manualshive.com logo in svg

Dell IDRAC6, User Manual

The Dell IDRAC6 is a powerful remote access controller that allows users to manage and monitor Dell servers from anywhere. Gain complete control over your server through a convenient interface. Download the user manual for free from manualshive.com and unlock the full potential of this exceptional product.

Share
Download
background image

Enabling Kerberos Authentication

167

Enabling Kerberos Authentication 

Kerberos is a network authentication protocol that allows systems to 
communicate securely over a non-secure network. It achieves this by allowing 
the systems to prove their authenticity. To keep with the higher 
authentication enforcement standards, iDRAC6 now supports Kerberos based 
Active Directory

®

 authentication to support Active Directory Smart Card 

and single sign-on (SSO) logins.

Microsoft

®

 Windows

®

 2000, Windows XP, Windows Server

®

 2003, 

Windows Vista

®

, and Windows Server 2008 use Kerberos as their default 

authentication method. 

iDRAC6 uses Kerberos to support two types of authentication mechanisms—
Active Directory single sign-on and Active Directory Smart Card logins. For 
single-sign on login, iDRAC6 uses the user credentials cached in the 
operating system after the user has logged in using a valid Active Directory 
account.

For Active Directory smart card login, iDRAC6 uses smart card-based two 
factor authentication (TFA) as credentials to enable an Active Directory 
login.

Kerberos authentication on iDRAC6 fails if iDRAC6 time differs from the 
Domain Controller time. A maximum offset of 5 minutes is allowed. To 
enable successful authentication, synchronize the server time with the 
Domain Controller time and then 

reset

 iDRAC6.

You can also use the following RACADM time zone offset command to 
synchronize the time:

racadm config -g cfgRacTuning -o

cfgRacTuneTimeZoneOffset <offset value>

Summary of Contents for IDRAC6

Page 1: ...Integrated Dell Remote Access Controller 6 iDRAC6 Enterprise for Blade Servers Version 2 1 User Guide ...

Page 2: ...es and subject to additional restrictions This work is derived from the University of Michigan LDAP v3 3 distribution This work also contains materials derived from public sources Information about OpenLDAP can be obtained at www openldap org Portions Copyright 1998 2004 Kurt D Zeilenga Portions Copyright 1998 2004 Net Boolean Incorporated Portions Copyright 2001 2004 IBM Corporation All rights re...

Page 3: ...ems 34 Supported Web Browsers 34 Supported Remote Access Connections 34 iDRAC6 Ports 34 Other Documents You May Need 35 2 Configuring iDRAC6 Enterprise 39 Before You Begin 39 Interfaces for Configuring iDRAC6 39 Configuration Tasks 43 Configure the Management Station 43 Configure iDRAC6 Networking 43 Configure iDRAC6 Users 44 Configure Active Directory 44 Configure IP Filtering and IP Blocking 44 ...

Page 4: ...etworking Using the CMC Web Interface 47 Launching iDRAC6 Web Interface From the CMC 47 Configuring Networking for iDRAC6 49 Viewing FlexAddress Mezzanine Card Fabric Connections 50 FlexAddress MAC for iDRAC6 51 Remote Syslog 52 Remote File Share 53 Updating iDRAC6 Firmware 55 Downloading the Firmware or Update Package 55 Executing the Firmware Update 56 Verifying the Digital Signature for Linux D...

Page 5: ... Station Set Up Steps 67 Management Station Network Requirements 67 Configuring a Supported Web Browser 68 Opening Your Web Browser 68 Configuring Your Web Browser to Connect to the Web Interface 68 Adding iDRAC6 to the List of Trusted Domains 71 Viewing Localized Versions of the Web Interface 71 Setting the Locale in Linux 72 Disabling the Whitelist Feature in Firefox 73 Installing iDRAC6 Softwar...

Page 6: ...l OpenManage IT Assistant 79 Installing Dell Management Console 80 4 Configuring the Managed Server 81 Installing the Software on the Managed Server 81 Configuring the Managed Server to Capture the Last Crash Screen 82 Disabling the Windows Automatic Reboot Option 83 5 Configuring iDRAC6 Enterprise Using the Web Interface 85 Accessing the Web Interface 86 Logging In 86 Logging Out 87 Using Multipl...

Page 7: ...tions Using SSL and Digital Certificates 101 Secure Sockets Layer SSL 102 Certificate Signing Request CSR 102 Accessing the SSL Main Menu 103 Generating a New Certificate Signing Request 104 Uploading a Server Certificate 105 Viewing a Server Certificate 106 Configuring and Managing Active Directory Certificates 107 Configuring Active Directory Standard Schema and Extended Schema 108 Viewing an Ac...

Page 8: ...23 Extending the Active Directory Schema 123 Active Directory Schema Extensions 123 Overview of iDRAC6 Schema Extensions 124 Active Directory Object Overview 124 Accumulating Privileges Using Extended Schema 126 Configuring Extended Schema Active Directory to Access iDRAC6 127 Installing the Dell Extension to the Active Directory Users and Computers Snap In 133 Adding iDRAC6 Users and Privileges t...

Page 9: ...Testing Your Configurations 148 Enabling SSL on a Domain Controller 149 Exporting the Domain Controller Root CA Certificate to iDRAC6 149 Importing iDRAC6 Firmware SSL Certificate 150 Using Active Directory to Log In to iDRAC6 151 Using Active Directory Single Sign On 152 Configuring iDRAC6 to Use Single Sign On 152 Logging Into iDRAC6 Using Single Sign On 154 Frequently Asked Questions 154 Active...

Page 10: ...tion Using Smart Card 168 Configuring iDRAC6 for single sign on and Active Directory Authentication Using Smart Card 170 Configuring Active Directory Users for single sign on Logon 170 Logging Into iDRAC6 Using single sign on for Active Directory Users 170 Configuring Active Directory Users for Smart Card Logon 171 iDRAC6 Login Scenarios with TFA and SSO 172 9 Viewing the Configuration and Health ...

Page 11: ...ing 177 CPU 178 POST 178 Misc Health 178 10 Power Monitoring and Power Management 179 Configuring and Managing Power 179 Power Monitoring 180 Viewing Power Monitoring 180 Power Budgeting 182 Viewing Power Budget 183 Power Budget Threshold 183 Power Control 185 Executing Power Control Operations on the Server 185 ...

Page 12: ...e 192 Using SOL over PuTTY 193 Using SOL over Telnet with Linux 193 Using SOL over OpenSSH with Linux 194 Using SOL over IPMItool 194 Opening SOL with SOL proxy 195 Operating System Configuration 200 Linux Enterprise Operating System 200 Windows 2003 Enterprise 205 12 Using GUI Console Redirection 207 Overview 207 Using Console Redirection 207 Supported Screen Resolutions and Refresh Rates 208 Con...

Page 13: ...224 Configuring the vFlash Media Card Using iDRAC6 Web Interface 224 Enabling or Disabling the vFlash Media Card 224 Formatting the vFlash Media Card 225 Uploading Disk Image 225 Viewing the vFlash Key Size 226 Configuring the vFlash Media Card Using RACADM 226 Enabling or Disabling the vFlash Media Card 226 Resetting the vFlash Media Card 227 14 Configuring and Using Virtual Media 229 Overview 22...

Page 14: ... RACADM Subcommands 242 Supported RACADM Interfaces 244 Using local RACADM Commands 246 Using the RACADM Utility to Configure iDRAC6 247 Displaying Current iDRAC6 Settings 247 Managing iDRAC6 Users with RACADM 248 Adding an iDRAC6 User 249 Enabling an iDRAC6 User With Permissions 249 Removing an iDRAC6 User 250 Testing E mail Alerting 250 Testing iDRAC6 SNMP Trap Alert Feature 251 Configuring iDRA...

Page 15: ...4 Configuration File Syntax 265 Modifying iDRAC6 IP Address in a Configuration File 267 Loading the Configuration File Into iDRAC6 268 Configuring Multiple iDRAC6s 268 16 Using iDRAC6 Enterprise SM CLP Command Line Interface 271 System Management With SM CLP 272 iDRAC6 SM CLP Support 272 How to start a SM CLP session 272 SM CLP Features 273 Navigating the MAP Address Space 276 Targets 276 Using th...

Page 16: ...ment Features 283 Supported CIM Profiles 284 18 Deploying Your Operating System Using iVMCLI 287 Before You Begin 287 Remote System Requirements 287 Network Requirements 287 Creating a Bootable Image File 288 Creating an Image File for Linux Systems 288 Creating an Image File for Windows Systems 288 Preparing for Deployment 288 Configuring the Remote Systems 288 Deploying the Operating System 289 ...

Page 17: ...tion Utility 298 Using iDRAC6 Configuration Utility 298 iDRAC6 LAN 299 IPMI Over LAN 299 LAN Parameters 300 Virtual Media Configuration 303 System Services 304 LAN User Configuration 304 Reset to Default 306 System Event Log Menu 307 Exiting iDRAC6 Configuration Utility 307 20 Recovering and Troubleshooting the Managed System 309 Safety First For You and Your System 309 Trouble Indicators 310 LED ...

Page 18: ... the Server Status Screen for Error Messages 316 Viewing iDRAC6 Log 324 Viewing System Information 325 Identifying the Managed Server in the Chassis 326 Using the Diagnostics Console 326 Managing Power on a Remote System 327 Troubleshooting and Frequently Asked Questions 329 A RACADM Subcommand Overview 335 help 335 config 336 getconfig 338 getssninfo 340 getsysinfo 342 getractime 346 setniccfg 34...

Page 19: ...g 353 clrraclog 355 getsel 355 clrsel 357 gettracelog 357 sslcsrgen 359 sslcertupload 360 sslcertdownload 361 sslcertview 362 testemail 364 testtrap 366 vmdisconnect 367 clearasrscreen 368 localconredirdisable 368 fwupdate 369 krbkeytabupload 371 vmkey 372 version 372 ...

Page 20: ...378 traceroute6 379 remoteimage 380 B iDRAC6 Enterprise Property Database Group and Object Definitions 383 Displayable Characters 383 idRacInfo 384 idRacProductInfo Read Only 384 idRacDescriptionInfo Read Only 384 idRacVersionInfo Read Only 384 idRacBuildInfo Read Only 385 idRacName Read Only 385 idRacType Read Only 385 ...

Page 21: ...89 cfgDNSServer2 Read Write 390 cfgNicEnable Read Write 390 cfgNicIpAddress Read Write 391 cfgNicNetmask Read Write 391 cfgNicGateway Read Write 391 cfgNicUseDhcp Read Write 392 cfgNicMacAddress Read Only 392 cfgNicVLanEnable Read Only 393 cfgNicVLanID Read Only 393 cfgNicVLanPriority Read Only 393 cfgIPv6URL 394 cfgIPv6URLstring Read Only 394 cfgIPv6LanNetworking 394 cfgIPv6Enable 394 cfgIPv6Addr...

Page 22: ...9 cfgIPv6Addr4Length Read Only 400 cfgIPv6Address4 Read Only 400 cfgIPv6Addr5PrefixLength Read Only 400 cfgIPv6Addr5Length Read Only 400 cfgIPv6Address5 Read Only 400 cfgIPv6Addr6PrefixLength Read Only 401 cfgIPv6Addr6Length Read Only 401 cfgIPv6Address6 Read Only 401 cfgIPv6Addr7PrefixLength Read Only 401 cfgIPv6Addr7Length Read Only 402 cfgIPv6Address7 Read Only 402 cfgIPv6Addr8PrefixLength Read...

Page 23: ...fgIPv6Addr14Length Read Only 406 cfgIPv6Address14 Read Only 406 cfgIPv6Addr15PrefixLength Read Only 407 cfgIPv6Addr15Length Read Only 407 cfgIPv6Address15 Read Only 407 cfgUserAdmin 407 cfgUserAdminIndex Read Only 408 cfgUserAdminIpmiLanPrivilege Read Write 408 cfgUserAdminPrivilege Read Write 408 cfgUserAdminUserName Read Write 410 cfgUserAdminPassword Write Only 410 cfgUserAdminEnable Read Write...

Page 24: ...416 cfgRhostsFwUpdateTftpEnable Read Write 416 cfgRhostsFwUpdateIpAddr Read Write 417 cfgRhostsFwUpdatePath Read Write 417 cfgRhostsSyslogEnable Read Write 418 cfgRhostsSyslogPort Read Write 418 cfgRhostsSyslogServer1 Read Write 418 cfgRhostsSyslogServer2 Read Write 419 cfgRhostsSyslogServer3 Read Write 419 cfgUserDomain 419 cfgUserDomainIndex Read Only 419 cfgUserDomainName Read Write 420 cfgServ...

Page 25: ...TuneIpRangeMask 425 cfgRacTuneIpBlkEnable 425 cfgRacTuneIpBlkFailCount 425 cfgRacTuneIpBlkFailWindow 426 cfgRacTuneIpBlkPenaltyTime 426 cfgRacTuneSshPort Read Write 426 cfgRacTuneConRedirEnable Read Write 427 cfgRacTuneTelnetPort Read Write 427 cfgRacTuneConRedirEncryptEnable Read Write 427 cfgRacTuneConRedirPort Read Write 428 cfgRacTuneConRedirVideoPort Read Write 428 cfgRacTuneAsrEnable Read Wr...

Page 26: ...ecCsrEmailAddr Read Write 434 cfgSecCsrKeySize Read Write 434 cfgRacVirtual 434 cfgVirMediaAttached Read Write 434 cfgVirMediaBootOnce Read Write 435 cfgVirMediaKeyEnable Read Write 435 cfgVirtualFloppyEmulation Read Write 436 cfgIpmiLan 436 cfgIpmiLanEnable Read Write 436 cfgIpmiLanPrivLimit Read Write 437 cfgIpmiLanAlertEnable Read Write 437 cfgIpmiEncryptionKey Read Write 437 cfgIpmiPetCommunit...

Page 27: ...SOEnable Read Write 443 cfgADRacDomain Read Write 443 cfgADRacName Read Write 444 cfgADEnable Read Write 444 cfgADAuthTimeout Read Write 444 cfgADDomainController1 Read Write 445 cfgADDomainController2 Read Write 445 cfgADDomainController3 Read Write 446 cfgADGlobalCatalog1 Read Write 446 cfgADGlobalCatalog2 Read Write 446 cfgADGlobalCatalog3 Read Write 447 cfgADType Read Write 447 cfgADCertValida...

Page 28: ...miSol 450 cfgIpmiSolEnable Read Write 450 cfgIpmiSolBaudRate Read Write 450 cfgIpmiSolMinPrivilege Read Write 450 cfgIpmiSolAccumulateInterval Read Write 451 cfgIpmiSolSendThreshold Read Write 451 Glossary 453 Index 463 ...

Page 29: ...capture an image of the screen when it detects that the system has crashed Managed servers are installed in a Dell M1000e system enclosure chassis with modular power supplies cooling fans and a chassis management controller CMC CMC monitors and manages all components installed in the chassis A redundant CMC can be added to provide hot failover if the primary CMC fails The chassis provides access t...

Page 30: ...go Certification The IPv6 Ready Logo Committee s mission is to define the test specifications for IPv6 conformance and interoperability testing to provide access to self test tools and to deliver the IPv6 Ready Logo iDRAC6 is Phase 2 IPv6 Ready Logo certified and the Logo ID is 02 C 000380 For information on the IPv6 Ready Logo Program see http www ipv6ready org iDRAC6 Security Features iDRAC6 pro...

Page 31: ... provides an SD slot for vFlash Media New features added in this release are remote RACADM IPv6 FlexAddress MAC for iDRAC6 Smart Card based Two Factor Authentication TFA Single Sign On WS MAN SMASH CLP Remote Syslog Remote File Share VLAN tagging and iDRAC6 view console changes For more information about iDRAC6 Enterprise and vFlash Media see your Hardware Owner s Manual at support dell com manual...

Page 32: ...n Local Users Active Directory Two factor Authentication Single sign on SSL Encryption Remote Management and Remediation Remote Firmware Update Server Power Control Serial over LAN with proxy Serial over LAN no proxy Power Capping Last Crash Screen Capture Boot Capture Virtual Media Table 1 1 iDRAC6 Feature List continued Feature iDRAC6 Enterprise vFlash Media ...

Page 33: ...nagement Tools and Documentation DVD that was shipped with your system Remote File Share Virtual Console Virtual Console Sharing vFlash Monitoring Sensor Monitoring and Alerting Real time Power Monitoring Real time Power Graphing Historical Power Counters Logging System Event Log SEL RAC Log Trace Log Remote Syslog Supported Not Supported Table 1 1 iDRAC6 Feature List continued Feature iDRAC6 Ente...

Page 34: ...n discontinued because of security flaws Ensure that your browser is configured to enable SSL 3 0 Supported Remote Access Connections Table 1 2 lists the connection features iDRAC6 Ports Table 1 3 lists the ports on which iDRAC6 listens for connections Table 1 4 identifies the ports that iDRAC6 uses as a client This information is required when opening firewalls for remote access to an iDRAC6 Tabl...

Page 35: ...face Table 1 3 iDRAC6 Server Listening Ports Port Number Function 22 Secure Shell SSH 23 Telnet 80 HTTP 443 HTTPS 623 RMCP RMCP 3668 3669 Virtual Media Service 3670 3671 Virtual Media Secure Service 5900 Console Redirection keyboard mouse 5901 Console Redirection video 5988 Used for WSMAN Configurable port Table 1 4 iDRAC6 Client Ports Port Number Function 25 SMTP 53 DNS 68 DHCP assigned IP addres...

Page 36: ...istrator Reference Guide provide information about using the controller that manages all modules in the chassis containing your PowerEdge server The Dell OpenManage IT Assistant User s Guide provides information about using IT Assistant The Dell Management Console User s Guide provides information about using Dell Management Console The Dell OpenManage Server Administrator User s Guide provides in...

Page 37: ...and describes how to troubleshoot the system and install or replace system components Systems management software documentation describes the features requirements installation and basic operation of the software Operating system documentation describes how to install if necessary configure and use the operating system software Documentation for any components you purchased separately provides inf...

Page 38: ...38 iDRAC6 Enterprise Overview ...

Page 39: ...allation information SYSMGMT Contains the systems management software products including Dell OpenManage Server Administrator DOCS Contains documentation for systems management software products peripherals and RAID controllers SERVICE Contains the tools you need to configure your system and delivers the latest diagnostics and Dell optimized drivers for your system For more information see the Ser...

Page 40: ...ccessed at boot time iDRAC6 Configuration Utility is useful when installing a new PowerEdge server Use it for setting up the network and basic security features and for enabling other features iDRAC6 Web Interface iDRAC6 Web interface is a browser based management application that you can use to interactively manage iDRAC6 and monitor the managed server It is the primary interface for day to day t...

Page 41: ...station It uses the out of band network interface to run RACADM commands on the managed server The r option runs the RACADM command over a network RACADM commands provide access to nearly all iDRAC6 features You can inspect sensor data system event log records and the current status and configuration values maintained in iDRAC6 You can alter iDRAC6 configuration values manage local users enable an...

Page 42: ...ng scripting and integration with existing reporting and management tools IPMI IPMI defines a standard way for embedded management subsystems such as iDRAC6 to communicate with other embedded systems and management applications You can use iDRAC6 Web interface SM CLP or RACADM commands to configure IPMI Platform Event Filters PEF and Platform Event Traps PET PEF causes iDRAC6 to perform specific a...

Page 43: ...et up a management station by installing the Dell OpenManage software a Web browser and other software utilities See Configuring the Management Station Configure iDRAC6 Networking Enable iDRAC6 network and configure IP netmask gateway and DNS addresses NOTE Access to iDRAC6 configuration through iDRAC6 Configuration Utility or Local RACADM CLI can be disabled by means of a RACADM command see RACAD...

Page 44: ...See Adding an iDRAC6 User NOTE When using iDRAC6 in an Active Directory environment the user names you create must conform to the Active Directory naming convention in force Configure Active Directory In addition to the local iDRAC6 users you can use Microsoft Active Directory to authenticate iDRAC6 user logins For more information see Using iDRAC6 With Microsoft Active Directory NOTE When using i...

Page 45: ...t Traps PET RACADM See Configuring PET Enabling or Disabling Local Configuration Access Access to critical configuration parameters such as network configuration and user privileges can be disabled Once disabled the setting remains persistent across reboots Configuration write access is blocked for both the Local RACADM program and iDRAC6 Configuration Utility at boot Web access to configuration p...

Page 46: ...figuration Configure a vFlash Media Card Install and configure a vFlash Media card for use with iDRAC6 iDRAC6 Web interface See Configuring the vFlash Media Card for Use With iDRAC6 Install the Managed Server Software Install the operating system on the PowerEdge server using virtual media and then install the Dell OpenManage software on the managed PowerEdge server and set up the last crash scree...

Page 47: ...ponents such as servers For complete management of these individual components the CMC provides a launch point for the server s iDRAC6 Web interface To launch iDRAC6 from the Servers screen 1 Log in to the CMC Web interface 2 In the system tree select Servers The Servers Status screen appears 3 Click the Launch iDRAC6 GUI icon for the server you want to manage You can also launch iDRAC6 Web interf...

