
idRacDescriptionInfo String of up to 255
ASCII characters.
Default: This system
component provides a
complete set of remote
management functions
for Dell PowerEdge
servers
idRacVersionInfo String of up to 63 ASCII
characters. Default: 1
idRacBuildInfo String of up to 16 ASCII
characters.
idRacType Default: 8
cfgActiveDirectory /system1/sp1/
oemdell_adservice1
378 RACADM and SM-CLP Equivalencies
cfgADEnable enablestate 0 to disable, 1 to enable.
Default: 0
cfgADRacName oemdell_adracname String of up to 254
characters.
cfgADRacDomain oemdell_adracdomain String of up to 254
characters.
cfgADRootDomain oemdell_adrootdomain String of up to 254
characters.
cfgADAuthTimeout oemdell_timeout 15 to 300 seconds.
Default: 120
cfgADType oemdell_schematype 1 for standard schema, 2
for extended schema.
Default: 1
cfgADSpecifyServerEnable oemdell_adspecifyserverenable When enabled, specifies
an LDAP or a Global
Catalog server.
0 to disable, 1 to enable.
Default: 0
cfgADDomainController oemdell_addomaincontroller DNS name or the IP
address of the Domain
Controller used in the
LDAP search.
cfgADGlobalCatalog oemdell_adglobalcatalog DNS name or the IP
address of the global
catalog server used in the
LDAP search.
cfgStandardSchema
cfgSSADRoleGroupIndex /system1/sp1/group1 through
/system1/sp1/group5
RACADM — group
index ID (1-5).
SM-CLP — selected
with address path.
cfgSSADRoleGroupName oemdell_groupname String of up to 254
characters.
cfgSSADRoleGroupDomain oemdell_groupdomain String of up to 254
characters.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
RACADM and SM-CLP Equivalencies 379
cfgSSADRoleGroupPrivilege oemdell_groupprivilege Bit mask with values
between 0x00000000
and 0x000001ff.
cfgLanNetworking /system1/sp1/enetport1
cfgNicMacAddress macaddress The MAC address of the
interface. Not editable.
/system1/sp1/enetport1/
lanendpt1/ipendpt1
cfgNicEnable oemdell_nicenable 0 to disable NIC, 1 to
enable NIC. Default: 0
cfgNicUseDHCP oemdell_usedhcp 0 to configure static
network addresses, 1 to
use DHCP. Default: 0
cfgNicIpAddress ipaddress The iDRAC IP address.
Default: 192.168.0.120
plus the server slot
number.
cfgNicNetmask subnetmask Subnet mask for the
iDRAC network.
Default: 255.255.255.0
committed When group values
change, committed is set
to 0 to indicate that the
new values have not
been saved. Set the value
to 1 to save the new
configuration. Default: 1
/system1/sp1/enetport1/lanendpt1/
ipendpt1/dnsendpt1
cfgDNSDomainName oemdell_dnsdomainname String of up to 250
ASCII characters. At
least one character must
be alphabetic.
cfgDNSDomainNameFromDHCP oemdell_domainnamefromdhcp Set to 1 to get domain
name from DHCP.
Default: 0
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
380 RACADM and SM-CLP Equivalencies
cfgDNSRacName oemdell_dnsracname String of up to 63 ASCII
characters. At least one
character must be
alphabetic. Default:
iDRAC- plus the Dell
service tag.
cfgDNSRegisterRac oemdell_dnsregisterrac Set to 1 to register
iDRAC name in DNS.
Default: 0
cfgDNSServersFromDHCP oemdell_dnsserversfromdhcp Set to 1 to get DNS
server addresses from
DHCP. Default: 0
/system1/sp1/enetport1/lanendpt1
/ipendpt1/dnsendpt1/remotesap1
cfgDNSServer1 dnsserveraddresses1 A string representing the
IP address of a DNS
Server.
/system1/sp1/enetport1/lanendpt1/
ipendpt1/dnsendpt1/remotesap2
cfgDNSServer2 dnsserveraddresses2 A string representing the
IP address of a DNS
Server.
/system1/sp1/enetport1/lanendpt1/
ipendpt1/remotesap1
cfgNicGateway defaultgatewayaddress A string representing the
IP address of the default
gateway. Default:
192.168.0.1
cfgRacVirtual /system1/sp1/oemdell_vmservice1
cfgFloppyEmulation oemdell_floppyemulation Set to 1 to enable floppy
disk emulation.
