Download  Print this page

Dell iDRAC7 User Manual

Hide thumbs

Advertisement

Integrated Dell Remote Access Controller 7 (iDRAC7)
Version 1.50.50 User's Guide

Advertisement

Table of Contents
loading

  Related Manuals for Dell iDRAC7

  Summary of Contents for Dell iDRAC7

  • Page 1 Integrated Dell Remote Access Controller 7 (iDRAC7) Version 1.50.50 User's Guide...
  • Page 2 CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2013 Dell Inc. All Rights Reserved. Trademarks used in this text: Dell , the Dell logo, Dell Boomi...
  • Page 3: Table Of Contents

    .......................27 Accessing Documents From Dell Support Site 2 Logging into iDRAC7......................... 29 ............29 Logging into iDRAC7 as Local User, Active Directory User, or LDAP User ........................30 Logging into iDRAC7 Using Smart Card ................. 30 Logging Into iDRAC7 as a Local User Using Smart Card ..............31...
  • Page 4 ..............59 Updating Firmware Using Lifecycle Controller Remote Services ........................ 59 Viewing and Managing Staged Updates ............59 Viewing and Managing Staged Updates Using iDRAC7 Web interface ................59 Viewing and Managing Staged Updates Using RACADM ..........................59 Rolling Back Device Firmware ....................
  • Page 5 ....................63 Scheduling Automatic Backup Server Profile ............................64 Importing Server Profile ..................65 Importing Server Profile Using iDRAC7 Web Interface ......................65 Importing Server Profile Using RACADM ...........................65 Restore Operation Sequence ................65 Monitoring iDRAC7 Using Other Systems Management Tools 4 Configuring iDRAC7........................67 ...........................68...
  • Page 6 ..............................89 Parsing Rules ........................90 Modifying the iDRAC7 IP Address ............90 Disabling Access to Modify iDRAC7 Configuration Settings on Host System 5 Viewing iDRAC7 and Managed System Information............93 ....................93 Viewing Managed System Health and Properties ............................93 Viewing System Inventory ...........................
  • Page 7 ..............143 Configuring Generic LDAP Directory Service Using RACADM ...................... 143 Testing LDAP Directory Service Settings 8 Configuring iDRAC7 for Single Sign-On or Smart Card Login.......... 145 ..............145 Prerequisites for Active Directory Single Sign-On or Smart Card Login ............145 Registering iDRAC7 as a Computer in Active Directory Root Domain ........................
  • Page 8 Configuring Browser to Enable Active Directory SSO ..................147 Configuring iDRAC7 SSO Login for Active Directory Users ......... 148 Configuring iDRAC7 SSO Login for Active Directory Users Using Web Interface ..........148 Configuring iDRAC7 SSO Login for Active Directory Users Using RACADM ..................148 Configuring iDRAC7 Smart Card Login for Local Users ......................148...
  • Page 9 ....................163 Viewing Lifecycle Log Using Web Interface ......................163 Viewing Lifecycle Log Using RACADM ........................163 Exporting Lifecycle Controller Logs ................163 Exporting Lifecycle Controller Logs Using Web Interface ..................164 Exporting Lifecycle Controller Logs Using RACADM ...............................164 Adding Work Notes ........................164 Configuring Remote System Logging ................164...
  • Page 10 13 Managing Virtual Media...................... 185 ..........................186 Supported Drives and Devices .............................186 Configuring Virtual Media ................186 Configuring Virtual Media Using iDRAC7 Web Interface ....................186 Configuring Virtual Media Using RACADM .................187 Configuring Virtual Media Using iDRAC Settings Utility ....................187 Attached Media State and System Response ............................
  • Page 11 Installing Operating System From Multiple Disks ...................225 Deploying Embedded Operating System On SD Card ....................226 Enabling SD Module and Redundancy in BIOS 19 Troubleshooting Managed System Using iDRAC7............227 .............................227 Using Diagnostic Console ....................227 Scheduling Remote Automated Diagnostics ............... 228...
  • Page 12 Resetting iDRAC7 Using RACADM ...................... 233 Resetting iDRAC7 to Factory Default Settings ..........233 Resetting iDRAC7 to Factory Default Settings Using iDRAC7 Web Interface ..........233 Resetting iDRAC7 to Factory Default Settings Using iDRAC Settings Utility 20 Frequently Asked Questions....................235 ..............................235 System Event Log ..............................235...
  • Page 13 ..........251 Installing Bare Metal OS Using Attached Virtual Media and Remote File Share ............................251 Managing Rack Density ........................252 Installing New Electronic License ..252 Applying I/O Identity Configuration Settings for Multiple Network Cards in Single Host System Reboot...
  • Page 15: Overview