Page 48: ...e sign on Once logged in to iDRAC6 Web interface this user is granted the privileges that were created for iDRAC6 account NOTE In this context the same account means that the user has the same login name and password for CMC as for iDRAC6 A user who has the same login name but a different password will not be recognized as a valid user CMC user who does not have Server Administrator set under User...

Page 49: ... screen appears b Click IPMI Settings c Select the Enable IPMI Over LAN check box You may also change the Channel Privilege Level Limit and Encryption Key settings d Click Apply To enable or disable DHCP a Click Network The Network screen appears b Select the DHCP Enable check box in the IPv4 Settings section and the Autoconfiguration Enable checkbox in the IPv6 Settings section to enable DHCP To ...

Page 50: ...xAddress feature has been enabled and configured for the chassis click System Properties tab WWN MAC to view a list of installed mezzanine cards the fabrics and ports to which they are connected the fabric port location type of fabric and server assigned or chassis assigned MAC addresses for each installed embedded Ethernet and optional mezzanine card port The Server Assigned column displays the s...

Page 51: ...Information Network Settings System Remote Access iDRAC6 Network Security tab Network Network Interface Card Settings CAUTION With the FlexAddress enabled if you switch from server assigned MAC address to chassis assigned MAC address and vice versa the iDRAC6 IP address also changes NOTE You can enable or disable iDRAC6 FlexAddress feature only through CMC iDRAC6 GUI only reports the status Any ex...

Page 52: ...og again The remote logging happens real time as and when the logs are recorded in iDRAC6 s RAC log and SEL log You can also change iDRAC6 Remote Syslog settings through CMC Remote Syslog can be enabled through the remote Web interface 1 Open a supported Web browser window 2 Log in to iDRAC6 Web interface 3 In the system tree select System Setup tab Remote Syslog Settings The Remote Syslog Setting...

Page 53: ... g cfgRemoteHosts o cfgRhostsSyslogServer2 servername2 default is blank racadm config g cfgRemoteHosts o cfgRhostsSyslogServer3 servername3 default is blank racadm config g cfgRemoteHosts o cfgRhostsSyslogPort portnumber default is 514 Remote File Share The remote file share feature through iDRAC6 allows you to specify a CD DVD ISO image file located on a network share and make it available to the...

Page 54: ...tion The Connect button is disabled after establishing a successful connection For remote file share the remote RACADM command is racadm remoteimage racadm remoteimage options Options are c connect image d disconnect image u username username to access the network share p password password to access the network share l image_location image location on the network share use double quotes around the...

Page 55: ...iDRAC6 Web interface RACADM CLI Dell Update Package for Linux or Microsoft Windows DOS iDRAC6 Firmware update utility CMC Web interface Downloading the Firmware or Update Package Download the firmware from support dell com The firmware image is available in several different formats to support the different update methods available To update iDRAC6 firmware using iDRAC6 Web interface or SM CLP or ...

Page 56: ...y image on a disk that is accessible to the management station from which you are running the Web interface See Updating iDRAC6 Firmware NOTE iDRAC6 Web interface also allows you to reset iDRAC6 configuration to the factory defaults You can use the CMC Web interface or CMC RACADM to update iDRAC6 firmware This feature is available both when iDRAC6 firmware is in Normal mode as well as when it is c...

Page 57: ... is linux security publickey txt 2 Import the public key to your GPG trust database by running the following command gpg import Public Key Filename NOTE You must have your private key to complete the process 3 To prevent a distrusted key warning change the trust level for the Dell Public GPG key a Enter the following command gpg edit key 23B66A9D b Within the GPG key editor enter fpr The following...

Page 58: ...its associated signature file from the Dell Support website at support dell com support downloads NOTE Each Linux Update Package has a separate signature file which is shown on the same Web page as the Update Package You need both the Update Package and its associated signature file for verification By default the signature file has the same name as the DUP filename with a sign extension For examp...

Page 59: ...ystems Group linux security dell com not changed gpg Total number processed 1 gpg unchanged 1 3 Set the GPG trust level for the Dell public key if you haven t done so previously a Enter the following command gpg edit key 23B66A9D b At the command prompt enter the following commands fpr trust c Enter 5 then press Enter to choose I trust ultimately from the menu d Enter y Enter to confirm your choic...

Page 60: ...iDRAC6 using the CMC Web interface NOTE The firmware update by default retains the current iDRAC6 settings During the update process you have the option to reset iDRAC6 configuration to the factory defaults If you set the configuration to the factory defaults external network access will be disabled when the update completes You must enable and configure the network using iDRAC6 Configuration Util...

Page 61: ...e LAN is disabled and you cannot log in to iDRAC6 Web interface You must reconfigure the LAN settings using iDRAC6 Configuration Utility during BIOS POST or through the CMC 6 By default the Preserve Configuration option is enabled checked to preserve the current settings on iDRAC6 after an upgrade If you do not want the settings to be preserved clear the Preserve Configuration check box 7 Click Be...

Page 62: ...e image file firmimg imc in the current directory The options are as follows f Forces the update The f option can be used to downgrade the firmware to an earlier image i filename Specifies the file name of the firmware image This option is required if the firmware file name has been changed from the default name firmimg imc l logfile Logs output from the update activity This option is used for deb...

Page 63: ...to accomplish this through iDRAC6 Configuration Utility and through iDRAC6 graphical Web interface Using iDRAC6 Configuration Utility to Enable Discovery and Monitoring To set up iDRAC6 for IPMI discovery and sending alert traps at iDRAC6 Configuration Utility level restart your managed server blade and observe its power up using the iKVM and either a remote monitor and console keyboard or a Seria...

Page 64: ...ring See the Dell Management Console User s Guide on the Dell Support site at support dell com manuals for more information Using iDRAC6 Web Interface to Enable Discovery and Monitoring IPMI Discovery can also be enabled through the remote Web interface 1 Open a supported Web browser window 2 Log in to iDRAC6 Web interface using a login and password with Administrator rights 3 In the system tree s...

Page 65: ...een You can now send a test trap by clicking the Send link in the Test Trap column Dell highly recommends that for security purposes you create a separate User for IPMI commands with its own user name IPMI over LAN privileges and password 1 In the system tree select System Remote Access iDRAC6 2 Click the Network Security tab and then click Users The Users screen appears displaying a list of all u...

Page 66: ...scovery as opposed to SNMP iDRAC6 error and warning traps can now be seen in the primary Alert Log of IT Assistant They will show up in the Unknown category but the trap description and severity will be accurate For more information on using IT Assistant to manage your data center see the Dell OpenManage IT Assistant User s Guide NOTE You can also use Dell Management Console the next generation on...

Page 67: ...p your Management Station perform the following steps 1 Set up the management station network 2 Install and configure a supported Web browser 3 Install a Java Runtime Environment JRE required if using Firefox 4 Install Telnet or SSH clients if required 5 Install a TFTP server if required 6 Install Dell OpenManage IT Assistant optional 7 Install Dell Management Console DMC optional Management Stati...

Page 68: ...features ensure that your resolution is set to at least 800 by 600 pixels and or resize your browser as needed NOTE In some situations most often during the first session after a firmware update users of Internet Explorer 6 may see the message Done with errors displayed in the browser status bar along with a partially rendered screen in the main browser window This error can also occur if you are ...

Page 69: ...X controls and plug ins Enable Script ActiveX controls marked safe for scripting Enable In the section on Downloads Automatic prompting for file downloads Enable File download Enable Font download Enable In the Miscellaneous section Allow META REFRESH Enable Allow scripting of Internet Explorer Web browser control Enable Allow script initiated windows without size or position constraints Enable Do...

Page 70: ...e page transitions checked Enable third party browser extensions checked Reuse windows for launching shortcuts unchecked In the HTTP 1 1 settings section Use HTTP 1 1 checked Use HTTP 1 1 through proxy connections checked In the Java Sun section Use JRE 1 6 x_yz checked optional version may differ In the Multimedia section Enable automatic image resizing checked Play animations in Web pages checke...

Page 71: ...twork LAN settings click LAN Settings 12 If the Use a proxy server box is selected select the Bypass proxy server for local addresses box 13 Click OK twice 14 Close and restart your browser to make sure all changes take effect Adding iDRAC6 to the List of Trusted Domains When you access iDRAC6 Web interface through the Web browser you may be prompted to add iDRAC6 IP address to the list of trusted...

Page 72: ...boards in these situations see Using the Video Viewer Use of other keyboards is not supported and may cause unexpected problems NOTE See the browser documentation on how to configure or setup different languages and view localized versions of iDRAC6 Web interface Setting the Locale in Linux The console redirection viewer requires a UTF 8 character set to display correctly If your display is garble...

Page 73: ...l valid If not repeat this procedure Disabling the Whitelist Feature in Firefox Firefox has a whitelist security feature that requires user permission to install plugins for each distinct site that hosts a plugin If enabled the whitelist feature requires you to install a console redirection viewer for each iDRAC6 you visit even though the viewer versions are identical To disable the whitelist feat...

Page 74: ...products peripherals and RAID controllers SERVICE Contains the tools you need to configure your system and delivers the latest diagnostics and Dell optimized drivers for your system Installing and Removing RACADM on a Linux Management Station To use the remote RACADM functions install RACADM on a management station running Linux NOTE When you run Setup on the Dell Systems Management Tools and Docu...

Page 75: ...ch the viewer If you use the Firefox browser you must install a JRE or a Java Development Kit JDK to use the console redirection feature The console viewer is a Java application that is downloaded to the management station from iDRAC6 Web interface and then launched with Java Web Start on the management station Go to java sun com to install a JRE or JDK Version 1 6 Java 6 0 or higher is recommende...

Page 76: ...only if you cannot install an SSH client or your network connection is otherwise secured NOTE iDRAC6 supports up to 4 Telnet sessions and 4 SSH sessions simultaneously Telnet with iDRAC6 Telnet is included in Windows and Linux operating systems and can be run from a command shell You may also choose to install a commercial or freely available Telnet client with more convenience features than the s...

Page 77: ...del The following message appears Backspace will be sent as delete To configure a Linux Telnet session to use the Backspace key perform the following steps 1 Open a shell and enter stty erase h 2 At the prompt enter telnet SSH With iDRAC6 Secure Shell SSH is a command line connection with the same capabilities as a Telnet session but with session negotiation and encryption to improve security iDRA...

Page 78: ...ime The session timeout is controlled by the cfgSsnMgtSshIdleTimeout property as described in iDRAC6 Enterprise Property Database Group and Object Definitions iDRAC6 SSH implementation supports multiple cryptography schemes as shown in Table 3 1 NOTE SSHv1 is not supported Table 3 1 Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie Hellman DSA DSS 512 1024 random bits per NIST...

Page 79: ...s already listening Port 69 is the TFTP default port If no server is running you have the following options Find another computer on the network running a TFTP service If you are using Linux install a TFTP server from your distribution If you are using Windows install a commercial or free TFTP server Installing Dell OpenManage IT Assistant Your system includes the Dell OpenManage System Management...

Page 80: ...ant and also provides enhanced discovery inventory monitoring and reporting features It is a Web based GUI which is installed on a management station in a networked environment You can install DMC from the Dell Management Console DVD or download and install it from the Dell website at www dell com openmanage See the Dell Management Console User s Guide available at support dell com manuals for ins...

Page 81: ...feature Server Administrator Instrumentation Service Provides access to detailed fault and performance information gathered by industry standard systems management agents and allows remote administration of monitored systems including shutdown startup and security Server Administration Storage Management Service Provides storage management information in an integrated graphical view Server Adminis...

Page 82: ...enable the Last Crash Screen in iDRAC6 Web interface click System Remote Access iDRAC6 Network Security tab Services then check the Enabled checkbox under the Automated System Recovery Agent Settings heading To enable the Last Crash Screen using local RACADM open a command prompt on the managed server and enter the following command racadm config g cfgRacTuning o cfgRacTuneAsrEnable 1 4 In the Ser...

Page 83: ... the last crash screen disable the Automatic Reboot option on managed servers running Windows Server or Windows Vista 1 Open the Windows Control Panel and double click the System icon 2 Click the Advanced tab 3 Under Startup and Recovery click Settings 4 Deselect the Automatically Reboot check box 5 Click OK twice ...

Page 84: ...84 Configuring the Managed Server ...

Page 85: ...ted information Most configuration tasks for which you would use the web interface could also be performed with local or remote RACADM commands or with SM CLP commands Local RACADM commands are executed from the managed server Remote RACADM is a client utility run on a management station and makes use of the out of band interface to communicate with the managed server This utility is used with the...

Page 86: ... name and password are root and calvin respectively You must have been granted Login to iDRAC privilege by the administrator to log in to iDRAC6 To log in perform the following steps 1 In the Username field enter one of the following Your iDRAC6 user name NOTE The user name for local users is case sensitive Examples are root it_user IT_user or john_doe Your Active Directory user name You can use a...

Page 87: ...ple Browser Tabs and Windows Different versions of Web browsers exhibit different behaviors when opening new tabs and windows Microsoft Internet Explorer 6 does not support tabs therefore each browser window opened becomes a new iDRAC6 Web interface session Internet Explorer IE 7 and IE 8 have the option to open tabs as well as windows Each tab inherits the characteristics of the most recently ope...

Page 88: ...s the client identifier option using a one byte interface number 0 followed by a six byte MAC address 1 Click System Remote Access iDRAC6 2 Click the Network Security tab The Network screen appears 3 Configure the Network IPMI and VLAN settings as needed See Table 5 2 Table 5 3 and Table 5 4 for descriptions of the Network IPMI and VLAN Settings options 4 Click Apply 5 Click the appropriate button...

Page 89: ...cked Disable acquisition of DNS from DHCP DNS Domain Name The default DNS Domain Name is blank When the Use DHCP for DNS Domain Name checkbox is selected this option is grayed out and the field cannot be modified IPv4 Settings Enabled Enables Checked or disables Unchecked IPv4 protocol support The Enable NIC option should be checked to activate this setting DHCP Enable If Checked the Server Admini...

Page 90: ...ion Enable Selecting this option allows iDRAC6 to obtain the IPv6 address for iDRAC6 NIC from the Dynamic Host Configuration Protocol DHCPv6 server Enabling Autoconfiguration Enable also deactivates and flushes out the static values for IPv6 Address Prefix Length and Gateway IPv6 Address Configures the IPv6 address for iDRAC6 NIC To change this setting you must first disable Autoconfiguration Enab...

Page 91: ...tered into the Preferred DNS Server and Alternate DNS Server fields Preferred DNS Server Configures the static IPv6 address for the preferred DNS server To change this setting deselect Use DHCPv6 to obtain DNS Server Addresses Alternate DNS Server Configures the static IPv6 address for the alternate DNS server To change this setting deselect Use DHCPv6 to obtain DNS Server Addresses Table 5 3 IPMI...

Page 92: ...eld of 802 1g fields Displays a value from 1 to 4094 except 4001 to 4020 Priority Priority field of 802 1g fields This is used to identify the priority of the VLAN ID and displays a value from 0 to 7 for the VLAN Priority Table 5 5 Network Configuration Buttons Button Description Advanced Settings Displays the Network Security screen allowing you to enter the IP Range and IP Blocking attributes Pr...

Page 93: ...ant bits are all 1 s with a single transition to all zeros in the lower order bits The default is 255 255 255 0 IP Blocking Enabled Enables the IP address blocking feature which limits the number of failed login attempts from a specific IP address for a preselected time span The default is Disabled IP Blocking Fail Count Sets the number of login failures attempted from an IP address before the log...

Page 94: ...System Event Log SEL If this event matches a platform event filter PEF that is enabled and you have configured the filter to generate an alert PET or e mail then a PET or e mail alert is sent to one or more configured destinations Apply Saves any new settings that you made to the Network Security screen Go Back to Network Configuration Page Returns to the Network screen Table 5 8 Filterable Platfo...

Page 95: ...lert column heading 4 Select the radio button below the action you would like to enable for each event You can only select one action for each event 5 Click Apply NOTE The event s Generate Alert checkbox must be selected in order for an alert to be sent for that event Configuring Platform Event Traps PET NOTE You must have Configure iDRAC permission to add or enable disable an SNMP alert The follo...

Page 96: ...ecify up to four IPv4 and four IPv6 destination addresses Configuring E Mail Alerts 1 Log in to iDRAC6 Web interface 2 Ensure that you followed the procedures in Configuring Platform Event Filters PEF 3 Click System and then click the Alert Management tab The Platform Events screen appears 4 Click Email Alert Settings The Email Alert Settings screen appears 5 Configure your e mail alert destinatio...

Page 97: ...mands that can be executed from the IPMI over LAN interface For more information see the IPMI 2 0 specifications Under IPMI Settings click the Channel Privilege Level Limit drop down menu select Administrator Operator or User and then click Apply e Set the IPMI LAN channel encryption key if required NOTE iDRAC6 IPMI supports the RMCP protocol Under IPMI Settings in the Encryption Key field enter t...

Page 98: ... screen displays each user s User ID State User Name IPMI LAN Privileges iDRAC6 Privileges and Serial Over LAN capability NOTE User 1 is reserved for the IPMI anonymous user and is not configurable 2 In the User ID column click a user ID number 3 On the User Configuration screen configure the user s properties and privileges Table 5 9 describes the General settings for configuring an iDRAC6 user n...

Page 99: ... user interface until the next user login Change Password Enables the New Password and Confirm New Password fields When deselected the user s Password cannot be changed New Password Enables editing iDRAC6 user s password Enter a Password with up to 20 characters The characters will not display NOTE Special characters like and are not allowed and are blocked while creating user passwords Confirm Ne...

Page 100: ...user to execute RACADM commands Access Console Redirection Enables the user to run Console Redirection Access Virtual Media Enables the user to run and use Virtual Media Test Alerts Enables the user to send test alerts e mail and PET to all currently configured alert recipients Execute Diagnostic Commands Enables the user to run diagnostic commands Table 5 12 iDRAC6 Group Permissions User Group Pe...

Page 101: ...cts any combination of the following permissions Login to iDRAC6 Configure iDRAC6 Configure Users Clear Logs Execute Server Control Commands Access Console Redirection Access Virtual Media Test Alerts Execute Diagnostic Commands None No assigned permissions Table 5 13 User Configuration Buttons Button Action Print Prints the User Configuration values that appear on the screen Refresh Reloads the U...

Page 102: ... ensure high security over the Internet replace the Web server SSL certificate with a certificate signed by a well known Certificate Authority CA A Certificate Authority is a business entity that is recognized in the IT industry for meeting high standards of reliable screening identification and other important security criteria Examples of CAs include Thawte and VeriSign To initiate the process o...

Page 103: ...gning Request CSR Select the option and click Next to open the Generate Certificate Signing Request CSR screen NOTE Each new CSR overwrites the previous CSR on the firmware For a CA to accept your CSR the CSR in the firmware must match the certificate returned from the CA Upload Server Certificate Select the option and click Next to open the Certificate Upload screen and upload the certificate sen...

Page 104: ... CSR Options Field Description Common Name The exact name being certified usually the Web server s domain name for example www xyzcompany com Only alphanumeric characters spaces hyphens underscores and periods are valid Organization Name The name associated with this organization for example XYZ Corporation Only alphanumeric characters hyphens underscores periods and spaces are valid Organization ...

Page 105: ... entity applying for certification is located Email The e mail address associated with the CSR Enter the company s e mail address or any e mail address associated with the CSR This field is optional Key Size The size of the Certificate Signing Request CSR Key to be generated The size may be 1024 KB or 2048 KB Table 5 17 Generate Certificate Signing Request CSR Buttons Button Description Print Prin...

Page 106: ...n Apply Applies the certificate to iDRAC6 firmware Go Back to SSL Main Menu Returns the user to the SSL Main Menu screen Table 5 19 View Server Certificate Information Field Description Serial Number Certificate serial number Subject Information Certificate attributes entered by the subject Issuer Information Certificate attributes returned by the issuer Valid From Issue date of the certificate Va...

Page 107: ...ettings Displays commonly configured Active Directory settings Active Directory CA Certificate Displays the certificate of the CA that signs all the domain controller s SSL server certificates Standard Schema Settings Extended Schema Settings Depending on the current Active Directory configuration Extended Schema Settings or Standard Schema Settings are displayed Configure Active Directory Click t...

Page 108: ...ctory Configuration and Management Certificate Validation Enabled Specifies whether Certificate validation is enabled or disabled If Checked Certificate Validation is enabled iDRAC6 uses LDAP over Secure Socket Layer SSL while connecting to Active Directory By default iDRAC6 provides strong security by using the CA certificate loaded in iDRAC6 to validate the SSL server certificate of the domain c...

Page 109: ...tion credentials such as user name and password If you enable Single Sign on SSO and then logout you can log back in using SSO If you are already logged in using SSO and then logout or if SSO fails the normal login webpage is displayed NOTE Enabling Smart Card logon or Single Sign on does not disable any command line out of band interfaces including SSH Telnet remote RACADM and IPMI over LAN NOTE ...

Page 110: ...dard Schema is selected the addresses represent the domain controllers where the user accounts and the role groups are located Step 3 of 4 Active Directory Configuration and Management Extended Schema Settings Select this option if you want to use Extended Schema with Active Directory Click Next to display the Step 4 of 4 Active Directory Configuration and Management page iDRAC Name Specifies the ...