Default: 0
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
RACADM and SM-CLP Equivalencies 381
cfgVirMediaAttached enabledstate Set to 1 (RACADM)/
VMEDIA_ATTACH
(SM-CLP) to attach
media. Default: 1
(RACADM)/
VMEDIA_ATTACH
(SM-CLP)
cfgVirMediaBootOnce oemdell_singleboot Set to 1 to perform next
boot from selected
media. Default 0.
/system1/sp1/oemdell_vmservice1/
tcpendpt1
oemdell_sslenabled Set to 1 if SSL is enabled
for first virtual media
device, 0 if not. Not
editable.
cfgVirAtapiSvrPort portnumber Port to use for first
virtual media device.
Default: 3668
/system1/sp1/oemdell_vmservice1/
tcpendpt2
oemdell_sslenabled Set to 1 if SSL is enabled
for second virtual media
device, 0 if not. Not
editable.
cfgVirAtapiSvrPortSsl portnumber Port to use for second
virtual media device.
Default: 3670
cfgUserAdmin /system1/sp1/account1 through
/system1/sp1/account16
cfgUserAdminEnable enabledstate Set to 1 to enable user.
Default: 0
cfgUserAdminIndex userid User index, from 1 to 16.
cfgUserAdminIpmiLanPrivilege oemdell_ipmilanprivileges 2 (user), 3 (operator), 4
(administrator), or 15
(No access). Default: 4
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
382 RACADM and SM-CLP Equivalencies
cfgUserAdminPassword password A string of up to 20
ASCII characters.
cfgUserAdminPrivilege oemdell_extendedprivileges Bit mask value between
0x00000000 and
0x000001ff. Default:
0x00000000
cfgUserAdminSolEnable solenabled Set to 1 to allow user to
use Serial over LAN.
Default: 0
cfgUserAdminUserName username String of up to 16
characters.
cfgEmailAlert
cfgEmailAlertAddress E-mail destination
address, up to 64
characters.
cfgEmailAlertCustomMsg Message to send in
e-mail, up to 32
characters.
cfgEmailAlertEnable Set to 1 to enable the
e-mail alert. Default: 0
cfgEmailAlertIndex Index of the e-mail alert
instance. Number from 1
to 4.
cfgSessionManagement
cfgSsnMgtConsRedirMaxSessions Number of concurrent
console redirection
sessions allowed (1 or 2).
Default: 2
cfgSsnMgtSshIdleTimeout Number of seconds idle
before a SSH session
times out. 0 to disable
timeout or
60-1920 seconds.
Default: 300
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
RACADM and SM-CLP Equivalencies 383
cfgSsnMgtTelnetIdleTimeout Number of seconds idle
before a telnet session
times out. 0 to disable
timeout or
60-1920 seconds.
Default: 300
cfgSsnMgtWebserverTimeout Number of seconds idle
before a Web interface
session times out.
60-1920 seconds.
Default: 300
cfgRacTuning
cfgRacTuneConRedirEnable Set to 1 to enable
console redirection, 0 to
disable. Default:1
cfgRacTuneConRedirEncrypt
Enable
Set to 1 to enable
encryption of console
redirection network
traffic, 0 to disable.
Default: 1
cfgRacTuneConRedirPort Port to use for console
redirection.
Default: 5900
cfgRacTuneConRedirVideoPort Port to use for console
video redirection.
Default: 5901
cfgRacTuneHttpPort Port to use for Web
interface HTTP.
Default: 80
cfgRacTuneHttpsPort Port to use for secure
Web interface HTTPS.
Default: 443
cfgRacTuneIpBlkEnable Set to 1 to enable IP
blocking. Default: 0
cfgRacTuneIPBlkFailCount Number of failed login
attempts to count before
blocking IP (2 to 16).
Default: 5
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
384 RACADM and SM-CLP Equivalencies
cfgRacTuneIpBlkFailWindow Time span in seconds
during which to count
failed login attempts (10
to 65535). Default: 60
cfgRacTuneIpBlkPenaltyTime Time span in seconds
that a blocked IP
remains blocked (10 to
65535). Default: 300
cfgRacTuneIpRangeAddr Base IP address for IP
range filter. Default:
192.168.0.1
cfgRacTuneIpRangeEnable Set to 1 to allow IP range
filtering. Default: 0
cfgRacTuneIpRangeMask Bit mask applied to the
base address to select
valid IP addresses.