Page 111: ...and the role groups are in different domains Role Groups Specifies the list of role groups associated with iDRAC6 Group Name Specifies the name that identifies the role group in the Active Directory associated with iDRAC6 Group Domain Specifies the group domain type where the Role Group resides Group Privilege Specifies the group privilege level These settings will be displayed only if iDRAC6 has ...

Page 112: ... Commands Allows the group permission to execute diagnostic commands Table 5 25 Role Group Permissions Property Description Administrator Login to iDRAC Configure iDRAC Configure Users Clear Logs Execute Server Control Commands Access Console Redirection Access Virtual Media Test Alerts Execute Diagnostic Commands Power User Login to iDRAC Clear Logs Execute Server Control Commands Access Console ...

Page 113: ... Uncheck the Disable iDRAC6 local USER Configuration Updates to enable access 3 Click Apply Disabling Local Configuration Access 1 Click System Remote Access iDRAC6 Network Security Services 2 Under Local Configuration click to select Disable iDRAC6 local USER Configuration Updates to disable access 3 Click Apply None No assigned permissions Table 5 26 Active Directory CA Certificate Information F...

Page 114: ...r Telnet settings SNMP Agent see Table 5 30 for SNMP Agent settings Automated System Recovery Agent see Table 5 31 for Automated System Recovery Agent settings 4 Click Apply Table 5 27 Web Server Settings Setting Description Enabled Enables or disables iDRAC6 Web server When Checked indicates that the Web server is enabled The default value is Checked Max Sessions The maximum number of simultaneou...

Page 115: ...ber of current sessions on the system You can not edit this field Timeout The secure shell idle timeout in seconds Timeout range is 60 to 10800 seconds Enter 0 seconds to disable the Timeout feature The default is 1800 Port Number The port on which iDRAC6 listens for an SSH connection The default is 22 Table 5 29 Telnet Settings Setting Description Enabled Enables or disables Telnet When Checked T...

Page 116: ...ng iDRAC6 Configuration Utility or the CMC Web interface 1 Start iDRAC6 Web interface 2 Click System Remote Access iDRAC6 and then click the Update tab Timeout The Telnet idle timeout in seconds Timeout range is 60 to 10800 seconds Enter 0 seconds to disable the Timeout feature The default is 1800 Port Number The port on which iDRAC6 listens for a Telnet connection The default is 23 Table 5 30 SNM...

Page 117: ...close the current session and then try updating again NOTE If you uncheck the Preserve Configuration checkbox iDRAC6 will reset to its default settings In the default settings the LAN is disabled You will not be able to log in to iDRAC6 Web interface You will have to reconfigure the LAN settings using the CMC Web interface or iKVM using iDRAC6 Configuration Utility during BIOS POST 6 By default th...

Page 118: ... to the CMC Web interface 3 Click Chassis in the system tree 4 Click the Update tab The Firmware Update screen appears 5 Select iDRAC6 or iDRAC6s of the same model to update by selecting the Update Targets check box 6 Click the Apply iDRAC6 Enterprise Update button below iDRAC6 component list 7 Click Browse browse to iDRAC6 firmware image you downloaded and click Open 8 Click Begin Firmware Update...

Page 119: ... the process completed successfully If the firmware rollback is successful iDRAC6 will reset automatically To continue working with iDRAC6 through the web interface close the current browser and reconnect to iDRAC6 using a new browser window An appropriate error message is displayed if an error occurs NOTE The Preserve Configuration feature does not work if you want to rollback iDRAC6 firmware fro...

Page 120: ...120 Configuring iDRAC6 Enterprise Using the Web Interface ...

Page 121: ...ndows Server 2003 and Windows Server 2008 operating systems Table 6 1 shows the iDRAC6 Active Directory user privileges Table 6 1 iDRAC6 User Privileges Privilege Description Login to iDRAC Enables the user to log in to iDRAC6 Configure iDRAC Enables the user to configure iDRAC6 Configure Users Enables the user to allow specific users to access the system Clear Logs Enables the user to clear iDRAC...

Page 122: ...oller for more specific information Supported Active Directory Authentication Mechanisms You can use Active Directory to define user access on iDRAC6 through two methods you can use the extended schema solution which Dell has customized to add Dell defined Active Directory objects Or you can use the standard schema solution which uses Active Directory group objects only See the sections that follo...

Page 123: ... In For further details on extending the schema for iDRAC6 and installing the Active Directory Users and Computers MMC Snap in see the Dell OpenManage Installation and Security User s Guide available on support dell com manuals NOTE When you create iDRAC6 Association Objects or iDRAC6 Device Objects select Dell Remote Management Object Advanced Active Directory Schema Extensions The Active Directo...

Page 124: ...sers iDRAC6 privileges and iDRAC6 devices on the network without adding too much complexity Active Directory Object Overview For each physical iDRAC6 device on the network that you want to integrate with Active Directory for Authentication and Authorization create at least one Association Object and one iDRAC6 Device Object You can create multiple Association Objects and each Association Object ca...

Page 125: ... iDRAC6 Device Objects However the Association Object only includes one Privilege Object per Association Object The Association Object connects the Users who have Privileges on iDRAC6 devices The Dell extension to the ADUC MMC Snap in only allows associating the Privilege Object and iDRAC6 Objects from the same domain with the Association Object The Dell extension does not allow a group or an iDRA...

Page 126: ...h different Association Objects In other words Extended Schema Authentication accumulates privileges to allow the user the super set of all assigned privileges corresponding to the different privilege objects associated with the same user Figure 6 2 provides an example of accumulating privileges using Extended Schema Figure 6 2 Privilege Accumulation for a User The figure shows two Association Obj...

Page 127: ...e Directory software and iDRAC6 by performing the following steps in order 1 Extend the Active Directory schema see Extending the Active Directory Schema 2 Extend the Active Directory Users and Computers Snap in see Installing the Dell Extension to the Active Directory Users and Computers Snap In 3 Add iDRAC6 users and their privileges to Active Directory see Adding iDRAC6 Users and Privileges to ...

Page 128: ...ectory Schema see Using the Dell Schema Extender You can copy and run the Schema Extender or LDIF files from any location Using the Dell Schema Extender CAUTION The Dell Schema Extender uses the SchemaExtenderOem ini file To ensure that the Dell Schema Extender utility functions properly do not modify the name of this file 1 In the Welcome screen click Next 2 Read and understand the warning and cl...

Page 129: ... OID 1 2 840 113556 1 8000 1280 1 7 1 1 Description Represents the Dell iDRAC6 device iDRAC6 must be configured as delliDRACDevice in Active Directory This configuration enables iDRAC6 to send Lightweight Directory Access Protocol LDAP queries to Active Directory Class Type Structural Class SuperClasses dellProduct Attributes dellSchemaVersion dellRacType Table 6 4 delliDRACAssociationObject Class...

Page 130: ...User dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 6 6 dellPrivileges Class OID 1 2 840 113556 1 8000 1280 1 1 1 4 Description Used as a container Class for the Dell Privileges Authorization Rights Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges Table 6 7 dellProduct Class OID 1 2 840 113556 1 8000 1280 1 1 1 5 Descri...

Page 131: ...00 1280 1 1 2 3 Boolean LDAPTYPE_BOOLEAN 1 3 6 1 4 1 1466 115 121 1 7 TRUE dellIsCardConfigAdmin TRUE if the user has Card Configuration rights on the device 1 2 840 113556 1 8000 1280 1 1 2 4 Boolean LDAPTYPE_BOOLEAN 1 3 6 1 4 1 1466 115 121 1 7 TRUE dellIsUserConfigAdmin TRUE if the user has User Configuration rights on the device 1 2 840 113556 1 8000 1280 1 1 2 5 Boolean LDAPTYPE_BOOLEAN 1 3 6...

Page 132: ... to update the schema 1 2 840 113556 1 8000 1280 1 1 2 12 Case Ignore String LDAPTYPE_CASEIGNORESTRING 1 2 840 113556 1 4 905 TRUE dellRacType This attribute is the Current RAC Type for the delliDRACDevice object and the backward link to the dellAssociationObjectMembers forward link 1 2 840 113556 1 8000 1280 1 1 2 13 Case Ignore String LDAPTYPE_CASEIGNORESTRING 1 2 840 113556 1 4 905 TRUE dellAss...

Page 133: ...T ManagementStation support OMActiveDirect ory_SnapIn64 For more information about the Active Directory Users and Computers Snap in see your Microsoft documentation Installing the Administrator Pack You must install the Administrator Pack on each system that is managing the Active Directory iDRAC6 Objects If you do not install the Administrator Pack you cannot view the Dell iDRAC6 Object in the co...

Page 134: ... an Association Object Creating an iDRAC6 Device Object 1 In the MMC Console Root window right click a container 2 Select New Dell Remote Management Object Advanced The New Object window appears 3 Enter a name for the new object The name must be identical to iDRAC6 name that you will enter in Step A of Configuring Active Directory With Extended Schema Using iDRAC6 Web Interface 4 Select iDRAC Devi...

Page 135: ...ng Objects to an Association Object Using the Association Object Properties window you can associate users or user groups privilege objects and iDRAC6 devices or iDRAC6 device groups You can add groups of Users and iDRAC6 devices The procedure for creating Dell related groups and non Dell related groups is identical Adding Users or User Groups 1 Right click the Association Object and select Proper...

Page 136: ...twork Security tab and then click Active Directory The Active Directory Configuration and Management summary screen appears 5 Scroll to the bottom of the screen and click Configure Active Directory The Step 1 of 4 Active Directory Configuration and Management screen appears 6 To validate the SSL certificate of your Active Directory servers select the Certificate Validation Enabled check box under ...

Page 137: ...ctory responses 12 Enter the Domain Controller Server Address You can enter up to three Active Directory servers for login processing but you must configure at least one server by entering the IP address or the fully qualified domain name FQDN iDRAC6 attempts to connect to each configured server until a connection is established NOTE The FQDN or IP address that you specify in this field should mat...

Page 138: ...lly or use DHCP to get DNS server s You have completed the Active Directory configuration with Extended Schema Configuring Active Directory With Extended Schema Using RACADM Use the following commands to configure iDRAC6 Active Directory feature with Extended Schema using the RACADM command line interface CLI tool instead of the Web interface 1 Open a command prompt and enter the following RACADM ...

Page 139: ...ble 0 In this case you do not have to upload a CA certificate If you want to enforce the certificate validation during SSL handshake enter the following RACADM command racadm config g cfgActiveDirectory o cfgADCertValidationEnable 1 In this case you must upload a CA certificate using the following RACADM command racadm sslcertupload t 0x2 f ADS root CA certificate Using the following RACADM comman...

Page 140: ... command racadm config g cfgUserDomain o cfgUserDomainName fully qualified domain name or IP Address of the domain controller i index You can configure up to 40 user domains with index numbers between 1 and 40 See Using Active Directory to Log In to iDRAC6 for details about user domains 5 Press Enter to complete the Active Directory configuration with Extended Schema Standard Schema Active Directo...

Page 141: ...cess to a specific iDRAC6 card the role group name and its domain name need to be configured on the specific iDRAC6 card Unlike the extended schema solution the role and the privilege level is defined on each iDRAC6 card not in the Active Directory Up to five role groups can be configured and defined in each iDRAC6 Table 6 9 shows the default role group privileges Role Group Role Group Name and Do...

Page 142: ...ured on iDRAC6 In this multiple domain scenario all of the role groups and nested groups if any must be Universal Group type Table 6 9 Default Role Group Privileges Role Groups DefaultPrivilege Level Permissions Granted Bit Mask Role Group 1 None Login to iDRAC Configure iDRAC Configure Users Clear Logs Execute Server Control Commands Access Console Redirection Access Virtual Media Test Alerts Exe...

Page 143: ...ectory With Standard Schema Using iDRAC6 Web Interface 1 Open a supported Web browser window 2 Log in to iDRAC6 Web interface 3 In the system tree select System Remote Access iDRAC6 4 Click the Network Security tab and then click Active Directory The Active Directory Configuration and Management summary page appears 5 Scroll to the bottom of the screen and click Configure Active Directory The Step...

Page 144: ...available in the Web interface login screen You can choose from the list and then you only need to enter the user name 13 In the Timeout field enter the number of seconds you want iDRAC6 to wait for Active Directory responses 14 Enter the Domain Controller Server Address You can enter up to three Active Directory servers for login processing but you must configure at least one server by entering t...

Page 145: ...or information on role group privileges NOTE If you modify any of the permissions the existing role group privilege Administrator Power User or Guest User will change to either the Custom Group or the appropriate role group privilege based on the permissions you modified 23 Click OK to save the role group settings An alert dialog appears indicating that your settings are changed Click OK to return...

Page 146: ...mmands racadm config g cfgActiveDirectory o cfgADEnable 1 racadm config g cfgActiveDirectory o cfgADType 2 racadm config g cfgStandardSchema i index o cfgSSADRoleGroupName common name of the role group racadm config g cfgStandardSchema i index o cfgSSADRoleGroupDomain fully qualified domain name racadm config g cfgStandardSchema i index o cfgSSADRoleGroupPrivilege Bit Mask Value for specific RoleG...

Page 147: ...atalog3 fully qualified domain name or IP address of the domain controller NOTE The Global Catalog server is only required for standard schema when the user accounts and role groups are in different domains And in this multiple domain case only the Universal Group can be used NOTE The FQDN or IP address that you specify in this field should match the Subject or Subject Alternative Name field of yo...

Page 148: ...SServersFromDHCP 0 racadm config g cfgLanNetworking o cfgDNSServer1 primary DNS IP address racadm config g cfgLanNetworking o cfgDNSServer2 secondary DNS IP address 4 If you want to configure a list of user domains so that you only need to enter the user name when logging in to the Web interface enter the following command racadm config g cfgUserDomain o cfgUserDomainName fully qualified domain na...

Page 149: ...ntroller At this time the domain controller should publish a certificate signed by the Certificate Authority CA the root certificate of which is also uploaded into iDRAC6 In other words for iDRAC6 to authenticate to any domain controller whether it is the root or the child domain controller that domain controller should have an SSL enabled certificate signed by the domain s CA If you are using Mic...

Page 150: ...ect All Tasks and click Export 12 In the Certificate Export Wizard click Next and select No do not export the private key 13 Click Next and select Base 64 encoded X 509 cer as the format 14 Click Next and save the certificate to a directory on your system 15 Upload the certificate you saved in step 14 to iDRAC6 To upload the certificate using RACADM see Configuring Active Directory With Standard S...

Page 151: ...cate 1 On the domain controller open an MMC Console window and select Certificates Trusted Root Certification Authorities 2 Right click Certificates select All Tasks and click Import 3 Click Next and browse to the SSL certificate file 4 Install iDRAC6 SSL Certificate in each domain controller s Trusted Root Certification Authority If you have installed your own certificate ensure that the CA signi...

Page 152: ...ou can still log in as an Active Directory user if you use the login syntax described above in Using Active Directory to Log In to iDRAC6 Using Active Directory Single Sign On You can enable iDRAC6 to use Kerberos a network authentication protocol to enable single sign on For more information on setting up iDRAC6 to use the Active Directory single sign on feature see Enabling Kerberos Authenticati...

Page 153: ...n the Current Active Directory CA Certificate section 8 Click Next The Step 2 of 4 Active Directory Configuration and Management screen appears 9 Select the Active Directory Enabled check box 10 Select Enable Single Sign on if you want to log into iDRAC6 directly after logging into your workstation without entering your domain user authentication credentials such as user name and password To log i...

Page 154: ...irectory network account 2 Log into iDRAC6 Web page using iDRAC6 fully qualified domain name http idracname domain com iDRAC6 logs you in using your credentials that were cached in the operating system when you logged in using your valid Active Directory network account Frequently Asked Questions Active Directory Log In Issues It takes nearly 4 minutes to log into iDRAC6 using Active Directory Sin...

Page 155: ...gnostic tool in the Web interface 1 Log in as a local user with administrator privilege from the Web interface 2 In the system tree select System Remote Access iDRAC6 3 Click the Network Security tab and then click the Active Directory sub tab The Active Directory Configuration and Management screen appears 4 Scroll to the bottom of the screen and click Test Settings The Test Active Directory Sett...

Page 156: ...nection with the directory server The most common reasons for failing certification validation are iDRAC6 date is not within the valid period of the server certificate or CA certificate Check iDRAC6 time and the valid period of your certificate The Domain Controller Addresses configured in iDRAC6 do not match the Subject or Subject Alternative Name of the directory server certificate If you are us...

Page 157: ...ory Configuration and Management page c If you have enabled certificate validation ensure that you have uploaded the correct Active Directory root CA certificate to iDRAC6 The certificate appears in the Current Active Directory CA Certificate area Ensure that iDRAC6 time is within the valid period of the CA certificate d If you are using the Extended Schema ensure that iDRAC6 Name and iDRAC6 Domai...

Page 158: ...he IP address configured in iDRAC6 Disable certificate validation if you choose to trust this domain controller without certificate validation during the SSL handshake Why does iDRAC6 enable certificate validation by default iDRAC6 enforces strong security to ensure the identity of the domain controller that iDRAC6 connects to Without certificate validation a hacker could spoof a domain controller...

Page 159: ...nnects to the configured domain controller address es first If the user and role groups reside in that domain the privileges are saved If global controller address es is configured iDRAC6 continues to query the Global Catalog If additional privileges are retrieved from the Global Catalog these privileges are accumulated Miscellaneous Does iDRAC6 always use LDAP over SSL Yes All the transportation ...

Page 160: ...160 Using iDRAC6 With Microsoft Active Directory ...

Page 161: ...n requires users to verify their identities by providing both factors Configuring Smart Card Login in iDRAC6 To enable iDRAC6 Smart Card logon feature from the Web interface 1 Open a supported Web browser window 2 Log in to iDRAC6 Web interface 3 In the system tree select System Remote Access iDRAC6 The Remote Access Information screen appears 4 Click the Network Security tab Select Network and ve...

Page 162: ...in Name and enter the IP address of the Domain Controller Server Address Select Next 12 Select Standard Schema Settings on Step 3 of 4 Active Directory Configuration and Management page Select Next 13 On Step 4a of 4 Active Directory page enter the IP Address of the Global Catalog Server Add the Role Group information that your valid Active Directory user is a member of by selecting one of the Rol...

Page 163: ...OTE You need not keep your Smart Card in the reader to stay logged in Troubleshooting the Smart Card Logon in iDRAC6 Use the following tips to help you debug an inaccessible Smart Card It takes nearly 4 minutes to log into iDRAC6 using Active Directory Smart Card login The normal Active Directory Smart Card login usually takes less than 10 seconds but it may take nearly 4 minutes to log into iDRAC...

Page 164: ...tCard o cfgSmartCardLogonEnable 0 For 64 bit Windows platforms the iDRAC6 authentication plug in will not get installed properly if a 64 bit version of Microsoft Visual C 2005 Redistributable Package is deployed You need to deploy the 32 bit version of Microsoft Visual C 2005 Redistributable Package for the plug in to install and run properly If you receive the following error message Not able to ...

Page 165: ...h Remote or Telnet SSH RACADM racadm config g cfgRacTuning o cfgRacTuneTimeZoneOffset offset value in minutes For example if the system time is GMT 6 US CST and time is 2PM set the iDRAC6 time to GMT time of 18 00 which would require you to enter 360 in the above command for the offset You can also use cfgRacTuneDaylightoffset to allow for daylight savings variation This saves you from having to c...

Page 166: ...166 Configuring Smart Card Authentication ...

Page 167: ...rt two types of authentication mechanisms Active Directory single sign on and Active Directory Smart Card logins For single sign on login iDRAC6 uses the user credentials cached in the operating system after the user has logged in using a valid Active Directory account For Active Directory smart card login iDRAC6 uses smart card based two factor authentication TFA as credentials to enable an Activ...

Page 168: ...beros configuration on iDRAC6 entails the same steps as configuring a non Windows Server Kerberos service as a security principal in Windows Server Active Directory The Microsoft tool ktpass supplied by Microsoft as part of the server installation CD DVD is used to create the Service Principal Name SPN bindings to a user account and export the trust information into a MIT style Kerberos keytab fil...

Page 169: ...t iDRAC6 uses for Kerberos authentication is DES CBC MD5 The principal type is KRB5_NT_PRINCIPAL The properties of the user account that the Service Principal Name is mapped to should have the following account property enabled Use DES encryption types for this account NOTE You must create an Active Directory user account for use with the mapuser option of the ktpass command Also you should have t...

Page 170: ...bkeytabupload f filename where filename is the name of the keytab file Configuring Active Directory Users for single sign on Logon Before using the Active Directory single sign on logon feature ensure that you have already configured iDRAC6 for Active Directory login and the domain user account that you will use to login into the system has been enabled for iDRAC6 Active Directory login Also ensur...

Page 171: ...ctory user You are configured in iDRAC6 for Active Directory login iDRAC6 is enabled for Kerberos Active Directory authentication Configuring Active Directory Users for Smart Card Logon Before using the Active Directory Smart Card logon feature ensure that you have already configured iDRAC6 for Active Directory login and the user account that has been issued the Smart Card has been enabled for iDR...