Default: 255.255.255.0
cfgRacTuneLocalServerVideo Set to 1 to enable local
iKVM console.
Default: 1
cfgRacTuneSshPort Port to use for the SSH
service. Default: 22
cfgRacTuneTelnetPort Port to use for the telnet
service. Default: 23
cfgRacTuneWebserverEnable Set to 1 to enable the
iDRAC Web interface.
Default: 1
ifcRacManagedNodeOS
ifcRacMnOsHostname Host name of the
managed server. String of
up to 255 characters.
ifcRacMnOsOsName Name of the managed
server operating system.
A string of up to 255
characters.
cfgRacSecurity /system1/sp1/oemdell_racsecurity1
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
RACADM and SM-CLP Equivalencies 385
cfgRacSecCsrCommonName commonname Active Directory
common name. String of
up to 254 characters.
cfgRacSecCsrCountryCode oemdell_countrycode Active Directory country
code. 2 characters.
cfgRacSecCsrEmailAddr oemdell_emailaddress E-mail address to use for
Certificate Signing
Request. String of up to
254 characters.
cfgRacSecCsrKeySize oemdell_keysize Length of encryption key
(512, 1024, or 2048).
Default: 1024.
cfgRacSecCsrLocalityName oemdell_localityname Active Directory locality
name. String of up to
254 characters.
cfgRacSecCsrOrganizationName organizationname Active Directory
organization name.
String of up to 254
characters.
cfgRacSecCsrOrganizationUnit oemdell_organizationunit Active Directory
organization unit name.
String of up to 254
characters.
cfgRacSecCsrStateName oemdell_statename Activity Directory state
name. String of up to
254 characters.
cfgIpmiSol
cfgIpmiSolAccumulateInterval Maximum number of
milliseconds to wait
before sending a partial
Serial over LAN packet
(1 to 255). Default: 10
cfgIpmiSolBaudRate Baud rate to use for
Serial over LAN (19200,
57600, 115200).
Default: 115200
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
386 RACADM and SM-CLP Equivalencies
cfgIpmiSolEnable Set to 1 to enable Serial
over LAN feature.
Default: 0
cfgIpmiSolSendThreshold Maximum number of
characters to collect
before sending SOL data
(1 to 255). Default: 255
cfgIpmiSolMinPrivilege Minimum privilege
required to use SOL. 2
(user), 3 (operator), or 4
(administrator).
Default: 4
cfgIpmiLan
cfgIpmiEncryptionKey A string of 0 to 40
hexadecimal digits.
Default:
00000000000000000000
00000000000000000000
cfgIpmiLanAlertEnable Set to 1 to enable IPMI
LAN alerts. Default: 0
cfgIpmiLanEnable Set to 1 to enable the
IPMI over LAN
interface. Default: 0
cfgIpmiPetCommunityName A string of up to 18
characters.
Default: public
cfgIpmiPef
cfgIpmiPefAction The action to take when
event is detected. 0
(none), 1 (power down),
2 (reset), 3 (power cycle).
Default: 0
cfgIpmiPefEnable Set to 1 to enable
platform event filtering.
Default: 0
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
RACADM and SM-CLP Equivalencies 387
cfgIpmiPefIndex The index number of the
platform event filter.
(1 - 17)
cfgIpmiPefName The name of the
platform event, a string
of up to 254 characters.
Not editable.
cfgIpmiPet
cfgIpmiPetAlertDestIpAddr IP address of the
platform event trap
receiver. Default: 0.0.0.0
cfgIpmiPetAlertEnable Set to 1 to enable the
platform event trap.
Default: 1
cfgIpmiPetIndex Index number (1-4) of
the platform event trap.
Table D-2. RACADM Subcommands and SM-CLP Equivalencies
RACADM Subcommand SM-CLP Description
sslcsrgen -g set /system1/sp1/oemdell_ssl1
oemdell_certtype=CSR
set /system1/sp1/oemdell_ssl1
generate=1
dump -destination <iDRAC-
CertificateSigningRequest-
TFTP-URI>
/system1/sp1/oemdell_ssl1
Generates and
downloads an SSL
Certificate Signing
Request (CSR).
sslcsrgen -s show /system1/sp1/oemdell_ssl1
oemdell_status
Returns the status of a
CSR generation process.
sslcertupload -t 1 set /system1/sp1/oemdell_ssl1
oemdell_certtype=SSL
load -source <iDRAC-server-
certificate-TFTP-URI>
/system1/sp1/oemdell_ssl1
Uploads the iDRAC
Server Certificate onto
the iDRAC.
Table D-1. RACADM Groups/Objects and SM-CLP Equivalencies (continued)
RACADM Groups/Objects SM-CLP Description
388 RACADM and SM-CLP Equivalencies
sslcertupload -t 2 set /system1/sp1/oemdell_ssl1
oemdell_certtype=AD
load -source <ActiveDirectory-
certificate-TFTP-URI>
/system1/sp1/oemdell_ssl1
Uploads the Active
Directory Certificate
onto the iDRAC.
sslcertdownload -t 1 set /system1/sp1/oemdell_ssl1
oemdell_certtype=SSL
load -source <iDRAC-server-
certificate-TFTP-URI>
/system1/sp1/oemdell_ssl1
Downloads the iDRAC
Sever Certificate from
the iDRAC.
sslcertdownload -t 2 set /system1/sp1/oemdell_ssl1
oemdell_certtype=AD
load -source <ActiveDirectory-
certificate-TFTP-URI>
/system1/sp1/oemdell_ssl1
Downloads the Active
Directory Certificate
from the iDRAC.
Table D-2. RACADM Subcommands and SM-CLP Equivalencies (continued)
RACADM Subcommand SM-CLP Description
Glossary 389
Glossary
Active Directory
Active Directory is a centralized and standardized system that automates network
management of user data, security, and distributed resources, and enables
interoperation with other directories. Active Directory is designed especially for
distributed networking environments.
AGP
Abbreviation for accelerated graphics port, which is a bus specification that allows
graphics cards faster access to main system memory.
ARP
Acronym for Address Resolution Protocol, which is a method for finding a host’s
Ethernet address from its Internet address.
ASCII
Acronym for American Standard Code for Information Interchange, which is a
code representation used for displaying or printing letters, numbers, and other
characters.
BIOS
Acronym for basic input/output system, which is the part of system software that
provides the lowest-level interface to peripheral devices and which controls the
first stage of the system boot process, including installation of the operating
system into memory.
CMC
Abbreviation for Chassis Management Controller.
bus
A set of conductors connecting the various functional units in a computer. Busses
are named by the type of data they carry, such as data bus, address bus, or PCI bus.
390 Glossary
CA
A certificate authority is a business entity that is recognized in the IT industry for
meeting high standards of reliable screening, identification, and other important
security criteria. Examples of CAs include Thawte and VeriSign. After the CA
receives your CSR, they review and verify the information the CSR contains. If
the applicant meets the CA’s security standards, the CA issues a certificate to the
applicant that uniquely identifies that applicant for transactions over networks
and on the Internet.
CD
Abbreviation for compact disc.
CHAP
Acronym for Challenge-Handshake Authentication Protocol, which is an
authentication method used by PPP servers to validate the identity of the
originator of the connection.
CIM
Acronym for Common Information Model, which is a protocol designed for
managing systems on a network.
CLI
Abbreviation for command-line interface.
CLP
Abbreviation for command-line protocol.
console redirection
Console redirection is a function that directs a managed server’s display screen,
mouse functions, and keyboard functions to the corresponding devices on a
management station. You may then use the management station’s system console
to control the managed server.
CSR
Abbreviation for Certificate Signing Request.
DHCP
Abbreviation for Dynamic Host Configuration Protocol, which is a protocol that
provides a means to dynamically allocate IP addresses to computers on a local
area network.
Glossary 391
DLL
Abbreviation for Dynamic Link Library, which is a library of small programs, any
of which can be called when needed by a larger program that is running in the
system. The small program that lets the larger program communicate with a
specific device such as a printer or scanner is often packaged as a DLL program
(or file).
DDNS
Abbreviation for Dynamic Domain Name System.
DMTF
Abbreviation for Distributed Management Task Force.
DNS
Abbreviation for Domain Name System.
DRAC 5
Abbreviation for Dell Remote Access Controller 5.
DSU
Abbreviation for disk storage unit.
Extended Schema
A solution used with Active Directory to determine user access to iDRAC; uses
Dell-defined Active Directory objects
.
FQDN
Acronym for Fully Qualified Domain Names. Microsoft
®
Active Directory
®
only
supports FQDN of 64 bytes or fewer.
FSMO
Flexible Single Master Operation. It is Microsoft’s way of guaranteeing atomicity
of the extension operation.