Page 172: ...iDRAC6 displays the following login screens options for various TFA and SSO enablement combinations with different versions of iDRAC iDRAC6 and CMC CMC v2 1 with TFA enabled and iDRAC6 v2 1 with TFA enabled iDRAC6 Login prompt with PIN entry CMC v2 1 with TFA enabled and iDRAC6 v2 1 with TFA disabled and SSO disabled iDRAC6 Login prompt with user name domain and password CMC v2 1 with TFA enabled ...

Page 173: ...OS Version The version number of the managed server s BIOS Service Tag The Service Tag number of the server Host Name The DNS hostname associated with the managed server OS Name The name of the operating system installed on the managed server NOTE The OS Name field is populated only if Dell OpenManage Server Administrator is installed on the managed system An exception to this are VMware operating...

Page 174: ...ure of the managed server as set by Open Manage Server Administrator Recovery Action Action to be performed when a system fault or hang is detected Available actions are No Action Hard Reset Power Down or Power Cycle Initial Countdown The amount of time in seconds after a system hang is detected at which time iDRAC6 performs a recovery action Present Countdown The current value in seconds of the c...

Page 175: ...C6 Gateway Displays the IP address of the network gateway configured for iDRAC6 Use DHCP to obtain DNS server addresses Displays whether DHCP is used to obtain DNS Server Addresses Preferred DNS Server Displays the currently active primary DNS server Alternate DNS Server Displays the alternate DNS server address IPv6 Settings Enabled Displays whether IPv6 protocol support is enabled or disabled Au...

Page 176: ...n about the component NOTE Component information can also be obtained by clicking the component name in the left pane of the window Components remain visible in the left pane independent of the tab screen that is selected iDRAC6 The Remote Access Information screen lists a number of important details about iDRAC6 such as health status name firmware revision and network parameters Additional detail...

Page 177: ...n as the status of the on board voltage rail and CPU core sensors Power Monitoring The Power Monitoring screen enables you to view the following monitoring and power statistics information Power Monitoring Displays the amount of power being used one minute average power value measured in AC watts by the server as reported by the System Board Current Monitor Amperage Displays the current consumptio...

Page 178: ...l prior to booting the operating system of the managed server Misc Health The Misc Health screen provides access to the following system logs System Event Log Displays system critical events that occur on the managed system Post Code Displays the last system post code in hexadecimal prior to booting the operating system of the managed server Last Crash Screen Displays the most recent crash screen ...

Page 179: ...many features for monitoring and managing power Power Monitoring iDRAC6 collects a history of power measurements and calculates running averages peaks and so on Using iDRAC6 Web interface you can view the information on the Power Monitoring screen You can also view the information in graph form by clicking Show Graph at the bottom of the Power Monitoring screen See Power Monitoring for more inform...

Page 180: ...ugh its Web interface or RACADM CLI Cumulative System Power System Peak Power and System Peak Amperage Average Minimum and Maximum Power Consumption Power consumption also shown in graphs in the Web interface Max and Min Power Times Viewing Power Monitoring Using the Web Interface To view the power monitoring data 1 Log in to iDRAC6 Web interface 2 In the system tree select Power Monitoring The Po...

Page 181: ...ystem energy consumption value was last cleared and the new measurement cycle began For Cumulative System Power System Peak Amperage and System Peak Power statistics the peak values when reset will immediately reflect the current instantaneous value Measurement Current Time for Cumulative System Power displays the current date and time when the system energy consumption was calculated for display ...

Page 182: ...rief fluctuations in power or current consumption Power Budgeting The Power Budget screen displays the power threshold limits which cover the range of AC power consumptions a system under heavy workload will present to the datacenter Before a server powers up iDRAC6 provides CMC with its power envelope requirement It may request a smaller power envelope after the server is powered up based on the ...

Page 183: ... workload will present to the datacenter Minimum Potential Power Consumption represents the lowest Power Budget Threshold value Maximum Potential Power Consumption represents the highest Power Budget Threshold value This value is also the current system configuration s absolute maximum power consumption Using RACADM On a managed server open a command line interface and enter racadm getconfig g cfg...

Page 184: ...in Watts and Threshold in BTU hr display the limit in AC Watts and BTU hr respectively Threshold in Percentage of Maximum displays the percentage of power capping range Using RACADM On a managed server open a command line interface and enter To view the Power Budget Threshold data from local RACADM enter the following commands at a command prompt racadm getconfig g cfgServerPower o cfgServerPowerC...

Page 185: ...Power Control Operations by clicking its radio button Power On System turns on the server the equivalent of pressing the power button when the server power is off This option is disabled if the system is already powered on Power Off System turns off the server This option is disabled if the system is already powered off NMI Non Masking Interrupt generates an NMI to halt system operation An NMI sen...

Page 186: ...disabled if the system is already powered off 5 Click Apply A dialog box appears requesting confirmation 6 Click OK to execute the power management action you selected Using RACADM To perform power actions from local RACADM enter the below command at a command prompt racadm serveraction action where action is powerup powerdown powercycle hardreset or powerstatus NOTE For more information about ser...

Page 187: ...SOL are as follows Remotely access operating systems with no timeout Diagnose host systems on Emergency Management Services EMS or Special Administrator Console SAC for Windows or in a Linux shell View the progress of a blade server during POST and reconfigure the BIOS setup program while redirected to a serial port Enabling Serial Over LAN in the BIOS To configure the server for Serial Over LAN t...

Page 188: ...Failsafe Baud Rate is identical to SOL baud rate that is configured on iDRAC6 The default value for both the failsafe baud rate and the iDRAC6 s SOL baud rate setting is 115 2 kbps 6 Ensure that Redirection After Boot is enabled This option enables BIOS SOL redirection across subsequent reboots BIOS has the Remote Terminal Type values VT100 VT220 and ANSI 7 Save the changes and exit The managed se...

Page 189: ... 255 characters respectively Table 11 1 Serial Over LAN Configuration Settings Setting Description Enable Serial Over LAN When selected the checkbox indicates that Serial Over LAN is enabled Baud Rate Indicates the data speed Select a data speed of 9600 bps 19 2 kbps 57 6 kbps or 115 2 kbps Channel Privilege Level Limit Select a privilege level limit for Serial Over LAN Table 11 2 Serial Over LAN ...

Page 190: ...ta packet This parameter is specified in milliseconds Character Send Threshold Specifies the number of characters per SOL data packet As soon as the number of characters accepted by iDRAC6 is equal to or greater than the Character Send Threshold value iDRAC6 starts transmitting SOL data packets that contain numbers of characters equal to or less than the Character Send Threshold value If a packet ...

Page 191: ...OL Proxy The purpose of Serial Over LAN feature is to redirect the serial port of the managed server through iDRAC6 into the console of your management station Model for Redirecting SOL Over Telnet or SSH Telnet port 23 SSH port 22 client WAN connection iDRAC6 server The IPMI based SOL over SSH Telnet implementation eliminates the need for an additional utility because the serial to network transl...

Page 192: ...on to be encrypted The encryption key KG key must contains characters of zero or NULL that can be configured in iDRAC6 Web GUI or in iDRAC6 Configuration Utility You can also wipe out the encryption key by pressing the backspace key so that iDRAC6 will provide NULL characters as the encryption key by default The advantage of using RMCP is improved authentication data integrity checks encryption an...

Page 193: ...r is reassigned 2 Enter the following command at the command prompt to start SOL connect NOTE This connects you to the managed server s serial port Once a SOL session is established successfully iDRAC6 command line console is no longer available to you Follow the escape sequence properly to reach iDRAC6 command line console Quit the SOL session using the command sequence detailed in Disconnecting ...

Page 194: ...This connects you to the managed server s serial port Once a SOL session is established successfully iDRAC6 command line console is no longer available to you Follow the escape sequence properly to reach iDRAC6 command line console Quit the SOL session refer to Disconnecting SOL session in iDRAC6 Command Line Console to close an active SOL session Using SOL over IPMItool The Dell Systems Managemen...

Page 195: ...application such as HyperTerminal on Microsoft Windows or Telnet on Linux can be used to access the daemon s features SOL can be used either in the menu mode or command mode The SOL protocol coupled with the remote system s BIOS console redirection allows administrators to remotely view and change a managed system s BIOS settings over a LAN The Linux serial console and Microsoft s EMS SAC interfac...

Page 196: ...y on Windows operating systems C Program Files Dell SysMgt bmc 32 bit operating system C Program Files x86 Dell SysMgt bmc 64 bit operating system The installation program copies the files to the following locations on Linux Enterprise Operating Systems etc init d SOLPROXY cfg etc SOLPROXY cfg usr sbin dsm_bmu_solproxy32d usr sbin solconfig usr sbin ipmish Initiating the SOL Proxy session For Wind...

Page 197: ...xy32d stop solproxy restart Using Telnet with SOL Proxy This assumes that the SOL Proxy service is already up and running on the management station For Windows 2003 1 Open a command prompt window on your management station 2 Enter the telnet command in the command line and provide localhost as the IP address if the SOL Proxy server is running in the same machine and the port number that you specif...

Page 198: ...onnect to the Remote Server s BMC 2 Configure the Serial Over LAN for the Remote Server 3 Activate Console Redirection 4 Reboot and Activate Console Redirection 5 Help 6 Exit NOTE While multiple SOL sessions can be active at the same time only one console redirection session can be active at any given time for a managed system NOTE To exit an active SOL session use the character sequence This sequ...

Page 199: ...ries If SOL is already enabled the current settings are displayed and you are presented with three choices 1 Disable Serial Over LAN 2 Change Serial Over LAN settings 3 Cancel If SOL is enabled ensure that the SOL baud rate is consistent with the iDRAC s and the minimum iDRAC6 user privilege level of administrator is required for activating console redirection If SOL is currently disabled enter Y ...

Page 200: ...to configure generic Unix like operating systems This configuration is based on default installations of Red Hat Enterprise Linux 5 0 SUSE Linux Enterprise Server 10 SP1 and Windows 2003 Enterprise Linux Enterprise Operating System 1 Edit the etc inittab file to enable hardware flow control and to allow users to log in through the SOL console Add the line below to the end of Run gettys in standard...

Page 201: ...P this part of file Run gettys in standard runlevels 1 2345 respawn sbin migetty tty1 2 2345 respawn sbin migetty tty1 3 2345 respawn sbin migetty tty1 4 2345 respawn sbin migetty tty1 5 2345 respawn sbin migetty tty1 6 2345 respawn sbin migetty tty1 7 2345 respawn sbin agetty h ttyS0 115200 vt220 Run xdm in runlevel 5 x 5 respawn etc X11 prefdm nodaemon ___________________________________________...

Page 202: ..._____________________________ 3 Edit the boot grub grub conf or boot grub menu list file to add boot options for SOL a Comment out the graphical display lines in the various Unix like operating systems splashimage had0 0 grub splash xpm gz in RHEL 5 gfxmenu hda0 5 boot message in SLES 10 b Add the following line before the first title line Redirect OS boot via SOL c Append the following entry to t...

Page 203: ...ns that all kernel and initrd paths are relative to boot eg root hd0 0 kernel vmlinux version ro root dev VolGroup00 LogVol00 initrd initrd version img boot dev sda default 0 timeout 5 splashimage hd0 0 grub splash xpm gz hiddenmenu title Red Hat Enterprise Linux 5 root hd0 0 kernel vmlinuz 2 6 18 8 el5 ro root dev VolGroup00 LogVol00 rhgb quiet initrd initrd 2 6 18 8 el5 img _____________________...

Page 204: ...o root dev VolGroup00 LogVol00 rhgb quiet console tty1 console ttyS0 115200 initrd initrd 2 6 18 8 el5 img ______________________________________________________________ Example of original boot grub menu list in SLES 10 ______________________________________________________________ Modified by YaST2 Last modification on Sat Oct 11 21 52 09 UTC 2008 Default 0 Timeout 8 gfxmenu hd0 5 boot message D...

Page 205: ...inux 2 6 16 46 0 12 bigsmp root dev disk by id scsi 35000c5000155c resume dev sda5 splash silent showopts console tty1 console ttyS0 115200 initrd boot initrd 2 6 16 46 0 12 bigsmp ______________________________________________________________ Windows 2003 Enterprise 1 Find out the boot entry ID by entering bootcfg in the Windows command prompt Locate the boot entry ID for the section with the OS ...

Page 206: ...e optout fastdetect usepmtimer redirect ______________________________________________________________ Example of modified bootcfg setting ______________________________________________________________ Boot Loader Settings timeout 30 default multi 0 disk 0 rdisk 0 partition 1 WINDOWS redirect COM1 redirectbaudrate 115200 Boot Entries Boot entry ID 1 Os Friendly Name Windows Server 2003 Enterprise ...

Page 207: ...ture can be used in conjunction with the Virtual Media feature to perform remote software installations The following rules apply to a console redirection session A maximum of two simultaneous console redirection sessions are supported on each blade Both sessions view the same managed server console simultaneously A console redirection session can not be launched from a Web browser on the managed ...

Page 208: ...s 1 Install and configure a supported Web browser See Supported Web Browsers and Configuring a Supported Web Browser 2 If you are using Firefox or want to use the Java Viewer with Internet Explorer install a Java Runtime Environment JRE See Installing a Java Runtime Environment JRE 3 Dell recommends that you configure your monitor display resolution to 1280x1024 pixels NOTE If you have an active c...

Page 209: ...Redirection is enabled Deselected indicates that Console Redirection is disabled The default is enabled Max Sessions Displays the maximum number of Console Redirection sessions that are possible 1 or 2 Use the drop down menu to change the maximum number of Console Redirection sessions allowed The default is 2 Active Sessions Displays the number of Active Console sessions This field is read only Ke...

Page 210: ...tem NOTE You must select USC Diags in HyperV Dell Diagnostics or USC The default is Windows Console Plug In Type for IE When using Internet Explorer on a Windows operating system you can choose from the following viewers ActiveX The ActiveX Console Redirection viewer Java Java Console Redirection viewer NOTE Depending on your version of Internet Explorer additional security restrictions may need t...

Page 211: ...isk After time_out and in the Control Panel Power Options High Performance Advanced Settings Hard Disk Turnoff Hard Disk After time_out To open a console redirection session in the Web interface perform the following steps 1 Click System and then click the Console Media tab 2 In the Console Redirection screen use the information in Table 12 4 to ensure that a console redirection session is availab...

Page 212: ...ng on a Windows Operating System Java A Java viewer will be launched The Java viewer can be used on any browser including Internet Explorer If your client runs on an operating system other than Windows then you must use the Java Viewer If you are accessing iDRAC6 using Internet Explorer while running on a Windows operating system you may choose either Active X or Java as the plug in type NOTE vKVM...

Page 213: ...Synchronizing the Mouse Pointers Using the Video Viewer The Video Viewer provides a user interface between the management station and the managed server allowing you to see the managed server s desktop and control its mouse and keyboard functions from your management station When you connect to the remote system the Video Viewer starts in a separate window The Video Viewer provides various control...

Page 214: ...o menu Exit When you have finished using the Console and have logged out using the remote system s log out procedure select Exit from the Video menu to close the Video Viewer window Keyboard Hold Right Alt Key Select this item before typing keys you want to combine with the right Alt key Hold Left Alt Key Select this item before typing keys you want to combine with the left Alt key Left Windows Ke...

Page 215: ...n F1 Pause Alt M Alt D Alt PrtScrn M Alt PrtScrn P Keyboard Pass through The Keyboard pass through mode allows all keyboard functions on the client to be redirected to the server Mouse Synchronize Cursor Synchronizes the cursor so that the mouse on the client is redirected to the mouse on the server Hide Local Cursor Only the cursor from the KVM will be displayed Dell recommends this setting when ...

Page 216: ...ff the system Graceful Shutdown Shuts down the system Reset System warm boot Reboots the system without powering it off Power Cycle System cold boot Powers off and then reboots the system Media Virtual Media Wizard The Media menu provides access to the Virtual Media Wizard which allows you to redirect to a device or image such as a Floppy drive CD DVD Image in ISO format USB Flash drive For inform...

Page 217: ...ction screen Disabling or Enabling Local Console You can configure iDRAC6 to disallow iKVM connections using iDRAC6 Web interface When the local console is disabled a yellow status dot appears in the list of servers OSCAR to indicate that the console is locked in iDRAC6 When the local console is enabled the status dot is green If you want to ensure that you have exclusive access to the managed ser...

Page 218: ...er applications to log out of the corresponding session Can a new remote console video session be started when the local video on the server is turned off Yes Why does it take 15 seconds to turn off the local video on the server after requesting to turn off the local video It gives a local user an opportunity to take any action before the video is switched off Is there a time delay when turning on...

Page 219: ...e status in the object cfgRacTuneLocalServerVideo This racadm command can be executed from Telnet SSH or a remote session to the iDRAC6 The remote RACADM command is racadm r idracip u user p password getconfig g cfgRacTuning The status is also seen on the iKVM OSCAR display When the local console is enabled a green status appears next to the server name When disabled a yellow dot indicates that th...

Page 220: ...hronization Ensure that the correct mouse is selected for your operating system before starting a console redirection session Ensure that Synchronize Mouse is checked in the Mouse menu Press Alt M or select Mouse Synchronize mouse to toggle mouse synchronization When synchronization is enabled a check mark appears next to the selection in the Mouse menu Why can t I use a keyboard or mouse while in...

Page 221: ...on from the local host You are configuring a console redirection session from the local system This is not supported If I am running a console redirection session and a local user accesses the managed server do I receive a warning message No If a local user accesses the system you both have control of the system How much bandwidth do I need to run a console redirection session Dell recommends a 5 ...

Page 222: ...222 Using GUI Console Redirection ...

Page 223: ...terprise card slot at the back corner of the system It provides storage space that behaves like a common USB Flash Key device Installing a vFlash Media Card NOTE Dell branded vFlash media is required for the vFlash partition 1 Remove the blade from the chassis 2 Locate the vFlash media slot at the back corner of the system NOTE You do not need to remove the blade cover to install or remove the car...

Page 224: ...present If card is not present the following message displays SD Card not inserted Please insert an SD card of size greater than 256MB 1 Ensure that the vFlash card has been installed 2 Open a supported Web browser window 3 Log in to iDRAC6 Web interface 4 In the system tree select System 5 Click the vFlash tab The vFlash screen appears 6 Select the vFlash Enable check box to enable the vFlash Med...

Page 225: ...ng formatting progress Uploading Disk Image 1 Ensure that the image file has the extension img and that the image is not larger than 256 MB NOTE Though your vFlash card may be larger than 256 MB only 256 MB is accessible at this time vFlash allows you to store emergency boot image and diagnostic tools directly on the vFlash Media The image file can be a DOS bootable floppy image as a img file for ...

Page 226: ... your system 5 Press F11 during POST through the console if the system is at a remote location to select the boot device 6 Select Virtual Flash from the boot list NOTE The image file is a placeholder for an uploaded file image You can create a boot image save it in img format emulating a floppy device format the vFlash and then upload it to the vFlash Viewing the vFlash Key Size The vFlash Key Siz...

Page 227: ... Resetting the vFlash media card with the RACADM command resets the size of the key to 256MB and deletes all existing data NOTE For more information about vmkey see vmkey The RACADM command functions only if a vFlash media card is present If a card is not present the following message is displayed ERROR Unable to perform the requested operation Ensure that a SD Card is inserted ...

Page 228: ...228 Configuring the vFlash Media Card for Use With iDRAC6 ...

Page 229: ...rough the console redirection viewer provides the managed server access to media connected to a remote system on the network Figure 14 1 shows the overall architecture of Virtual Media Figure 14 1 Overall Architecture of Virtual Media Managed Server Management Station Modular Server Remote CD DVD USB Remote Floppy Network ...

Page 230: ...tate virtual devices on the managed system appear as two drives without the media being installed in the drives Table 14 1 lists the supported drive connections for virtual floppy and virtual optical drives NOTE Changing Virtual Media while connected could stop the system boot sequence Windows Based Management Station To run the Virtual Media feature on a management station running the Windows ope...

Page 231: ... controls Download unsigned ActiveX controls 6 Click OK to save any changes and close the Security Settings window 7 Click OK to close the Internet Options window 8 Restart Internet Explorer You must have administrator rights to install ActiveX Before installing the ActiveX control Internet Explorer may display a security warning To complete the ActiveX control installation procedure accept the Ac...

Page 232: ...a Configuration successfully set Table 14 2 Virtual Media Configuration Values Attribute Value Attach Virtual Media Attach Immediately attaches Virtual Media to the server Detach Immediately detaches Virtual Media from the server Auto Attach Attaches Virtual Media to the server only when a virtual media session is started Maximum Sessions Displays the maximum number of Virtual Media sessions allow...

Page 233: ...ou can select one optical drive and one floppy at the same time or a single drive NOTE The virtual device drive letters on the managed server do not coincide with the physical drive letters on the management station Floppy Emulation Indicates whether the Virtual Media appears as a floppy drive or as a USB key to the server If Floppy Emulation is selected the Virtual Media device appears as a flopp...

Page 234: ...dio button next to the media types you want to connect 8 You can select both the Floppy Image radio button and one of the radio buttons in the CD DVD Drive section NOTE When a management station CD DVD media is already in use by iDRAC6 blade the same media can be redirected and made available to another iDRAC6 blade In other words iDRAC6 supports same media Read only redirection to two different i...

Page 235: ...ual drives are enabled and listed in the correct order To change the BIOS setting perform the following steps 1 Boot the managed server 2 Press F2 to enter the BIOS setup window 3 Scroll to the boot sequence and press Enter In the pop up window the virtual optical drives and virtual floppy drives are listed with the standard boot devices 4 Ensure that the virtual drive is enabled and listed as the...

Page 236: ...n to ensure that the BIOS is set to boot from the DVD CD drive from which you are installing 3 Follow the on screen instructions to complete the installation Using Virtual Media When the Server s Operating System Is Running Windows Based Systems On Windows systems the virtual media drives are automounted if they are attached and configured with a drive letter Using the virtual drives from within W...

Page 237: ...t iDRAC6 See Supported Web Browsers for a list of supported Web browsers Why do I sometimes lose my client connection You can sometimes lose your client connection if the network is slow or if you change the CD in the client system CD drive For example if you change the CD in the client system s CD drive the new CD might have an autostart feature If this is the case the firmware can time out and t...

Page 238: ...y Simultaneous access to Virtual Floppy drives is not allowed Close the application used to view the drive contents before you attempt to virtualize the drive How do I configure my virtual device as a bootable device On the managed server access the BIOS Setup and navigate to the boot menu Locate the virtual CD Virtual Floppy or vFlash and change the device boot order as needed For example to boot...

Page 239: ...g command sys a x s where x is the USB key you want to make bootable What file system types are supported on my Virtual Floppy Drive Your Virtual Floppy Drive supports FAT16 or FAT32 file systems When I performed a firmware update remotely using iDRAC6 Web interface my virtual drives at the server were removed Why Firmware updates cause iDRAC6 to reset drop the remote connection and unmount the vi...

Page 240: ...ve 1 Open a Linux command prompt and run the following command grep Virtual Floppy var log messages 2 Locate the last entry to that message and note the time 3 At the Linux prompt run the following command grep hh mm ss var log messages where hh mm ss is the time stamp of the message returned by grep in step 1 4 In step 3 read the result of the grep command and locate the device name that is given...

Page 241: ...et SSH RACADM Local RACADM commands do not use network connections to access iDRAC6 from the managed server This means that you can use local RACADM commands to configure the initial iDRAC6 networking Remote RACADM is a client side utility which can be executed from a management station through the out of band network interface SSH Telnet RACADM is used to refer to the RACADM command usage from a ...

Page 242: ...d clearasrscreen Clears the last crash ASR screen coredump Displays the last iDRAC6 core dump coredumpdelete Deletes the core dump stored in iDRAC6 clrraclog Clears iDRAC6 log After clearing a single entry is made to indicate the user and time that the log was cleared clrsel Clears the managed server s System Event Log entries config Configures iDRAC6 fwupdate Updates iDRAC6 firmware getconfig Dis...

Page 243: ...ting table contents ping6 Verifies that the destination IPv6 address is reachable from iDRAC6 with the current routing table contents A destination IPv6 address is required An ICMP echo packet is sent to the destination IPv6 address based on the current routing table contents racdump Displays status and general iDRAC6 information racreset Resets iDRAC6 racresetcfg Resets iDRAC6 to the default conf...

Page 244: ...orwarded from your system to a destination IPv4 address traceroute6 Traces the network path of routers that packets take as they are forwarded from your system to a destination IPv6 address version Displays iDRAC6 version information vmdisconnect Closes all open iDRAC6 virtual media connections from remote clients vmkey Resets the virtual media key to the default size of 256MB Table 15 2 RACADM Su...

Page 245: ...me getsel getssninfo getsvctag getsysinfo gettracelog help ifconfig krbkeytabupload localconredirdisable netstat ping ping6 racdump racreset racresetcfg remoteimage serveraction Table 15 2 RACADM Subcommand Interface Support continued Subcommand Telnet SSH Local RACADM Remote RACADM ...

Page 246: ...hell prompt setniccfg sshpkauth sslcertdownload sslcertupload sslcertview sslcsrgen can only generate not download sslkeyupload testemail testtrap traceroute traceroute6 usercertupload usercertview version vmdisconnect vmkey Supported Not supported Table 15 2 RACADM Subcommand Interface Support continued Subcommand Telnet SSH Local RACADM Remote RACADM ...

Page 247: ...nd displays the syntax and command line options for the subcommand Using the RACADM Utility to Configure iDRAC6 This section describes how to use RACADM to perform various iDRAC6 configuration tasks Displaying Current iDRAC6 Settings The RACADM getconfig subcommand retrieves current configuration settings from iDRAC6 The configuration values are organized into groups containing one or more objects...

Page 248: ...roperty database A sixteenth user is reserved for the IPMI LAN user Before you manually enable an iDRAC6 user verify if any current users exist To verify if a user exists enter the following command at the command prompt racadm getconfig u username OR enter the following command once for each index from 1 to 16 racadm getconfig g cfgUserAdmin i index NOTE You can also enter racadm getconfig f file...

Page 249: ... o cfgUserAdminPassword i 2 123456 racadm config g cfgUserAdmin o cfgUserAdminPrivilege i 2 0x00000001 racadm config g cfgUserAdmin o cfgUserAdminEnable i 2 1 To verify the new user use one of the following commands racadm getconfig u john racadm getconfig g cfgUserAdmin i 2 Enabling an iDRAC6 User With Permissions To grant a user a specific administrative role based permissions set the cfgUserAdm...

Page 250: ...lete a RAC user racadm config g cfgUserAdmin o cfgUserAdminUserName i index A null string of double quote characters instructs iDRAC6 to remove the user configuration at the specified index and reset the user configuration to the original factory defaults Testing E mail Alerting iDRAC6 e mail alert feature allows users to receive e mail alerts when a critical event occurs on the managed server The...

Page 251: ...orrectly See the testtrap and testemail subcommand descriptions to configure these settings See Configuring Platform Event Traps PET for more information Configuring iDRAC6 Network Properties To generate a list of available network properties enter the following racadm getconfig g cfgLanNetworking To use DHCP to obtain an IP address use the following command to write the object cfgNicUseDhcp and e...

Page 252: ...g g cfgLanNetworking o cfgDNSRacName RAC EK00002 racadm config g cfgLanNetworking o cfgDNSDomainNameFromDHCP 0 racadm config g cfgLanNetworking o cfgDNSDomainName MYDOMAIN NOTE If cfgNicEnable is set to 0 iDRAC6 LAN is disabled even if DHCP is enabled Configuring IPMI Over LAN 1 Configure IPMI over LAN by entering the following command racadm config g cfgIpmiLan o cfgIpmiLanEnable 1 NOTE This sett...

Page 253: ...ons for more information racadm config g cfgIpmiLan o cfgIpmiEncryptionKey key where key is a 20 character encryption key in a valid hexadecimal format 2 Configure IPMI Serial over LAN SOL using the following command racadm config g cfgIpmiSol o cfgIpmiSolEnable 1 NOTE The IPMI SOL minimum privilege level determines the minimum privilege required to activate IPMI SOL For more information see the I...

Page 254: ...rate is 19200 57600 or 115200 bps For example racadm config g cfgIpmiSol o cfgIpmiSolBaudRate 57600 c Enable SOL by typing the following command at the command prompt NOTE SOL can be enabled or disabled for each individual user racadm config g cfgUserAdmin o cfgUserAdminSolEnable 1 i id where id is the user s unique ID Configuring PEF You can configure the action you wish iDRAC6 to take for each p...

Page 255: ...he following command racadm config g cfgIpmiPet o cfgIpmiPetAlertEnable i index 0 1 where index is the PET destination index and 0 or 1 disable PET or enable PET respectively For example to enable PET with index 4 enter the following command racadm config g cfgIpmiPet o cfgIpmiPetAlertEnable i 4 1 3 Configure your PET policy using the following command racadm config g cfgIpmiPet o cfgIpmiPetAlertD...

Page 256: ...igure your e mail settings by entering the following command racadm config g cfgEmailAlert o cfgEmailAlertAddress i 1 email address where 1 is the e mail destination index and email address is the destination e mail address that receives the platform event alerts 4 To configure the SMTP e mail server enter the following command racadm config g cfgRemoteHosts o cfgRhostsSmtpServerIpAddr SMTP E mail...

Page 257: ...de this range receive an error The login proceeds if the following expression equals zero cfgRacTuneIpRangeMask incoming IP address cfgRacTuneIpRangeAddr where is the bitwise AND of the quantities and is the bitwise exclusive OR See cfgRacTuning for a complete list of cfgRacTuning properties Table 15 5 IP Address Filtering IPRange Properties Property Description cfgRacTuneIpRangeEnable Enables the...

Page 258: ... config g cfgRacTuning o cfgRacTuneIpRangeEnable 1 racadm config g cfgRacTuning o cfgRacTuneIpRangeAddr 192 168 0 57 racadm config g cfgRacTuning o cfgRacTuneIpRangeMask 255 255 255 255 2 To restrict logins to a small set of four adjacent IP addresses for example 192 168 0 212 through 192 168 0 215 select all but the lowest two bits in the mask as shown below racadm config g cfgRacTuning o cfgRacT...

Page 259: ...rom a particular IP address and blocks or prevents the address from logging in to iDRAC6 for a preselected time span The IP blocking features include The number of allowed login failures cfgRacTuneIpBlkFailcount The time frame in seconds during which these failures must occur cfgRacTuneIpBlkFailWindow The amount of time in seconds that the blocked IP address is prevented from establishing a sessio...

Page 260: ...IP Blocking Properties Property Definition cfgRacTuneIpBlkEnable Enables the IP blocking feature When consecutive failures cfgRacTuneIpBlkFailCount from a single IP address are encountered within a specific amount of time cfgRacTuneIpBlkFailWindow all further attempts to establish a session from that address are rejected for a certain time span cfgRacTuneIpBlkPenaltyTime cfgRacTuneIpBlkFailCount S...

Page 261: ...ute the commands in this section NOTE When you reconfigure Telnet or SSH settings in iDRAC6 any current sessions are terminated without warning To enable Telnet and SSH from the local RACADM log in to the managed server and enter the following commands at a command prompt racadm config g cfgSerial o cfgSerialTelnetEnable 1 racadm config g cfgSerial o cfgSerialSshEnable 1 To disable the Telnet or S...

Page 262: ...addition to the Telnet and SSH sessions iDRAC6 can simultaneously support four SSH sessions and four Telnet sessions in addition to the four RACADM sessions NOTE Configure the IP address on your iDRAC6 before using the RACADM remote capability NOTE If the system from where you are accessing the remote system does not have an iDRAC6 certificate in its default certificate store a message is displaye...

Page 263: ...e racadm r 192 168 0 120 u root p calvin getsysinfo racadm i r 192 168 0 120 getsysinfo If the HTTPS port number of iDRAC6 has been changed to a custom port other than the default port 443 the following syntax must be used racadm r iDRAC6 IP Address port u username p password subcommand subcommand options racadm i r iDRAC6 IP Address port subcommand subcommand options Remote RACADM Options Table 1...

Page 264: ...ated with a text editor Obtained from iDRAC6 with the RACADM getconfig subcommand Obtained from iDRAC6 with the RACADM getconfig subcommand and then edited To obtain a configuration file with the RACADM getconfig command enter the following command racadm r remote iDRAC6 IP u user p password getconfig f myconfig cfg u usrName Specifies the user name that is used to authenticate the command transac...

Page 265: ...s must be surrounded by and characters The starting character denoting a group name must start in column one This group name must be specified before any of the objects in that group Objects that do not include an associated group name generate an error The configuration data is organized into groups as defined in iDRAC6 Enterprise Property Database Group and Object Definitions The following examp...

Page 266: ...entified by two characters directs iDRAC6 to delete the index for the specified group To view the contents of an indexed group use the following command racadm getconfig g groupName i index For indexed groups the object anchor must be the first object after the pair The following are examples of the current indexed groups cfgUserAdmin cfgUserAdminUserName username If the parser encounters an index...

Page 267: ...es are full and you must add a new user Modifying iDRAC6 IP Address in a Configuration File When you modify iDRAC6 IP address in the configuration file remove all unnecessary variable value entries Only the actual variable group s label with and remains including the two variable value entries pertaining to the IP address change For example Object Group cfgLanNetworking cfgLanNetworking cfgNicIpAd...

Page 268: ...r is available other users settings are also reset to the default settings Before you execute the racadm config f filename command you can run the racresetcfg subcommand to reset iDRAC6 to its default settings Ensure that the configuration file you will load includes all desired objects users indexes and other parameters To update iDRAC6 with the configuration file execute the following command ra...

Page 269: ...configuration file you created in the previous step and remove or comment out any settings you do not want to replicate 3 Copy the edited configuration file to a network drive where it is accessible to each managed server whose iDRAC6 you want to configure 4 For each iDRAC6 you want to configure a Log in to the managed server and start a command prompt b If you want to reconfigure iDRAC6 from the ...

Page 270: ...270 Using the RACADM Command Line Interface ...

Page 271: ...of components The SMWG SM CLP is a subcomponent of the overall SMASH efforts driven by DMTF SM CLP provides a subset of the functionality provided by the local RACADM command line interface but with a different access path SM CLP executes within iDRAC6 while RACADM executes on the managed server Also RACADM is a Dell proprietary interface where SM CLP is an industry standard interface NOTE For inf...

Page 272: ...ization The following sections provide an overview of the SM CLP feature that is hosted from iDRAC6 NOTE If you have established a SMASH session through Telnet SSH and the SMASH session is not closed successfully due to the network getting disconnected a message indicating that you have reached the maximum connections may be displayed To resolve this terminate the SMASH session in the Web GUI unde...

Page 273: ... on which the operation is performed The following is the syntax of the SM CLP command line verb options target properties Table 16 1 provides a list of the verbs iDRAC6 CLI supports the syntax of each command and a list of the options the verb supports Table 16 1 Supported SM CLP CLI Verbs Verb Description Options cd Navigates through the managed system address space using the shell Syntax cd opt...

Page 274: ...ue examine help output version show Displays the target properties verbs and subtargets Syntax show options target property name value all default display examine help level output version start Starts a target Syntax start options target examine force help output version stop Shuts down a target Syntax stop options target examine force help output version wait version Displays the version attribu...

Page 275: ...e command output Syntax display properties targets verbs properties targets verbs examine x Instructs the command processor to validate the command syntax without executing the command help h Displays help for the verb level l Instructs the verb to operate on targets at additional levels beneath the specified target Syntax level n all output o Specifies the format for the output Syntax output form...

Page 276: ...to the third record in the System Event Log SEL enter the following command cd admin1 system1 logs1 log1 record3 Enter the cd verb with no target to find your current location in the address space The and abbreviations work as they do in Windows and Linux refers to the parent level and refers to the current level Targets For a list of targets available through the SM CLP see the SM CLP mapping doc...

Page 277: ...csv keyword and clpxml The default format is text and is the most readable output The clpcsv format is a comma separated values format suitable for loading into a spreadsheet program The keyword format outputs information as a list of keyword value pairs one per line The clpxml format is an XML document containing a response XML element The DMTF has specified the clpcsv and clpxml formats and thei...

Page 278: ... MAP Target Navigation Table 16 5 provides examples of using the cd verb to navigate the MAP In all examples the initial default target is assumed to be Table 16 3 Server Power Management Operations Operation Syntax Logging in to iDRAC6 using the SSH interface ssh 192 168 0 120 login root password Enter smclp to start the SM CLP console Power down the server stop admin1 system1 system1 successfull...

Page 279: ...ties verbs admin1 system1 logs1 log1 Might return Targets record1 record2 Properties OverwritePolicy 7 LogState 4 CurrentNumberOfRecords 60 MaxNumberOfRecords 512 ElementName Record Log 1 HealthState 5 EnabledState 2 RequestedState 12 EnabledDefault 2 TransitioningToState 12 InstanceID DCIM SEL Log OperationalStatus 2 Verbs show exit version cd help ...

Page 280: ...IPMI_OwnerLUN IPMI_OwnerID I PMI_RecordID IPMIRecordType IPMI_TimeStamp IPMI _GeneratorID IPMI_EvMRev IPMI_SensorType IPMI_S ensorNumber IPMI_AssertionEvent IPMI_EventType IPMI_EventData1 IPMI_EventData2 IPMI_EventData3 IANA Description 0 Assert OEM specific ElementName DCIM System Event Log Entry InstanceID DCIM SEL LOG 4 LogInstanceID idrac Unknown Unknown SEL Log LogName DCIM System Event Log E...

Page 281: ...vigation Operations Operation Syntax Navigate to the system target and reboot cd admin1 system1 reset NOTE The current default target is Navigate to the SEL target and display the log records cd admin1 cd system1 cd logs1 cd log1 show is equivalent to cd admin1 system1 logs1 log1 show Display current target cd Move up one level cd Exit the shell exit Table 16 4 SEL Management Operations continued ...

Page 282: ...following command show d properties admin1 system1 sp1 availablesw1 swid1 4 Enter the following command load source tftp tftp server update path admin1 system1 sp1 where tftp server is the DNS name or IP address of your TFTP server and update path is the path to the update package on the TFTP server Your Telnet or SSH session will be terminated You may need to wait several minutes for the firmware...

Page 283: ...domain or area of functionality Additionally Dell has defined a number of model and profile extensions that provide interfaces for additional capabilities The data available through WS MAN is provided by the iDRAC6 instrumentation interface mapped to the DMTF profiles and Dell extension profiles WS Management Features The WS Management specification promotes interoperability between management app...

Page 284: ...hould be used if the devices are to be managed as USB devices 5 Physical Asset Defines CIM classes for representing the physical aspect of the managed elements iDRAC6 uses this profile to represent the host server s and its component s FRU information as well as the physical topology 6 SM CLP Admin Domain Defines CIM classes for representing CLP s configuration iDRAC6 uses this profile for its own...

Page 285: ...ofile for inventory of updates of the firmware through the TFTP protocol 16 SMASH Collections Defines CIM classes for representing CLP s configuration iDRAC6 uses this profile for its own implementation of CLP 17 Profile Registration Defines CIM classes for advertising the profile implementations iDRAC6 uses this profile to advertise its own implemented profiles as described in this table 18 Simpl...

Page 286: ... Enterprise Technology Center at www delltechcenter com For more information also see the following DTMF Web site www dmtf org standards profiles WS MAN release notes or Readme file 2 Dell Virtual Media Defines CIM and Dell extension classes for configuring iDRAC6 Virtual Media Extends USB Redirection Profile 3 Dell OS Deployment Defines CIM and Dell extension classes for representing the configur...

Page 287: ...ork This section provides information on integrating the iVMCLI utility into your corporate network Before You Begin Before using the iVMCLI utility ensure that your targeted remote systems and corporate network meet the requirements listed in the following sections Remote System Requirements iDRAC6 is configured in each remote system Network Requirements A network share must contain the following...

Page 288: ...if dev sdc0 of mycd img Creating an Image File for Windows Systems When choosing a data replicator utility for Windows image files select a utility that copies the image file and the CD DVD boot sectors Preparing for Deployment Configuring the Remote Systems 1 Create a network share that can be accessed by the management station 2 Copy the operating system files to the network share 3 If you have ...

Page 289: ...d state when using the ivmdeploy script Deploying the Operating System Use the iVMCLI utility and the ivmdeploy script included with the utility to deploy the operating system to your remote systems Before you begin review the sample ivmdeploy script included with the iVMCLI utility The script shows the detailed steps needed to deploy the operating system to remote systems in your network The foll...

Page 290: ...bed for the iVMCLI utility The ivmdeploy script supports installation only from a CD DVD or a CD DVD ISO9660 image If you need to install from a floppy disk or a floppy disk image you can modify the script to use the iVMCLI f option Using the Virtual Media Command Line Interface Utility The Virtual Media Command Line Interface iVMCLI utility is a scriptable command line interface that provides vir...

Page 291: ...AC6 in the remote system and run the utility Installing the iVMCLI Utility The iVMCLI utility is located on the Dell Systems Management Tools and Documentation DVD which is included with your Dell OpenManage System Management Software Kit To install the utility insert the DVD into your system and follow the on screen instructions NOTE The iVMCLI utility is only supported with IPv4 addresses The De...

Page 292: ...I connection terminates for any reason The process is manually terminated using an operating system control For example in Windows you can use the Task Manager to terminate the process iVMCLI Parameters iDRAC6 IP Address r iDRAC IP address iDRAC SSL port This parameter provides iDRAC6 IP address and SSL port which the utility needs to establish a Virtual Media connection with the target iDRAC6 If ...

Page 293: ...ce file name including the mountable file system partition number if applicable for Linux systems and image file is the filename and path of a valid image file This parameter specifies the device or file to supply the virtual floppy disk media For example an image file is specified as f c temp myfloppy img Windows system f tmp myfloppy img Linux system If the file is not write protected Virtual Me...

Page 294: ...ROM media For example an image file is specified as c c temp mydvd img Windows systems c tmp mydvd img Linux systems For example a device is specified as c d Windows systems c dev cdrom Linux systems Omit this parameter from the command line if you are not virtualizing CD DVD media If an invalid value is detected an error message is listed and the command terminates Specify at least one media type...

Page 295: ...he data transfer is not encrypted iVMCLI Operating System Shell Options The following operating system features can be used in the iVMCLI command line stderr stdout redirection Redirects any printed utility output to a file For example using the greater than character followed by a filename overwrites the specified file with the printed output of the iVMCLI utility NOTE The iVMCLI utility does not...