GMT
Abbreviation for Greenwich Mean Time, which is the standard time common to
every place in the world. GMT nominally reflects the mean solar time along the
prime meridian (0 longitude) that runs through the Greenwich Observatory
outside of London, UK.
392 Glossary
GPIO
Abbreviation for general purpose input/output.
GRUB
Acronym for GRand Unified Bootloader, a new and commonly-used Linux loader.
GUI
Abbreviation for graphical user interface, which refers to a computer display
interface that uses elements such as windows, dialog boxes, and buttons as
opposed to a command prompt interface, in which all user interaction is displayed
and typed in text.
hardware log
Records events generated by the iDRAC and the CMC.
iAMT
Intel
®
Active Management Technology — Delivers more secure systems
management capabilities whether or not the computer is powered up or turned
off, or the operating system is not responding.
ICMB
Abbreviation for Intelligent enclosure Management Bus.
ICMP
Abbreviation for Internet control message protocol.
ID
Abbreviation for identifier, commonly used when referring to a user identifier
(user ID) or object identifier (object ID).
iDRAC
Acronym for integrated Dell Remote Access Controller, the integrated System-
on-Chip monitor/control system for the Dell 10G PowerEdge servers.
IP
Abbreviation for Internet Protocol, which is the network layer for TCP/IP. IP
provides packet routing, fragmentation, and reassembly.
IPMB
Abbreviation for intelligent platform management bus, which is a bus used in
systems management technology.
Glossary 393
IPMI
Abbreviation for Intelligent Platform Management Interface, which is a part of
systems management technology.
IPMItool
A utility for managing and configuring devices that support IPMI version 1.5 and
version 2.0.
Kbps
Abbreviation for kilobits per second, which is a data transfer rate.
LAN
Abbreviation for local area network.
LDAP
Abbreviation for Lightweight Directory Access Protocol.
LED
Abbreviation for light-emitting diode.
LOM
Abbreviation for Local area network On Motherboard.
MAC
Acronym for media access control, which is a network sublayer between a network
node and the network physical layer.
MAC address
Acronym for media access control address, which is a unique address embedded
in the physical components of a NIC.
managed server
The managed server is the system in which the iDRAC is embedded.
management station
The management station is a system that remotely accesses the iDRAC.
MAP
Abbreviation for Manageability Access Point.
394 Glossary
Mbps
Abbreviation for megabits per second, which is a data transfer rate.
MIB
Abbreviation for management information base.
MII
Abbreviation for Media Independent Interface.
NAS
Abbreviation for network attached storage.
NIC
Abbreviation for network interface card. An adapter circuit board installed in a
computer to provide a physical connection to a network.
OID
Abbreviation for Object Identifiers.
OpenSSH
An open source utility for using the SSH protocol.
OSCAR
Acronym for On Screen Configuration and Reporting. OSCAR is the menu
displayed by the Avocent iKVM when you press <Print Screen>. It allows you to
select the CMC console or the iDRAC console for a server installed in the CMC.
PCI
Abbreviation for Peripheral Component Interconnect, which is a standard
interface and bus technology for connecting peripherals to a system and for
communicating with those peripherals.
POST
Acronym for power-on self-test, which is a sequence of diagnostic tests that are
run automatically by a system when it is powered on.
PPP
Abbreviation for Point-to-Point Protocol, which is the Internet standard protocol
for transmitting network layer datagrams (such as IP packets) over serial point-
to-point links.
Glossary 395
PuTTY
A terminal emulator application that acts as a client for the SSH, Telnet, rlogin,
and raw TCP computing protocols.
RAM
Acronym for random-access memory. RAM is general-purpose readable and
writable memory on systems and the iDRAC.
RAM disk
A memory-resident program which emulates a hard drive. The iDRAC maintains
a RAM disk in its memory.
RAC
Abbreviation for remote access controller.
ROM
Acronym for read-only memory, which is memory from which data may be read,
but to which data cannot be written.
RPM
Abbreviation for RPM Package Manager, which is a package-management system
for the Red Hat Enterprise Linux
®
operating system that helps installation of
software packages. It is similar to an installation program.
SAC
Acronym for Microsoft’s Special Administration Console.
SAP
Abbreviation for Service Access Point.
SEL
Acronym for system event log.
SM-CLP
The Distributed Management Task Force Server Management-Command Line
Protocol (SM-CLP) incorporated in the iDRAC.
SMI
Abbreviation for systems management interrupt.