Page 296: ... program terminates When multiple iVMCLI instances are started in this way and one or more of the command instances must be manually terminated use the operating system specific facilities for listing and terminating processes iVMCLI Return Codes 0 No error 1 Unable to connect 2 iVMCLI command line error 3 RAC firmware connection dropped English only text messages are also issued to standard error...

Page 297: ...ure LAN parameters Enable disable or cancel System Services Attach or detach the Virtual Media devices Change the administrative username and password Reset iDRAC6 configuration to the factory defaults View System Event Log SEL messages or clear messages from the log The tasks you can perform using iDRAC6 Configuration Utility can also be performed using other utilities provided by iDRAC6 or Dell ...

Page 298: ...iguration Utility provide information about iDRAC6 firmware and primary backplane firmware revisions The revision levels can be useful in determining whether a firmware upgrade is needed iDRAC6 firmware is the portion of the firmware concerned with external interfaces such as the Web interface SM CLP and Web interfaces The primary backplane firmware is the portion of the firmware that interfaces w...

Page 299: ...rection and virtual media If you choose to disable the LAN the following warning displays iDRAC Out of Band interface will be disabled if the LAN Channel is OFF The message informs you that in addition to facilities that you access by connecting to iDRAC6 HTTP HTTPS Telnet or SSH ports directly out of band management network traffic such as IPMI messages sent to iDRAC6 from a management station ar...

Page 300: ...ster iDRAC Name is set to On press Enter to edit the Current DNS iDRAC Name text field Press Enter when you have finished editing iDRAC6 name Press Esc to return to the previous menu iDRAC6 name must be a valid DNS host name Domain Name from DHCP Select On if you want to obtain the domain name from a DHCP service on the network Select Off if you want to specify the domain name Domain Name If Domai...

Page 301: ...s When Static is selected the Ethernet IP Address Subnet Mask and Default Gateway items become editable Ethernet IP Address If the IP Address Source is set to DHCP this field displays the IP address obtained from DHCP If the IP Address Source is set to Static enter the IP address you want to assign to iDRAC6 The default is 192 168 0 120 Subnet Mask If the IP Address Source is set to DHCP this fiel...

Page 302: ...s set to Static enter the IP address you want to assign to iDRAC6 Prefix Length Configures the Prefix length of the IPv6 address It can be a value between 1 an 128 inclusive Default Gateway If the IP Address Source is set to AutoConfig this field displays the IP address of the default gateway obtained from DHCP If the IP Address Source is set to Static enter the IP address of the default gateway I...

Page 303: ...h Drive appears as a floppy drive to the system VFlash Use the left arrow and right arrow keys to select Enabled or Disabled Enabled Disabled causes a Detach and an Attach of all Virtual Media devices from the USB bus Disabled causes the vFlash to be removed and to become unavailable for use NOTE This field will be read only if an SD card of a size larger than 256 MB is not present on iDRAC6 Expre...

Page 304: ...NOTE Modifying this option restarts the server when you Save and Exit to apply the new settings Cancel System Services Use the left arrow and right arrow keys to select Yes or No When you select Yes all Lifecycle Controller sessions are closed and the server restarts when you Save and Exit to apply the new settings LAN User Configuration The LAN user is iDRAC6 administrator account which is root b...

Page 305: ...tials specified in the discovery process and then send the secure instructions to iDRAC6 to deploy an operating system remotely For information on remote operating system deployment see the Dell Lifecycle Controller User Guide available on the Dell Support website at support dell com manuals Do the following prerequisite actions in a separate iDRAC6 Configuration Utility session before manually en...

Page 306: ...ol DHCP server Domain Name System DNS are configured Provisioning Web services is installed configured and registered Account Access Select Enabled to enable the administrator account Select Disabled to disable the administrator account IPMI LAN Privilege Select between Admin User Operator and No Access Account User Name Press Enter to edit the user name and press Esc when you have finished The de...

Page 307: ...Log and press Enter To navigate Use the left arrow key to move to the previous older message and the right arrow key to move to the next newer message Enter a specific record number to jump to that record Press Esc to exit the System Event Log NOTE You can only clear the SEL in iDRAC6 Configuration Utility or in iDRAC6 Web interface To clear the SEL select Clear System Event Log and press Enter Wh...

Page 308: ...308 Using iDRAC6 Configuration Utility ...

Page 309: ...ions Answers to typical situations you may encounter Safety First For You and Your System To perform certain procedures in this section you must work with the chassis the PowerEdge system or other hardware modules Do not attempt to service the system hardware except as explained in this guide and elsewhere in your system documentation CAUTION Many repairs may only be done by a certified service te...

Page 310: ...ve been detected in the system A blinking amber LED on the LCD indicates that one or more fault conditions have been detected If the chassis LCD has a blinking amber LED you can use the LCD menu to locate the component that has a fault See the Dell Chassis Management Controller Firmware User Guide for help using the LCD Table 20 1 describes the meanings of the LED on the PowerEdge system Table 20 ...

Page 311: ...ry replacing hard drives or USB keys Reconnect or replace the power and network cables If these steps do not correct the problem consult the Hardware Owner s Manual for specific troubleshooting information for the hardware device Other Trouble Indicators Table 20 2 Trouble Indicators Look for Action Alert messages from the systems management software See the systems management software documentati...

Page 312: ...g Viewing system information Identifying the managed server in the chassis Using the diagnostics console Managing power on a remote system Checking the System Health When you log in to iDRAC6 Web interface the first screen displayed describes the health of the system components Table 20 3 describes the meaning of the system health indicators Table 20 3 System Health Indicators Indicator Descriptio...

Page 313: ... Event Log to display the System Event Log screen The System Event Log screen displays a system health indicator see Table 20 3 a time stamp and a description of the event 3 Click the appropriate System Event Log button to continue see Table 20 4 Table 20 4 SEL Buttons Button Action Print Prints the SEL in the sort order that it appears in the window Clear Log Clears the SEL NOTE The Clear Log but...

Page 314: ...utton to continue see Table 20 5 Viewing the Last System Crash Screen NOTE The last crash screen feature must be configured in the Server Administrator and in iDRAC6 Web interface See Configuring the Managed Server to Capture the Last Crash Screen for instructions on configuring this feature The Last Crash Screen screen displays the most recent crash screen which includes information about the eve...

Page 315: ...ot screens occurs at a rate of 1 frame per second iDRAC6 records fifty frames during boot time Table 20 7 lists the available control actions NOTE You must have administrator privileges to view playback of the Boot Capture sequences Table 20 6 Last Crash Screen Buttons Button Action Print Prints the Last Crash Screen screen Save Opens a pop up window that enables you to save the Last Crash Screen ...

Page 316: ...lay Starts the screenplay from current screen in the replay console Pause Pauses the screenplay on the current screen being displayed in the replay console Stop Stops the screenplay and loads the first screen of that boot sequence Next Screen Takes you to next screen if any in the replay console Print Prints the Boot Capture image that appears on the screen Refresh Reloads the Boot Capture screen ...

Page 317: ...tate asserted was asserted Voltage out of range Critical CPU number voltage sensor name Voltage sensor for CPU number state asserted was asserted Voltage out of range Critical CPU number Status Processor sensor for CPU number IERR was asserted CPU failure Critical CPU number Status Processor sensor for CPU number thermal tripped was asserted CPU overheated Critical CPU number Status Processor sens...

Page 318: ...d Storage drive failed Critical System Board PFault Fail Safe Voltage sensor for System Board state asserted was asserted This event is generated when the system board voltages are not at normal levels Critical System Board OS Watchdog Watchdog sensor for System Board timer expired was asserted iDRAC6 watchdog timer expired and no action is set Critical System Board OS Watchdog Watchdog sensor for...

Page 319: ...e ECC error was detected Critical I O Channel Chk Critical Event sensor I O channel check NMI was asserted A critical interrupt is generated in the I O Channel Critical PCI Parity Err Critical Event sensor PCI PERR was asserted Parity error was detected on the PCI bus Critical PCI System Err Critical Event sensor PCI SERR Slot number or PCI Device ID was asserted PCI error detected by device Criti...

Page 320: ...e is no longer redundant Critical Memory Mirrored Memory sensor redundancy lost DIMM Location was asserted Mirrored memory is no longer redundant Critical Memory RAID Memory sensor redundancy lost DIMM Location was asserted RAID Memory is no longer redundant Warning Memory Added Memory sensor presence DIMM Location was deasserted Added memory module was removed Warning Memory Removed Memory sensor...

Page 321: ...mory installed No memory detected on board Critical POST Err POST sensor Memory configuration error Memory detected but is not configurable Critical POST Err POST sensor Unusable memory error Memory configured but not usable Critical POST Err POST sensor Shadow BIOS failed System BIOS shadow failure Critical POST Err POST sensor CMOS failed CMOS failure Critical POST Err POST sensor DMA controller...

Page 322: ...d Dell Remote Access Controller configuration failure Critical POST Err POST sensor CPU configuration failed CPU configuration failure Critical POST Err POST sensor Incorrect memory configuration Incorrect memory configuration Critical POST Err POST sensor POST failure General failure after video Critical Hdwar version err Version Change sensor hardware incompatibility was asserted Incompatible ha...

Page 323: ...sserted Failed to update link tuning setting for proper NIC operation Warning Link Tuning Version Change sensor successful hardware change device slot number was deasserted Failed to update link tuning setting for proper NIC operation Critical LinkT FlexAddr Link Tuning sensor failed to program virtual MAC address Bus Device Function was asserted FlexAddress could not be programmed for this device...

Page 324: ...tical LinkT FlexAddr Link Tuning sensor device option ROM failed to support link tuning or FlexAddress Mezz XX was asserted This event is generated when the PCI device Option ROM for a NIC does not support link tuning or the Flex addressing feature Critical LinkT FlexAddr Link Tuning sensor failed to program the virtual MAC address location was asserted This event is generated when the BIOS fails ...

Page 325: ...ommunicate with the managed server the time is displayed as the string System Boot Source The interface that caused the event Description A brief description of the event and the user name that logged in to iDRAC6 Table 20 10 iDRAC6 Log Buttons Button Action Print Prints iDRAC6 Log screen Clear Log Clears iDRAC6 Log entries NOTE The Clear Log button only appears if you have Clear Logs permission S...

Page 326: ...Access iDRAC6 Troubleshooting 2 On the Identify screen select Identify Server 3 In the Identify Server Timeout field enter the number of seconds that you want the LED to blink Enter 0 if you want the LED to remain flashing until you disable it 4 Click Apply A blue LED on the server will flash for the number of seconds you specified If you entered 0 to leave the LED flashing follow these steps to d...

Page 327: ...of the network interface table netstat Prints the content of the routing table ping IP Address Verifies that the destination IP address is reachable from iDRAC6 with the current routing table contents A destination IP address must be entered in the field to the right of this option An Internet control message protocol ICMP echo packet is sent to the destination IP address based on the current rout...

Page 328: ...tem which causes the system to halt operation to allow for critical diagnostic or troubleshooting activities Graceful Shutdown Attempts to cleanly shut down the operating system then powers off the system It requires an ACPI Advanced Configuration and Power Interface aware operating system which allows for system directed power management NOTE A graceful shutdown of the server operating system may...

Page 329: ...signal to help them identify the server in the chassis See Identifying the Managed Server in the Chassis for information about this feature How can I find the IP address of iDRAC6 From the CMC Web interface 1 Click Chassis Servers then click the Setup tab 2 Click Deploy 3 Read the IP address for your server from the table that is displayed From the iKVM Reboot the server and enter iDRAC6 Configura...

Page 330: ...55 255 255 0 Gateway 192 168 0 1 From local RACADM Enter the following command at a command prompt racadm getsysinfo From the LCD 1 On the Main Menu highlight Server and press the check button 2 Select the server whose IP address you seek and press the check button Table 20 13 Frequently Asked Questions Troubleshooting continued Question Answer ...

Page 331: ...168 0 120 Static Subnet Mask 255 255 255 0 Static Gateway 192 168 0 1 Current IP Address 10 35 155 151 Current Subnet Mask 255 255 255 0 Current Gateway 10 35 155 1 Speed Autonegotiate Duplex Autonegotiate NOTE The above action can also be performed with remote RACADM iDRAC6 network connection is not working Ensure that the LAN cable is connected to the CMC Ensure that NIC settings IPv4 or IPv6 se...

Page 332: ... the security popup from appearing every time you begin a console redirection session add iDRAC6 to the trusted site list in the client browser 1 Click Tools Internet Options Security Trusted sites 2 Click Sites and enter the IP address or the DNS name of iDRAC6 3 Click Add 4 Click Custom Level 5 In the Security Settings window select Prompt under Download unsigned ActiveX Controls When I start a ...

Page 333: ...This can happen if any of the following conditions is true Memory is not installed or is inaccessible The CPU is not installed or is inaccessible The video riser card is missing or improperly connected Also look for error messages in iDRAC6 log from iDRAC6 Web interface or from the LCD Table 20 13 Frequently Asked Questions Troubleshooting continued Question Answer ...

Page 334: ...334 Recovering and Troubleshooting the Managed System ...

Page 335: ...AUTION Some RACADM commands described in this chapter are not available with OpenManage version 6 1 release Support will be added in OpenManage version 6 2 release help Table A 1 describes the help command Synopsis racadm help racadm help subcommand Description The help subcommand lists all of the subcommands that are available when using the racadm command along with a one line description You ma...

Page 336: ...cribes the config subcommand Synopsis racadm config c p f filename racadm config g groupName o objectName i index value Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM Description The config subcommand allows you to set iDRAC6 configuration parameters individually or to batch them as part of a configuration file If the data is different that iDRAC6 object is written with the new ...

Page 337: ...t contain data in the format specified in Configuration File Syntax on page 265 p The p or password option directs config to delete the password entries contained in the config file f filename after the configuration is complete g The g groupName or group option must be used with the o option The groupName specifies the group containing the object that is to be set o The o objectName value or obje...

Page 338: ... getconfig subcommand allows you to retrieve iDRAC6 configuration parameters individually or all iDRAC6 configuration groups may be retrieved and saved into a file Input Table A 4 describes the getconfig subcommand options NOTE The f option without a file specification will output the contents of the file to the terminal screen Table A 4 getconfig Subcommand Options Option Description f The f file...

Page 339: ...acadm cfg files If the group is an indexed group use the i option h The h or help option displays a list of all available configuration groups that you can use This option is useful when you do not remember exact group names i The i index or index option is valid only for indexed groups and can be used to specify a unique group If i index is not specified a value of 1 is assumed for groups which a...

Page 340: ...roup instance at index 2 with extensive information for the property values Synopsis racadm getconfig f filename racadm getconfig g groupName i index racadm getconfig u username racadm getconfig h racadm getconfig g groupName o objectName Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM getssninfo Table A 5 describes the getssninfo subcommand Table A 5 getssninfo Subcommand Subcom...

Page 341: ...urns only IPv4 information Remote RACADM telnet ssh RACADM Input Table A 6 describes the getssninfo subcommand options Examples racadm getssninfo Table A 7 provides an example of output from the racadm getssninfo command Table A 6 getssninfo Subcommand Options Option Description A The A option eliminates the printing of data headers u The u username user name option limits the printed output to on...

Page 342: ... A 4 6 Description The getsysinfo subcommand displays information related to iDRAC6 the managed server and the watchdog configuration Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM Input Table A 9 describes the getsysinfo subcommand options Table A 7 getssninfo Subcommand Output Example User IP Address Type Consoles root 192 168 0 10 Telnet Virtual KVM Table A 8 getsysinfo Comma...

Page 343: ...Firmware Update Fri Aug 14 17 08 09 2009 Hardware Version 0 0 MAC Address 00 1d 09 ff da 23 Common settings Register DNS RAC Name 0 DNS RAC Name iDRAC Current DNS Domain us dell com Domain Name from DHCP 1 Table A 9 getsysinfo Subcommand Options Option Description d Displays iDRAC6 information s Displays system information w Displays watchdog information A Eliminates the printing of headers labels...

Page 344: ...er 2 10 32 60 5 DNS Servers from DHCP 1 IPv6 settings Enabled 0 Current IP Address 1 Current IP Gateway Prefix Length 64 Autoconfig 0 Link Local IP Address Current IP Address 2 Current IP Address 3 Current IP Address 4 Current IP Address 5 Current IP Address 6 Current IP Address 7 Current IP Address 8 Current IP Address 9 Current IP Address 10 Current IP Address 11 Current IP Address 12 Current IP...

Page 345: ...on System Model System BIOS Version BMC Firmware Version 02 20 Service Tag Host Name OS Name Power Status ON Watchdog Information Recovery Action None Present countdown value 0 seconds Initial countdown value 0 seconds Embedded NIC MAC Addresses NIC1 Ethernet N A iSCSI1 N A NIC2 Ethernet N A iSCSI2 N A NI32 Ethernet N A iSCSI3 N A NIC4 Ethernet N A iSCSI4 N A ...

Page 346: ... countdown value 0 seconds Restrictions The Hostname and OS Name fields in the getsysinfo output display accurate information only if Dell OpenManage Server Administrator is installed on the managed server If it is not installed on the managed server these fields may be blank or inaccurate An exception to this are VMware operating system names which are displayed even if Server Administrator is no...

Page 347: ...s which is the same format returned by the UNIX date command Output The getractime subcommand displays the output on one line Sample Output racadm getractime Thu Dec 8 20 15 26 2005 racadm getractime d 20071208201542 000000 Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM setniccfg Table A 11 describes the setniccfg subcommand Table A 11 setniccfg Subcommand Definition setniccfg S...

Page 348: ...ied Otherwise the existing static settings are used ipAddress netmask and gateway must be entered as dot separated strings racadm setniccfg s 192 168 0 120 255 255 255 0 192 168 0 1 The o option disables the NIC completely ipAddress netmask and gateway must be entered as dot separated strings racadm setniccfg o 192 168 0 120 255 255 255 0 192 168 0 1 Output The setniccfg subcommand displays an app...

Page 349: ...ppropriate error message if the operation is not successful Otherwise on success the output is displayed in the following format IPv4 settings NIC Enabled 1 DHCP Enabled 1 IP Address 10 35 0 64 Subnet Mask 255 255 255 0 Gateway 10 35 0 1 IPv6 settings IPv6 Enabled 0 DHCP6 Enabled 0 IP Address 1 Prefix Length 64 Gateway Link Local Address Table A 12 getniccfg Subcommand Definition getniccfg Display...

Page 350: ...ddress 12 IP Address 13 IP Address 14 IP Address 15 NOTE IPv6 information is displayed only if iDRAC6 supports IPv6 Supported Interfaces Local RACADM returns only IPv4 information Remote RACADM telnet ssh RACADM getsvctag Table A 13 describes the getsvctag subcommand Synopsis racadm getsvctag Table A 13 getsvctag Subcommand Definition getsvctag Displays a service tag ...

Page 351: ...mand NOTE When you issue a racreset subcommand iDRAC6 may require up to two minutes to return to a usable state Synopsis racadm racreset Description The racreset subcommand issues a reset to iDRAC6 The reset event is written into iDRAC6 log Examples racadm racreset Start iDRAC6 soft reset sequence Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM Table A 14 racreset Subcommand Defi...

Page 352: ...RAC6 configuration disables DHCP and resets iDRAC6 configuration to the default settings After reset the default name and password are root and calvin respectively and the IP address is 192 168 0 120 plus the number of the slot the server inhabits in the chassis serveraction Table A 16 describes the serveraction subcommand Table A 15 racresetcfg Subcommand Definition racresetcfg Resets the entire ...

Page 353: ...aces Local RACADM Remote RACADM telnet ssh RACADM getraclog Table A 18 describes the racadm getraclog command Table A 17 serveraction Subcommand Options String Definition action Specifies the action The action string options are powerdown Powers down the managed server powerup Powers up the managed server powercycle Issues a power cycle operation on the managed server This action is similar to pre...

Page 354: ...ary 1 and increases until the managed server boots After the managed server boots the managed server s system time is used for the timestamp Table A 18 getraclog Command Definition getraclog i Displays the number of entries in iDRAC6 log getraclog Displays iDRAC6 log entries Table A 19 getraclog Subcommand Options Option Description A Displays the output with no headers or labels c Provides the ma...

Page 355: ...DM clrraclog Synopsis racadm clrraclog Description The clrraclog subcommand removes all existing records from iDRAC6 log A new single record is created to record the date and time when the log was cleared getsel Table A 20 describes the getsel command Synopsis racadm getsel i Table A 20 getsel Command Definition getsel i Displays the number of entries in the System Event Log getsel Displays SEL en...

Page 356: ... Severity Ok Description System Board SEL event log sensor for System Board log cleared was asserted Supported Interfaces Local RACADM Remote RACADM Table A 21 getsel Subcommand Options Option Description A Specifies output with no display headers or labels c Provides the maximum count of entries to be returned o Displays the output in a single line s Specifies the starting record used for the dis...

Page 357: ...sh RACADM gettracelog Table A 22 describes the gettracelog subcommand Synopsis racadm gettracelog i racadm gettracelog A o c count s startrecord m Description The gettracelog without the i option command reads entries The following gettracelog entries are used to read entries Table A 22 gettracelog Command Definition gettracelog i Displays the number of entries in the iDRAC trace log gettracelog D...