396 Glossary
SMTP
Abbreviation for Simple Mail Transfer Protocol, which is a protocol used to
transfer electronic mail between systems, usually over an Ethernet.
SMWG
Abbreviation for Systems Management Working Group.
SNMP trap
A notification (event) generated by the iDRAC or the CMC that contains
information about state changes on the managed server or about potential
hardware problems.
SOL
An IPMI feature that allows a managed server’s text-based console data to be
redirected over the iDRAC’s dedicated Out-of-Band Ethernet management
network.
SOL Proxy
A telnet daemon that allows LAN-based administration of remote systems using
the SOL and IPMI protocols.
SSH
Abbreviation for Secure Shell.
SSL
Abbreviation for secure sockets layer.
Standard Schema
A solution used with Active Directory to determine user access to iDRAC; uses
Active Directory group objects only.
TAP
Abbreviation for Telelocator Alphanumeric Protocol, which is a protocol used for
submitting requests to a pager service.
TCP/IP
Abbreviation for Transmission Control Protocol/Internet Protocol, which
represents the set of standard Ethernet protocols that includes the network layer
and transport layer protocols.
Glossary 397
Telnet
A network protocol use on Internet or local area network connections.
TFTP
Abbreviation for Trivial File Transfer Protocol, which is a simple file transfer
protocol used for downloading boot code to diskless devices or systems.
UPS
Abbreviation for uninterrupted power supply.
USB
Abbreviation for Universal Serial Bus.
UTC
Abbreviation for Universal Coordinated Time.
See
GMT.
VLAN
Abbreviation for Virtual Local Area Network.
VNC
Abbreviation for virtual network computing.
VT-100
Abbreviation for Video Terminal 100, which is used by the most common terminal
emulation programs.
WAN
Abbreviation for wide area network.
398 Glossary
Index 399
Index
A
Active Directory
about the extended
schema, 106-120
about the standard schema, 125
accessing the iDRAC with, 111
adding iDRAC users to, 118
configuring extended schema with
RACADM, 122
configuring extended schema with
SM-CLP, 123
configuring extended schema with
the web interface, 121
configuring standard schema with
RACADM, 129
configuring standard schema with
SM-CLP, 130
configuring standard schema with
the web interface, 127
extended schema classes and
attributes, 113
logging in to the iDRAC with, 134
managing certificates, 92
object overview, 107
users and computers MMC
snap-in, 118
ActiveX
console redirection plug-in, 173
alert management. See PEF
arp command, diagnostics
console, 274
ASR
auto recovery action, 272
auto recovery timer, 68
configuring, 99
Automated System Recovery, See
ASR
B
boot once, enabling, 189
bootable image file
creating, 238
C
Certificate Signing Request. See
CSR
certificates
Active Directory, 92
exporting the root CA
certificate, 132
SSL and digital, 86
uploading a server certificate, 91
viewing a server certificate, 91
Chassis Management Controller.
See CMC
CMC
about, 25
400 Index
configuring iDRAC during
initialization, 36
IP address, locating, 40
web Interface, 34
CMC Web interface
locating the iDRAC IP
address, 278
CMC web interface
configuring iDRAC network
properties, 40
community string, SNMP, 76,
351
configuration file
creating, 216
configuring
task overview, 36-39
configuring multiple iDRACs
with RACADM, 221
console redirection
configuring, 169
opening a session, 172
using, 145, 167
CSR
about, 87
generating, 89
D
Dell object identifiers, 106
diagnostics console, 274
digital signature, verify, 45-48
directory service. See Active
Directory
Distributed Management Task
Force (DMTF), 223
documents you may need, 30
E
e-mail alerts
configuring with RACADM, 210
configuring with the web
interface, 81
extended schema. See Active
Directory
F
Firefox
tab behavior, 73
firewall, opening ports, 29
firmware
recovering with CMC, 102
updating, 42
updating with SM-CLP, 231
updating with the web
interface, 102
frequently asked questions
using console redirection, 179
using the iDRAC with Active
Directory, 135
using Virtual Media, 194
Index 401
G
gettracelog command,
diagnostics console, 275
group permissions
table of, 85
I
iDRAC
creating a configuration file, 216
log, viewing, 270
recovering firmware, 103
resetting to factory defaults, 253
securing communications, 86
system information, 272
updating the firmware, 42
iDRAC configuration utility
about, 247
configuring IPMI, 249
configuring LAN user, 252
configuring network
properties, 249-250
configuring virtual media, 252
starting, 248
iDRAC service ports, 29
ifconfig command, diagnostics
console, 274
iKVM
disabling during console
redirection, 173, 178
displaying OSCAR, 248
finding the iDRAC IP
address, 278
viewing status of the local
console, 180
instrumentation
server, 67
Intelligent Platform
Management Interface. See
IPMI
Internet Explorer
configuring, 54
IP address
CMC, locating, 40
IP blocking
configuring with RACADM, 213
configuring with the web
interface, 77
enabling, 215
IP filtering
configuring with RACADM, 211
configuring with the web
interface, 77
enabling, 212
IPMI
configuring LAN properties, 74
configuring with RACADM, 206
configuring with the iDRAC
configuration utility, 249
configuring with the web
interface, 81
is, 145
iVM-CLI utility
about, 237
deploying the operating
system, 239
402 Index
operating system shell
options, 245
parameters, 242
return codes, 246
syntax, 242
using, 240
ivmdeploy script, 239
J
Java
console redirection plug-in, 60,
173
K
key, verify, 46, 48
L
last crash screen
capturing on the managed
server, 68
viewing, 260
Lightweight Directory Access
Protocol (LDAP). See Active
Directory
local RACADM, 34
localization, browser setup, 58
logs
iDRAC, 270
post codes, 260
See also SEL
server, 67
lost administrative
password, 253
M
Manageability Access Point. See
MAP
managed server
capturing the last crash screen, 68
configuring, 67
management
storage, 67
management station
configuring, 53-60
configuring for console
redirection, 168
installing the software, 64
network requirements, 53
MAP
navigating
Media Redirection wizard, 191
mouse pointer
synchronizing, 178
Mozilla Firefox
disabling whitelist, 59
supported versions, 59
N
netstat command, diagnostics
console, 274
Index 403
network properties
configuring manually, 205
configuring with RACADM, 205
configuring with the CMC web
interface, 40
configuring with the iDRAC
configuration
utility, 249-250
configuring with the Web
interface, 74
O
On Screen Configuration and
Reporting. See OSCAR
OpenSSH, SSH client for
Linux, 62
operating system
installing (manual method), 192
installing (scripted method), 237
OSCAR
displaying, 248
P
password
changing, 84
lost, 253
PEF
configuring with RACADM, 208
configuring with the web
interface, 80
PET
configuring with RACADM, 209
configuring with the web
interface, 79-80, 209
filterable platform events
table, 79
ping command, diagnostics
console, 275
Platform Event Filter. See PEF
Platform Event Trap. See PET
platforms
supported, 28
ports
table of, 29
post codes, viewing, 260
power management
using SM-CLP, 230
using the web interface, 275
property database groups
cfgActiveDirectory, 342
cfgEmailAlert, 326
cfgIpmiLan, 349
cfgIpmiPef, 351
cfgIpmiPet, 353
cfgIpmiSol, 347
cfgLanNetworking, 316
cfgRacSecurity, 337
cfgRacTuning, 330
cfgRacVirtual, 340
cfgSerial, 329
cfgSessionManagement, 327
cfgUserAdmin, 322
idRacInfo, 313
ifcRacManagedNodesOs, 337
404 Index
proxy server, web browser
configuration, 57
public key, verify, 46, 48
PuTTY, Windows SSH client, 62
R
RACADM
configuring Active Directory
extended schema, 122
configuring Active Directory with
standard schema, 129
configuring e-mail alerts, 210
configuring IP blocking, 213
configuring IP filtering, 211
configuring IPMI, 206
configuring multiple
iDRACS, 221
configuring network
properties, 205
configuring PEF, 208
configuring PET, 209
configuring Serial Over LAN, 207
configuring SSH service, 215
configuring telnet service, 215
subcommands, 283
using, 199
RACADM subcommands
clrraclog, 200, 300
clrsel, 200, 302
config, 68, 200, 284
getconfig, 180, 200, 216, 286
getniccfg, 200, 295
getraclog, 200, 299
getractime, 200, 292
getsel, 301
getssninfo, 200, 288
getsvctag, 200, 296
getsysinfo, 200, 290
gettracelog, 201, 302
help, 283
racreset, 201, 296
racresetcfg, 201, 297
serveraction, 201, 298
setniccfg, 201, 293
sslcertdownload, 201, 306
sslcertupload, 201, 305
sslcertview, 201, 307