Page 358: ... 08 21 30 Source ssnmgrd 175 Description root from 143 166 157 103 session timeout sid 0be0aef4 Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM Table A 23 gettracelog Subcommand options Option Description i Displays the number of entries in the iDRAC trace log m Displays one screen at a time and prompts the user to continue similar to the UNIX more command o Displays the output i...

Page 359: ...s not specified the filename defaults to sslcsr in your current directory If no options are specified a CSR is generated and downloaded to the local file system as sslcsr by default The g option cannot be used with the s option and the f option can only be used with the g option Table A 24 sslcsrgen Subcommand Description sslcsrgen Generates and downloads an SSL certificate signing request CSR fro...

Page 360: ...m config g cfgRacSecurity o cfgRacSecCsrCommonName MyCompany Examples racadm sslcsrgen s or racadm sslcsrgen g f c csr csrtest txt Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM can only generate not download f option is not applicable sslcertupload Table A 26 describes the sslcertupload subcommand Synopsis racadm sslcertupload t type f filename Table A 26 sslcertupload Subcomma...

Page 361: ...tdownload subcommand Synopsis racadm sslcertdownload t type f filename Table A 27 sslcertupload Subcommand Options Option Description t Specifies the type of certificate to upload either the CA certificate or server certificate 1 server certificate 2 CA certificate f Specifies the file name of the certificate to be uploaded If the file is not specified the sslcert file in the current directory is ...

Page 362: ...psis racadm sslcertview t type A Table A 29 sslcertdownload Subcommand Options Option Description t Specifies the type of certificate to download either the Microsoft Active Directory certificate or server certificate 1 server certificate 2 Microsoft Active Directory certificate f Specifies the file name of the certificate to be downloaded If the f option or the filename is not specified the sslce...

Page 363: ...ommon Name CN iDRAC default certificate Issuer Information Country Code CC US State S Texas Locality L Round Rock Organization O Dell Inc Organizational Unit OU Remote Access Group Common Name CN iDRAC default certificate Table A 31 sslcertview Subcommand Options Option Description t Specifies the type of certificate to view either the Microsoft Active Directory certificate or server certificate 1...

Page 364: ... iDRAC default certificate US Texas Round Rock Dell Inc Remote Access Group iDRAC default certificate Jul 8 16 21 56 2005 GMT Jul 7 16 21 56 2010 GMT Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM testemail Table A 32 describes the testemail subcommand Table A 32 testemail configuration Subcommand Description testemail Tests iDRAC6 e mail alerting feature ...

Page 365: ...mand options Table A 33 testemail Configuration Action Command Enable the alert racadm config g cfgEmailAlert o cfgEmailAlertEnable i 1 1 Set the destination e mail address racadm config g cfgEmailAlert o cfgEmailAlertAddress i 1 user1 mycompany com Set the custom message that is sent to the destination e mail address racadm config g cfgEmailAlert o cfgEmailAlertCustomMsg i 1 This is a test Ensure...

Page 366: ...trap alerting feature by sending a test trap from iDRAC6 to a specified destination trap listener on the network Before you execute the testtrap subcommand ensure that the specified index in the RACADM cfgIpmiPet group is configured properly Table A 36 provides a list and associated commands for the cfgIpmiPet group Table A 34 testemail Subcommand Option Option Description i Specifies the index of...

Page 367: ...ll reflect the correct connection status Table A 36 cfg e mail Alert Commands Action Command Enable the alert racadm config g cfgIpmiPet o cfgIpmiPetAlertEnable i 1 1 Set the destination e mail IP address racadm config g cfgIpmiPet o cfgIpmiPetAlertDestIpAddr i 1 192 168 0 110 View the current test trap settings racadm getconfig g cfgIpmiPet i index where index is a number from 1 to 4 Table A 37 t...

Page 368: ...ed Interfaces Local RACADM Remote RACADM telnet ssh RACADM clearasrscreen Synopsis racadm clearasrscreen Description Clear the last crash ASR screen Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM localconredirdisable NOTE Only a local racadm user can execute this command Synopsis racadm localconredirdisable option If option is set to 1 console redirection is disabled Description...

Page 369: ...ate s racadm fwupdate g u a TFTP_Server_IP_Address d path racadm fwupdate p u d path racadm fwupdate r Description The fwupdate subcommand allows users to update the firmware on iDRAC6 The user can Check the firmware update process status Update iDRAC6 firmware from a TFTP server by providing an IP address and optional path Rollback to the standby firmware Table A 38 fwupdate Subcommand Definition...

Page 370: ... g or p options At the end of the update iDRAC6 performs a soft reset s The status option returns the current status of where you are in the update process This option is always used by itself g The get option instructs the firmware to get the firmware update file from the TFTP server The user must also specify the a and d options In the absence of the a option the defaults are read from propertie...

Page 371: ...load NOTE To use this command you must have Configure iDRAC permission Table A 40 describes the krbkeytabupload subcommand Synopsis racadm krbkeytabupload f filename filename is the name of the file including the path Options Table A 41 describes the krbkeytabupload subcommand options The krbkeytabupload command returns 0 when successful and returns a non zero number when unsuccessful Table A 40 k...

Page 372: ...RACADM vmkey Synopsis racadm vmkey reset Description The vmkey subcommand resets the virtual media key to the default size of 256MB Legal Values reset Resets the key to the default size 256 MB Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM version Synopsis racadm version Description Displays the RACADM version ...

Page 373: ...mmand Synopsis racadm arp Description Display the Address Resolution Protocol ARP table Supported Interfaces Remote RACADM telnet ssh RACADM coredump NOTE To use this command you must have Execute Debug Commands permission Table A 43 describes the coredump subcommand Table A 42 arp Command Command Definition arp Displays the contents of the ARP table ARP table entries cannot be added or deleted ...

Page 374: ...formation is cleared with the coredumpdelete subcommand Another critical condition occurs on iDRAC6 In this case the coredump information will be relative to the last critical error that occurred See the coredumpdelete subcommand for more information about clearing the coredump Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM coredumpdelete NOTE To use this command you must have C...

Page 375: ... behavior is expected See the coredump subcommand for more information on viewing a coredump Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM ifconfig NOTE To use this command you must have Execute Diagnostic Commands or Configure iDRAC6 permission Table A 45 describes the ifconfig subcommand Synopsis racadm ifconfig coredumpdelete Deletes the core dump stored in iDRAC6 Table A 45...

Page 376: ... command you must have Execute Diagnostic Commands or Configure iDRAC6 permission Table A 47 describes the ping subcommand Table A 46 netstat Subcommand Definition netstat Displays the routing table and the current connections Table A 47 ping Subcommand Definition ping Verifies that the destination IP address is reachable from iDRAC6 with the current routing table contents A destination IP address...

Page 377: ...Supported Interfaces Remote RACADM telnet ssh RACADM racdump NOTE To use this command you must have Debug permission Table A 49 describes the racdump subcommand Table A 48 ping6 Subcommand Definition ping6 Verifies that the destination IPv6 address is reachable from iDRAC6 with the current routing table contents A destination IPv6 address is required An ICMP echo packet is sent to the destination ...

Page 378: ... Session information Process information Firmware build information Supported Interfaces Remote RACADM telnet ssh RACADM traceroute NOTE To use this command you must have Administrator permission Table A 50 describes the traceroute subcommand racdump Displays status and general iDRAC6 information Table A 50 traceroute Subcommand Definition traceroute Traces the network path of routers that packets...

Page 379: ... Remote RACADM telnet ssh RACADM traceroute6 NOTE To use this command you must have Administrator permission Table A 51 describes the traceroute6 subcommand Synopsis racadm traceroute6 IPv6 address racadm traceroute fd01 1 traceroute to fd01 1 fd01 1 from fd01 3 30 hops max 16 byte packets 1 fd01 1 fd01 1 14 324 ms 0 26 ms 0 244 ms Table A 51 traceroute6 Subcommand Definition traceroute6 Traces th...

Page 380: ...Options are m server x available only from CMC a all iDRAC6s available only from CMC c connect image d disconnect image e deploy available only from CMC u username username to access the network share p password password to access the network share l image_location image location on the network share use double quotes around the location s display current status a is assumed if not specified Table...

Page 381: ...RACADM Subcommand Overview 381 Description Connects disconnects or deploys a media file on a remote server Supported Interfaces Local RACADM Remote RACADM telnet ssh RACADM ...

Page 382: ...382 RACADM Subcommand Overview ...

Page 383: ...tion Use the group and object IDs with the RACADM utility to configure iDRAC6 The following sections describe each object and indicate whether the object is readable writable or both All string values are limited to displayable ASCII characters except where otherwise noted CAUTION Some groups and objects described in this chapter are not available with OpenManage version 6 1 release Support will b...

Page 384: ...ProductInfo Read Only Legal Values String of up to 63 ASCII characters Default Integrated Dell Remote Access Controller Description A text string that identifies the product idRacDescriptionInfo Read Only Legal Values String of up to 255 ASCII characters Default This system component provides a complete set of remote management functions for Dell PowerEdge servers Description A text description of...

Page 385: ...egal Values String of up to 16 ASCII characters Default The current RAC firmware build version For example 05 12 06 Description A string containing the current product build version idRacName Read Only Legal Values String of up to 15 ASCII characters Default iDRAC Description A user assigned name to identify this controller idRacType Read Only Legal Values Product ID Default 8 ...

Page 386: ...trap capabilities of the iDRAC One instance of the group is allowed The following subsections describe the objects in this group cfgOobSnmpAgentCommunity Read Write Legal Values String Maximum length 31 Default public Description Specifies the SNMP Community Name used for SNMP traps cfgOobSnmpAgentEnable Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables the SNMP agen...

Page 387: ...all active user sessions and require users to reconnect using the updated IP address settings NOTE For any network property changes on iDRAC6 to be successfully executed through RACADM you must first enable iDRAC6 NIC cfgNicIPv4Enable Read Write NOTE cfgNicIPv4Enable Read Write is not available with OpenManage version 6 1 release Support will be added in OpenManage version 6 2 release Legal Values...

Page 388: ...ft Active Directory only supports Fully Qualified Domain Names FQDN of 64 characters or fewer length Default blank Description The DNS domain name This parameter is only valid if cfgDNSDomainNameFromDHCP is set to 0 FALSE cfgDNSRacName Read Write Legal Values String of up to 63 ASCII characters At least one character must be alphabetic NOTE Some DNS servers only register names of 31 characters or ...

Page 389: ...tion Registers iDRAC6 name on the DNS server cfgDNSServersFromDHCP Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Specifies that the DNS server IP addresses should be assigned from the DHCP server on the network cfgDNSServer1 Read Write Legal Values A string representing a valid IP address For example 192 168 0 20 Default 0 0 0 0 ...

Page 390: ... address For example 192 168 0 20 Default 0 0 0 0 Description Retrieves the IP address for DNS server 2 This parameter is only valid if cfgDNSServersFromDHCP is set to 0 FALSE NOTE cfgDNSServer1 and cfgDNSServer2 may be set to identical values while swapping addresses cfgNicEnable Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables iDRAC6 network interface controller I...

Page 391: ... is only valid if cfgNicUseDhcp is set to 0 FALSE cfgNicNetmask Read Write NOTE This parameter is only configurable if the cfgNicUseDhcp parameter is set to 0 FALSE Legal Values A string representing a valid subnet mask For example 255 255 255 0 Default 255 255 255 0 Description The subnet mask used for static assignment of iDRAC6 IP address This property is only valid if cfgNicUseDhcp is set to 0...

Page 392: ... DHCP is used to assign iDRAC6 IP address If this property is set to 1 TRUE then iDRAC6 IP address subnet mask and gateway are assigned from the DHCP server on the network If this property is set to 0 FALSE the static IP address subnet mask and gateway is assigned from the cfgNicIpAddress cfgNicNetmask and cfgNicGateway properties cfgNicMacAddress Read Only Legal Values A string representing the R...

Page 393: ... and you cannot modify the settings from iDRAC6 Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables the VLAN capabilities of iDRAC6 from CMC cfgNicVLanID Read Only Legal Values 1 4094 Default 1 Description Specifies the VLAN ID for the network VLAN configuration in CMC This property is only valid if cfgNicVLanEnable is set to 1 enabled cfgNicVLanPriority Read Only Legal Values 0 ...

Page 394: ...es used to configure the iDRAC6 IPv6 URL cfgIPv6URLstring Read Only Legal Values A string of up to 80 characters Default blank Description The iDRAC6 IPv6 URL cfgIPv6LanNetworking This group is used to configure the IPv6 over LAN networking capabilities CAUTION Some objects described in this group are not available with OpenManage version 6 1 release Support will be added in OpenManage version 6 2...

Page 395: ...ite Legal Values A string representing a valid IPv6 entry Default Description An iDRAC6 IPv6 address cfgIPv6Gateway Read Write Legal Values A string representing a valid IPv6 entry Default Description iDRAC6 gateway IPv6 address cfgIPv6PrefixLength Read Write Legal Values 1 128 Default 0 Description The prefix length for iDRAC6 IPv6 address 1 ...

Page 396: ...efault 0 Description Enables or disables the IPv6 AutoConfig option cfgIPv6LinkLocalAddress Read Only Legal Values A string representing a valid IPv6 entry Default Description iDRAC6 IPv6 link local address cfgIPv6Address2 Read Only Legal Values A string representing a valid IPv6 entry Default Description An iDRAC6 IPv6 address ...

Page 397: ...ion Specifies whether cfgIPv6DNSServer1 and cfgIPv6DNSServer2 are static or DHCP IPv6 addresses cfgIPv6DNSServer1 Read Write Legal Values A string representing a valid IPv6 entry Default Description An IPv6 DNS server address cfgIPv6DNSServer2 Read Write Legal Values A string representing a valid IPv6 entry Default Description An IPv6 DNS server address ...

Page 398: ...epresenting a valid IPv6 entry Default Description An IPv6 DNS server address cfgIPv6Addr2PrefixLength Read Only Legal Values 1 128 Default 0 Description The prefix length for iDRAC6 IPv6 address 2 cfgIPv6LinkLockPrefixLength Read Only Legal Values 1 128 Default 0 cfgTotalnumberofextended IP Read Write Legal Values 1 256 ...

Page 399: ...cfgIPv6Addr3PrefixLength Read Only Legal Values 1 128 Default blank cfgIPv6Addr3Length Read Only Legal Values 1 40 Default blank cfgIPv6Address3 Read Only Legal Values String representing a valid IPv6 entry Default blank cfgIPv6Addr4PrefixLength Read Only Legal Values 1 128 Default 0 ...

Page 400: ...1 40 Default blank cfgIPv6Address4 Read Only Legal Values String representing a valid IPv6 entry Default blank cfgIPv6Addr5PrefixLength Read Only Legal Values 1 128 Default 0 cfgIPv6Addr5Length Read Only Legal Values 1 40 Default blank cfgIPv6Address5 Read Only Legal Values String representing a valid IPv6 entry ...

Page 401: ...k cfgIPv6Addr6PrefixLength Read Only Legal Values 1 128 Default 0 cfgIPv6Addr6Length Read Only Legal Values 1 40 Default blank cfgIPv6Address6 Read Only Legal Values String representing a valid IPv6 entry Default blank cfgIPv6Addr7PrefixLength Read Only Legal Values 1 128 Default 0 ...

Page 402: ...1 40 Default blank cfgIPv6Address7 Read Only Legal Values String representing a valid IPv6 entry Default blank cfgIPv6Addr8PrefixLength Read Only Legal Values 1 128 Default 0 cfgIPv6Addr8Length Read Only Legal Values 1 40 Default blank cfgIPv6Address8 Read Only Legal Values String representing a valid IPv6 entry ...

Page 403: ...k cfgIPv6Addr9PrefixLength Read Only Legal Values 1 128 Default 0 cfgIPv6Addr9Length Read Only Legal Values 1 40 Default blank cfgIPv6Address9 Read Only Legal Values String representing a valid IPv6 entry Default blank cfgIPv6Addr10PrefixLength Read Only Legal Values 1 128 Default 0 ...

Page 404: ...40 Default blank cfgIPv6Address10 Read Only Legal Values String representing a valid IPv6 entry Default blank cfgIPv6Addr11PrefixLength Read Only Legal Values 1 128 Default 0 cfgIPv6Addr11Length Read Only Legal Values 1 40 Default blank cfgIPv6Address11 Read Only Legal Values String representing a valid IPv6 entry ...

Page 405: ...cfgIPv6Addr12PrefixLength Read Only Legal Values 1 128 Default 0 cfgIPv6Addr12Length Read Only Legal Values 1 40 Default blank cfgIPv6Address12 Read Only Legal Values String representing a valid IPv6 entry Default blank cfgIPv6Addr13PrefixLength Read Only Legal Values 1 128 Default 0 ...

Page 406: ...40 Default blank cfgIPv6Address13 Read Only Legal Values String representing a valid IPv6 entry Default blank cfgIPv6Addr14PrefixLength Read Only Legal Values 1 128 Default 0 cfgIPv6Addr14Length Read Only Legal Values 1 40 Default blank cfgIPv6Address14 Read Only Legal Values String representing a valid IPv6 entry ...

Page 407: ...l Values 1 40 Default blank cfgIPv6Address15 Read Only Legal Values String representing a valid IPv6 entry Default blank cfgUserAdmin This group provides configuration information about the users who are allowed to access the RAC through the available remote interfaces Up to 16 instances of the user group are allowed Each instance represents the configuration for an individual user ...

Page 408: ...isting instances Default 1 16 Description The unique index of a user cfgUserAdminIpmiLanPrivilege Read Write Legal Values 2 User 3 Operator 4 Administrator 15 No access Default 4 User 2 15 All others Description The maximum privilege on the IPMI LAN channel cfgUserAdminPrivilege Read Write Legal Values 0x00000000 to 0x000001ff and 0x0 Default 0x00000000 ...

Page 409: ...Masks for User Privileges User Privilege Privilege Bit Mask Login to iDRAC6 0x00000001 Configure iDRAC6 0x00000002 Configure Users 0x00000004 Clear Logs 0x00000008 Execute Server Control Commands 0x00000010 Access Console Redirection 0x00000020 Access Virtual Media 0x00000040 Test Alerts 0x00000080 Execute Debug Commands 0x00000100 Table B 2 Sample Bit Masks for User Privileges User Privilege s Pr...

Page 410: ...n recreate the name The string must not contain forward slash backslash period at symbol or quotation marks NOTE This property value must be unique among user names cfgUserAdminPassword Write Only Legal Values A string of up to 20 ASCII characters Default blank Description The password for this user User passwords are encrypted and cannot be seen or displayed after the property is written The user...

Page 411: ...er cfgUserAdminSolEnable Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables Serial Over LAN SOL user access cfgEmailAlert This group contains parameters to configure the RAC e mail alerting capabilities The following subsections describe the objects in this group Up to four instances of this group are allowed cfgEmailAlertIndex Read Only Legal Values 1 4 ...

Page 412: ...le Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Specifies the destination email address for email alerts For example user1 company com cfgEmailAlertAddress Read Write Legal Values E mail address format with a maximum length of 64 ASCII characters Default blank Description The e mail address of the alert source cfgEmailAlertCustomMsg Read Write Legal Values A string of up to 32 char...

Page 413: ...eters to configure the number of sessions that can connect to iDRAC6 One instance of the group is allowed The following subsections describe the objects in this group cfgSsnMgtConsRedirMaxSessions Read Write Legal Values 1 2 Default 2 Description Specifies the maximum number of console redirection sessions allowed on iDRAC6 cfgSsnMgtWebserverTimeout Read Write Legal Values 60 10800 Default 1800 ...

Page 414: ...l Values 0 No time out 60 10800 Default 1800 Description Defines the secure shell idle time out This property sets the amount of time in seconds that a connection is allowed to remain idle there is no user input The session is cancelled if the time limit set by this property is reached Changes to this setting do not affect the current session you must log out and log in again to make the new setti...

Page 415: ...log in again to make the new settings effective An expired Telnet session displays the following error message only after you press Enter Warning Session no longer valid may have timed out After the message appears the system returns you to the shell that generated the Telnet session cfgSerial This group contains configuration parameters for iDRAC6 services One instance of the group is allowed The...

Page 416: ...rovides properties that allow configuration of the SMTP server for e mail alerts cfgRhostsSmtpServerIpAddr Read Write Legal Values A string representing a valid SMTP server IP address For example 192 168 0 56 Default 0 0 0 0 Description The IP address of the network SMTP server The SMTP server transmits e mail alerts from the RAC if the alerts are configured and enabled cfgRhostsFwUpdateTftpEnable...

Page 417: ... 0 0 0 Description Specifies the network TFTP server IP address that is used for TFTP iDRAC6 firmware update operations cfgRhostsFwUpdatePath Read Write Legal Values A string with a maximum length of 255 ASCII characters Default blank Description Specifies TFTP path where the iDRAC6 firmware image file exists on the TFTP server The TFTP path is relative to the TFTP root path on the TFTP server The...