sslcsrgen, 201, 304
testemail, 201, 309
testtrap, 201, 311
reboot option
disabling, 69
remote access connections
supported, 29
resetting iDRAC to defaults, 253
S
safety, 255
schema extender utility, 112
schema, Active Directory
comparison of extended and
standard, 105
screen resolutions, support, 168
scripts
ivmdeploy, 239
Index 405
LDIF (Active Directory schema
extender), 112
secure shell. See SSH
secure sockets layer. See SSL
security
using SSL and digital
certificates, 86
See RACADM
SEL
managing with SM-CLP, 231
managing with the iDRAC
configuration utility, 253
managing with the web
interface, 259
Serial Over LAN
configuration settings, 147
configuring in iDRAC Web
GUI, 146
configuring with RACADM, 207
configuring with the web
interface, 82
disconnecting in SM-CLP, 151
enabling in BIOS, 145
Linux operating system
configuration, 159
opening with SOL Proxy, 153
operating system
configuration, 159
over IMPItool, 150, 153
over OpenSSH with Linux, 152
over PuTTY, 151
over SSH, 149
over Telnet, 149
over Telnet with Linux, 152
overview, 145
SOL Proxy, 150
Windows 2003 Enterprise
operating system
configuration, 164
server
instrumentation, 67
logs, 67
Server Administrator Home
Page, 67
server certificate
uploading, 91
viewing, 91
server features, integrated
instrumentation, 67
logs, 67
Server Management Command
Line Protocol. See SM-CLP
server storage management, 67
services
configuring with the web
interface, 99
signature, verify, 45-48
Simple Network Management
Protocol. See SNMP
SM-CLP
configuring Active Directory with
extended schema, 123
configuring Active Directory with
standard schema, 130
disconnecting Serial Over
LAN, 151
features, 224
406 Index
navigating the MAP
output formats, 229
power management, 230
syntax, 224
targets, 228
updating iDRAC firmware, 231
using the show verb, 228
SNMP
community string, 76, 351
testing trap alert, 205
SOL Proxy
connecting to the BMC, 156
initiating session, 155
model for, 150
opening SOL with, 153
using HyperTerminal with, 156
using Telnet with, 156
SOL. See Serial Over LAN
SSH
client installation, 61
configuring iDRAC service with
RACADM, 215
configuring service with the web
interface, 99
OpenSSH software for Linux, 62
PuTTY client for Windows, 62
SSL
about, 87
enabling on a domain
controller, 131
importing the firmware
certificate, 133
standard schema. See Active
Directory
System Event Log. See SEL
system health, viewing, 258
system information
iDRAC, 272
main system enclosure, 272
T
telnet
backspace configuration, 62
client installation, 61
configuring iDRAC service with
RACADM, 215
configuring iDRAC service with
the web interface, 99
TFTP server, installing, 64
Trivial File Transfer Protocol, see
TFTP
troubleshooting
indications, 256
trusted domains list, adding
iDRAC, 57
U
Update Packages
verifying the digital
signature, 45-48
USB flash drive emulation
type, 252
users
adding and configuring with the
web interface, 83
Index 407
configuring LAN user with the
iDRAC configuration
utility, 252
utilities
Active Directory users and
computers MMC
snap-in, 118
dd, 238
iDRAC configuration utility, 247
iVM-CLI, 237
schema extender, 112
video viewer, 174
V
verify
digital signature, 45-48
public key, 46, 48
video viewer
using, 174
virtual media
about, 185
booting, 192
command line, 240
configuring with the iDRAC
configuration utility, 252
configuring with the web
interface, 188
installing the operating
system, 192
running, 190
W
web browser
configuring, 54
proxy server configuration, 57
supported browsers, 28
web interface
accessing, 71
browser configuration, 54
configuring Active Directory with
extended schema, 121
configuring Active Directory with
standard schema, 127
configuring ASR service, 99
configuring e-mail alerts, 81
configuring iDRAC services, 99
configuring IP blocking, 77
configuring IP filtering, 77
configuring IPMI LAN
properties, 74, 81
configuring network
properties, 74
configuring PEF, 80
configuring PET, 79-80, 209
configuring SOL, 82
configuring telnet service, 99
configuring the SSH service, 99
configuring the web server
service, 99
logging in, 72
logging out, 72
updating firmware, 102
web server, iDRAC
configuring with the web
interface, 99
408 Index

Navigation menu