Page 418: ...lues 1 TRUE 0 FALSE Default 0 Description Enables or disables remote syslog cfgRhostsSyslogPort Read Write Legal Values 0 65535 Default 514 Description Remote syslog port number cfgRhostsSyslogServer1 Read Write Legal Values String from 0 to 511 characters Default blank Description Name of remote syslog server ...

Page 419: ...Name of remote syslog server cfgRhostsSyslogServer3 Read Write Legal Values String from 0 to 511 characters Default blank Description Name of remote syslog server cfgUserDomain This group is used to configure the Active Directory user domain names A maximum of 40 domain names can be configured at any given time cfgUserDomainIndex Read Only Legal Values 1 40 Default instance ...

Page 420: ...55 characters Default blank Description Specifies the Active Directory user domain name cfgServerPower This group provides several power management features cfgServerPowerStatus Read Only Legal Values 1 TRUE 0 FALSE Default 0 Description Represents the server power state either ON or OFF cfgServerPowerServerAllocation Read Only Legal Values String of up to 32 characters ...

Page 421: ...l Values String of up to 32 characters Default blank Description Represents the power consumed by the server at the current time cfgServerPowerPeakPowerConsumption Read Only Legal Values String of up to 32 characters Default blank Description Represents the maximum power consumed by the server until the current time cfgServerPowerPeakPowerTimestamp Read Only Legal Values String of up to 32 charact...

Page 422: ... Values 0 1 Default 0 Description Resets the cfgServerPeakPowerConsumption property to 0 and the cfgServerPeakPowerConsumptionTimestamp property to the current iDRAC6 time cfgServerPowerCapWatts Read Only Legal Values String of up to 32 characters Default blank Description Represents the server power threshold in Watts cfgServerPowerCapBtuhr Read Only Legal Values String of up to 32 characters ...

Page 423: ...tring of up to 32 characters Default blank Description Represents the server power threshold in percentage cfgRacTuning This group is used to configure various iDRAC6 configuration properties such as valid ports and security port restrictions cfgRacTuneHttpPort Read Write Legal Values 10 65535 Default 80 Description Specifies the port number to use for HTTP network communication with the RAC ...

Page 424: ... with iDRAC6 cfgRacTuneIpRangeEnable Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables the IP Address Range validation feature of iDRAC6 cfgRacTuneIpRangeAddr Legal Values An IP address formatted string For example 192 168 0 44 Default 192 168 1 1 Description Specifies the acceptable IP address bit pattern in positions determined by the 1 s in the range mask property cfgRacTune...

Page 425: ...address formatted string For example 255 255 255 0 cfgRacTuneIpBlkEnable Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables the IP address blocking feature of the RAC cfgRacTuneIpBlkFailCount Legal Values 2 16 Default 5 Description The maximum number of login failures to occur within the window cfgRacTuneIpBlkFailWindow before login attempts from the IP address are rejected ...

Page 426: ...are counted When failure attempts age beyond this limit they are dropped from the count cfgRacTuneIpBlkPenaltyTime Legal Values 10 65535 Default 300 Description Defines the time span in seconds that session requests from an IP address with excessive failures are rejected cfgRacTuneSshPort Read Write Legal Values 1 65535 Default 22 Description Specifies the port number used for iDRAC6 SSH interface...

Page 427: ...ault 1 Description Enables or disables console redirection cfgRacTuneTelnetPort Read Write Legal Values 1 65535 Default 23 Description Specifies the port number used for iDRAC6 Telnet interface cfgRacTuneConRedirEncryptEnable Read Write Legal Values 1 TRUE 0 FALSE Default 1 Description Encrypts the video in a console redirection session ...

Page 428: ...board and mouse traffic during console redirection activity with iDRAC6 cfgRacTuneConRedirVideoPort Read Write Legal Values 1 65535 Default 5901 Description Specifies the port to be used for video traffic during console redirection activity with iDRAC6 NOTE This object requires an iDRAC6 reset before it becomes active cfgRacTuneAsrEnable Read Write Legal Values 0 FALSE 1 TRUE Default 1 ...

Page 429: ...alues 0 FALSE 1 TRUE Default 1 Description Enables and disables iDRAC6 Web server If this property is disabled iDRAC6 will not be accessible using client Web browsers This property has no effect on the Telnet SSH or local RACADM interfaces cfgRacTuneLocalServerVideo Read Write Legal Values 1 Enables 0 Disables Default 1 Description Enables switches ON or disables switches OFF the local server vide...

Page 430: ...gal Values 720 780 Default 0 Description Specifies the timezone offset in minutes from GMT UTC to use for the RAC Time Some common timezone offsets for timezones in the United States are shown below 480 PST Pacific Standard Time 420 MST Mountain Standard Time 360 CST Central Standard Time 300 EST Eastern Standard Time cfgRacTuneLocalConfigDisable Read Write Legal Values 0 Enables 1 Disables Defaul...

Page 431: ...gh iDRAC6 Web interface ifcRacManagedNodeOs This group contains properties that describe the managed server operating system One instance of the group is allowed The following subsections describe the objects in this group ifcRacMnOsHostname Read Only Legal Values A string of up to 255 characters Default blank Description The host name of the managed server ifcRacMnOsOsName Read Only Legal Values ...

Page 432: ...the RACADM sslcsrgen subcommand details for more information on generating certificate signing requests cfgSecCsrCommonName Read Write Legal Values A string of up to 254 characters Default Description Specifies the CSR Common Name CN cfgSecCsrOrganizationName Read Write Legal Values A string of up to 254 characters Default blank Description Specifies the CSR Organization Name O cfgSecCsrOrganizati...

Page 433: ...al Values A string of up to 254 characters Default blank Description Specifies the CSR Locality L cfgSecCsrStateName Read Write Legal Values A string of up to 254 characters Default blank Description Specifies the CSR State Name S cfgSecCsrCountryCode Read Write Legal Values A two character string Default blank Description Specifies the CSR Country Code CC ...

Page 434: ...Email Address cfgSecCsrKeySize Read Write Legal Values 512 1024 2048 Default 1024 Description Specifies the SSL asymmetric key size for the CSR cfgRacVirtual This group contains parameters to configure iDRAC6 virtual media feature One instance of the group is allowed The following subsections describe the objects in this group cfgVirMediaAttached Read Write Legal Values 0 Detach 1 Attach ...

Page 435: ... you then can connect to the virtual devices remotely using iDRAC6 Web interface or the CLI Setting this object to 0 will cause the devices to detach from the USB bus NOTE You must restart your system to enable all changes cfgVirMediaBootOnce Read Write Legal Values 1 Enabled 0 Disabled Default 0 Description Enables or disables the virtual media boot once feature of iDRAC6 If this property is enab...

Page 436: ...is recognized as a removable disk by Windows operating systems Windows operating systems will assign a drive letter that is C or higher during enumeration When set to 1 the Virtual Floppy drive will be seen as a floppy drive by Windows operating systems Windows operating systems will assign a drive letter of A or B cfgIpmiLan This group is used to configure the IPMI over LAN capabilities of the sy...

Page 437: ...Description Specifies the maximum privilege level allowed for IPMI over LAN access cfgIpmiLanAlertEnable Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables global e mail alerting This property overrides all individual e mail alerting enable disable properties cfgIpmiEncryptionKey Read Write Legal Values A string of even number of hexadecimal digits from 0 to 40 charac...

Page 438: ...etCommunityName Read Write Legal Values A string of up to 18 characters Default public Description The SNMP community name for traps cfgIpmiPetIpv6 This group is used to configure IPv6 platform event traps on the managed server cfgIpmiPetIPv6Index Read Only Legal Values 1 4 Default index value Description Unique identifier for the index corresponding to the trap ...

Page 439: ...PetIPv6AlertEnable Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables the IPv6 alert destination for the trap cfgIpmiPef This group is used to configure the platform event filters available on the managed server The event filters can be used to control policies related to actions that are triggered when critical events occur on the managed server cfgIpmiPefName Read O...

Page 440: ...r cfgIpmiPefIndex Read Write Legal Values 1 17 Default The index value of a platform event filter object Description Specifies the index of a specific platform event filter cfgIpmiPefAction Read Write Legal Values 0 None 1 Power Down 2 Reset 3 Power Cycle Default 0 Description Specifies the action that is performed on the managed server when the alert is triggered ...

Page 441: ...ilter cfgIpmiPet This group is used to configure platform event traps on the managed server cfgIpmiPetIndex Read Only Legal Values 1 4 Default The index value of a specific platform event trap Description Unique identifier for the index corresponding to the trap cfgIpmiPetAlertDestIpAddr Read Write Legal Values A string representing a valid IPv4 address For example 192 168 0 67 Default 0 0 0 0 ...

Page 442: ...t is triggered on the managed server cfgIpmiPetAlertEnable Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables a specific trap cfgSmartCard This group specifies properties used to support access to iDRAC6 using a smart card cfgSmartCardLogonEnable Read Write Legal Values 0 Disabled 1 Enabled Default 0 Description Enables or disables support for access to iDRAC6 using a...

Page 443: ... Revocation List CRL cfgActiveDirectory This group contains parameters to configure iDRAC6 Active Directory feature cfgADSSOEnable Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables Active Directory single sign on authentication on iDRAC6 cfgADRacDomain Read Write Legal Values Any printable text string with no white space Length is limited to 254 characters ...

Page 444: ...s limited to 254 characters Default blank Description Name of iDRAC6 as recorded in the Active Directory forest cfgADEnable Read Write Legal Values 1 TRUE 0 FALSE Default 0 Description Enables or disables Active Directory user authentication on iDRAC6 If this property is disabled local iDRAC6 authentication is used for user logins instead cfgADAuthTimeout Read Write NOTE To modify this property yo...

Page 445: ... Values Valid IP address or a fully qualified domain name FQDN The maximum number of characters is 254 Default No default value Description iDRAC6 uses the value you specify to search the LDAP server for user names cfgADDomainController2 Read Write Legal Values Valid IP address or a fully qualified domain name FQDN The maximum number of characters is 254 Default No default value Description iDRAC6...

Page 446: ... specify to search the LDAP server for user names cfgADGlobalCatalog1 Read Write Legal Values Valid IP address or a fully qualified domain name FQDN The maximum number of characters is 254 Default No default value Description iDRAC6 uses the value you specify to search the Global Catalog server for user names cfgADGlobalCatalog2 Read Write Legal Values Valid IP address or a fully qualified domain ...

Page 447: ...n name FQDN The maximum number of characters is 254 Default No default value Description iDRAC6 uses the value you specify to search the Global Catalog server for user names cfgADType Read Write Legal Values 1 Enables Active Directory with the extended schema 2 Enables Active Directory with the standard schema Default 1 Description Determines the schema type to use with Active Directory cfgADCertV...

Page 448: ...gSSADRoleGroupIndex Read Only Legal Values 1 5 Description Index of the Role Group as recorded in the Active Directory cfgSSADRoleGroupName Read Write Legal Values Any printable text string with no white space Length is limited to 254 characters Default blank Description Name of the Role Group as recorded in the Active Directory forest cfgSSADRoleGroupDomain Read Write Legal Values Any printable t...

Page 449: ...tion Use the bit mask numbers in Table B 3 to set role based authority privileges for a Role Group Table B 3 Bit Masks for Role Group Privileges Role Group Privilege Bit Mask Login to iDRAC6 0x00000001 Configure iDRAC6 0x00000002 Configure Users 0x00000004 Clear Logs 0x00000008 Execute Server Control Commands 0x00000010 Access Console Redirection 0x00000020 Access Virtual Media 0x00000040 Test Ale...

Page 450: ...ities of the system cfgIpmiSolEnable Read Write Legal Values 0 FALSE 1 TRUE Default 1 Description Enables or disables SOL cfgIpmiSolBaudRate Read Write Legal Values 9600 19200 57600 115200 Default 115200 Description The baud rate for serial communication over LAN cfgIpmiSolMinPrivilege Read Write Legal Values 2 User 3 Operator 4 Administrator ...

Page 451: ...d Write Legal Values 1 255 Default 10 Description Specifies the typical amount of time that iDRAC6 waits before transmitting a partial SOL character data packet This value is 1 based 5ms increments cfgIpmiSolSendThreshold Read Write Legal Values 1 255 Default 255 Description The SOL threshold limit value Specifies the maximum number of bytes to buffer before sending an SOL data packet ...

Page 452: ...452 iDRAC6 Enterprise Property Database Group and Object Definitions ...

Page 453: ...otocol which is a method for finding a host s Ethernet address from its Internet address ASCII Acronym for American Standard Code for Information Interchange which is a code representation used for displaying or printing letters numbers and other characters BIOS Acronym for basic input output system which is the part of system software that provides the lowest level interface to peripheral devices...

Page 454: ...shake Authentication Protocol which is an authentication method used by PPP servers to validate the identity of the originator of the connection CIM Acronym for Common Information Model which is a protocol designed for managing systems on a network CLI Abbreviation for command line interface CLP Abbreviation for command line protocol CMC Abbreviation for Chassis Management Controller which is the ...

Page 455: ...F Abbreviation for Distributed Management Task Force DNS Abbreviation for Domain Name System DSU Abbreviation for disk storage unit Extended Schema A solution used with Active Directory to determine user access to iDRAC6 uses Dell defined Active Directory objects FQDN Acronym for Fully Qualified Domain Names Microsoft Active Directory only supports FQDN of 64 bytes or fewer FSMO Flexible Single Ma...

Page 456: ... capabilities whether or not the computer is powered up or turned off or the operating system is not responding ICMB Abbreviation for Intelligent enclosure Management Bus ICMP Abbreviation for Internet control message protocol ID Abbreviation for identifier commonly used when referring to a user identifier user ID or object identifier object ID iDRAC6 Acronym for integrated Dell Remote Access Cont...

Page 457: ...management software Kbps Abbreviation for kilobits per second which is a data transfer rate LAN Abbreviation for local area network LDAP Abbreviation for Lightweight Directory Access Protocol It is an application protocol for querying and modifying directory service running over TCP IP LED Abbreviation for light emitting diode LOM Abbreviation for Local area network On Motherboard MAC Acronym for ...

Page 458: ...uration and Reporting OSCAR is the menu displayed by the Avocent iKVM when you press Print Screen It allows you to select the CMC console or iDRAC6 console for a server installed in the CMC PCI Abbreviation for Peripheral Component Interconnect which is a standard interface and bus technology for connecting peripherals to a system and for communicating with those peripherals POST Acronym for power...

Page 459: ...Abbreviation for RPM Package Manager which is a package management system for the Red Hat Enterprise Linux operating system that helps installation of software packages It is similar to an installation program SAC Acronym for Microsoft s Special Administration Console SAP Abbreviation for Service Access Point SEL Acronym for system event log SMI Abbreviation for systems management interrupt SMTP A...

Page 460: ...d schema A solution used with Active Directory to determine user access to iDRAC6 uses Active Directory group objects only TAP Abbreviation for Telelocator Alphanumeric Protocol which is a protocol used for submitting requests to a pager service TCP IP Abbreviation for Transmission Control Protocol Internet Protocol which represents the set of standard Ethernet protocols that includes the network ...

Page 461: ...ion for Universal Coordinated Time See GMT VLAN Abbreviation for Virtual Local Area Network VNC Abbreviation for virtual network computing VT 100 AbbreviationforVideoTerminal100 whichisusedbythemostcommonterminal emulation programs WAN Abbreviation for wide area network ...

Page 462: ...462 Glossary ...

Page 463: ...iscovery 305 Automated System Recovery See ASR B boot once enabling 233 bootable image file creating 288 C Certificate Signing Request See CSR certificates Active Directory 107 exporting the root CA certificate 149 SSL and digital 101 uploading a server certificate 105 viewing a server certificate 106 chassis LCD panel 41 Chassis Management Controller See CMC CMC about 29 configuring iDRAC during ...

Page 464: ...g 136 143 E e mail alerts configuring with RACADM 256 configuring with the web interface 96 extended schema using with Active Directory 123 F Firefox tab behavior 87 firewall opening ports 34 firmware recovering with CMC 60 116 updating 55 updating with SM CLP 278 updating with the web interface 116 frequently asked questions using console redirection 218 using the DRAC 5 with Active Directory 154...

Page 465: ...tus of the local console 219 instrumentation server 81 Internet Explorer configuring 68 IP address CMC locating 47 IP blocking configuring with RACADM 259 configuring with the web interface 91 enabling 260 IP filtering configuring with RACADM 257 configuring with the web interface 91 enabling 258 IPMI 42 configuring LAN properties 88 configuring with RACADM 252 configuring with the iDRAC6 configur...

Page 466: ...torage 81 management station configuring 67 75 configuring for console redirection 208 installing the software 79 80 network requirements 67 MAP navigating Media Redirection wizard 234 235 mouse pointer synchronizing 217 Mozilla Firefox disabling whitelist 73 supported versions 73 N netstat command diagnostics console 327 network properties configuring manually 251 configuring with RACADM 251 conf...

Page 467: ...PET platforms supported 33 ports table of 34 post codes viewing 314 power management using SM CLP 278 using the web interface 327 property database groups cfgActiveDirectory 443 cfgEmailAlert 411 cfgIpmiLan 436 cfgIpmiPef 438 439 cfgIpmiPet 441 cfgIpmiSerial 442 cfgIpmiSol 450 cfgLanNetworking 387 cfgRacSecurity 432 cfgRacTuning 423 cfgRacVirtual 434 cfgSerial 415 cfgSessionManagement 413 cfgUserA...

Page 468: ...sninfo 242 340 getsvctag 242 350 getsysinfo 242 342 gettracelog 243 357 help 335 ifconfig 375 netstat 376 ping 376 377 racdump 377 racreset 243 351 racresetcfg 243 352 serveraction 243 352 setniccfg 243 347 sslcertdownload 243 361 sslcertupload 243 360 sslcertview 243 362 sslcsrgen 244 359 testemail 244 364 testtrap 244 366 traceroute 378 traceroute6 379 version 372 reboot option disabling 83 remo...

Page 469: ...63 Smart Card Logon 161 SM CLP 42 features 273 navigating the MAP output formats 277 power management 278 syntax 273 targets 276 updating iDRAC firmware 278 using the show verb 276 snap in installing the Dell extension 133 SNMP community string 438 testing trap alert 251 SOL configuring with RACADM 253 configuring with the web interface 97 SSH client installation 76 configuring iDRAC service with ...

Page 470: ...ices 304 Update Packages verifying the digital signature 57 60 USB flash drive emulation type 303 users adding and configuring with the web interface 98 configuring LAN user with the iDRAC configuration utility 304 utilities dd 288 iVMCLI 287 video viewer 213 V verify digital signature 57 60 public key 58 60 video viewer using 213 virtual media about 229 booting 235 command line 290 configuring wi...

Page 471: ...91 configuring IP filtering 91 configuring IPMI LAN properties 88 97 configuring network properties 88 configuring PEF 95 configuring PET 94 95 255 configuring SOL 97 configuring telnet service 114 configuring the SSH service 114 configuring the web server service 114 logging in 86 logging out 87 updating firmware 116 web server iDRAC configuring with the web interface 114 ...

Page 472: ...472 Index ...

Reviews:

No comments

Related manuals for IDRAC6

Calsense ET2000e Programming Manual preview
ET2000e
Brand: Calsense Pages: 74
ABB RHD8000 Series Instructions Manual preview
RHD8000 Series
Brand: ABB Pages: 17
AAF MicroTech II UV05 Operation & Maintenance Manual preview
MicroTech II UV05
Brand: AAF Pages: 50
Allen-Bradley 1756-L72EROM Installation Instructions Manual preview
1756-L72EROM
Brand: Allen-Bradley Pages: 16
Acuity Controls nLight ECLYPSE Safety Instructions preview
nLight ECLYPSE
Brand: Acuity Controls Pages: 5
Bard CompleteStat-Series CS9B-THO Product Manual preview
CompleteStat-Series CS9B-THO
Brand: Bard Pages: 2
EpiSensor ZDR-10 User Manual preview
ZDR-10
Brand: EpiSensor Pages: 37
Velleman CHLSC2 User Manual preview
CHLSC2
Brand: Velleman Pages: 22
National Instruments NI 9683 User Manual And Specifications preview
NI 9683
Brand: National Instruments Pages: 27
AMX NetLinx Integrated Controller NI-3100 Installation Manual preview
NetLinx Integrated Controller NI-3100
Brand: AMX Pages: 2
Zamel RTD-02 Manual Instruction preview
RTD-02
Brand: Zamel Pages: 2
Yaesu G-450A User Manual preview
G-450A
Brand: Yaesu Pages: 15
Milesight UC50 Series User Manual preview
UC50 Series
Brand: Milesight Pages: 28
HomeMatic HM-LC-Dim1T-DR Installation And Operating Manual preview
HM-LC-Dim1T-DR
Brand: HomeMatic Pages: 68
XINGDASHINE LBP-024 Manual preview
LBP-024
Brand: XINGDASHINE Pages: 3
Freescale Semiconductor 56F8037 User Manual preview
56F8037
Brand: Freescale Semiconductor Pages: 41
E-T-A ControlPlex CPC12 T Series User Manual preview
ControlPlex CPC12 T Series
Brand: E-T-A Pages: 30
InPlay IN1BN-DKC0-100-C0 User Manual preview
IN1BN-DKC0-100-C0
Brand: InPlay Pages: 11

Brands by name

Popular brands

Load more brands