    Basic Management with IPMI (available by default for 200-500 series servers) • iDRAC7 Express (available by default on all 600 and higher series of rack or tower servers, and all blade servers) • iDRAC7 Enterprise (available on all server models) iDRAC7 Overview and Feature Guide available at dell.com/support/manuals.
  • Page 16: Key Features

    Key Features The key features in iDRAC7 include: NOTE: Some of the features are available only with iDRAC7 Enterprise license. For information on the features available for a license, see Managing Licenses. Inventory and Monitoring • View managed server health.
  • Page 17: New In This Release

    Capture last system crash image. • View boot and crash capture videos. Secure Connectivity Securing access to critical network resources is a priority. iDRAC7 implements a range of security features that includes: • Custom signing certificate for Secure Socket Layer (SSL) certificate.
  • Page 18: How To Use This User's Guide

    The contents of this User's Guide enable you to perform the tasks by using: • iDRAC7 Web interface — Only the task-related information is provided here. For information about the fields and options, see the iDRAC7 Online Help that you can access from the Web interface.
  • Page 19: Supported Web Browsers

    View — View the current license information. • Import — After acquiring the license, store the license in a local storage and import it into iDRAC7 using one of the supported interfaces. The license is imported if it passes the validation checks.
  • Page 20 Enterprise license locally (with no network connectivity) and activate the dedicated NIC. This utility installs a 30-day trial iDRAC7 Enterprise license and allows you to reset the iDRAC to change from shared NIC to dedicated NIC.
  • Page 21: Licensable Features In Idrac7

    Licensable Features In iDRAC7 The following table provides the iDRAC7 features that are enabled based on the license purchased. Table 2. iDRAC7 Licensable Features Feature Basic Management with iDRAC7 Express (Rack iDRAC7 iDRAC7 IPMI and Tower Servers) Express (for Enterprise...
  • Page 22 Feature Basic Management with iDRAC7 Express (Rack iDRAC7 iDRAC7 IPMI and Tower Servers) Express (for Enterprise Blade Servers) Serial Over LAN (no proxy) Crash Screen capture Crash Video Capture Boot Capture Virtual Media [4] Virtual Console [4] Yes [5] Console Collaboration [4]...
  • Page 23: Interfaces And Protocols To Access Idrac7

    RACADM. [2] All blade servers use dedicated NIC for iDRAC7 at all times, but the speed is limited to 100 Mbps. GIGABYTE Ethernet card does not work on blade servers due to limitations of the chassis, but works on rack and tower servers with Enterprise license.
  • Page 24 Lifecycle Controller User’s Guide available at dell.com/support/manuals. Telnet Use Telnet to access iDRAC7 where you can run RACADM and SMCLP commands. For details RACADM Command Line Reference Guide for iDRAC7 and CMC available about RACADM, see at dell.com/support/manuals. For details about SMCLP, see Using SMCLP.
  • Page 25: Idrac7 Port Information

    DTMF Web site — dmtf.org/standards/profiles/ iDRAC7 Port Information The following ports are required to remotely access iDRAC7 through firewalls. These are the default ports iDRAC7 listens to for connections. Optionally, you can modify most of the ports. To do this, see Configuring Services.
  • Page 26: Other Documents You May Need

    In addition to this guide, the following documents available on the Dell Support website at dell.com/support/manuals provides additional information about the setup and operation of iDRAC7 in your system. iDRAC7 Online Help provides detailed information about the fields available on the iDRAC7 Web interface and •...
  • Page 27: Social Media Reference

    – Go to dell.com/support/manuals. – In the Tell us about your Dell system section, under No, select Choose from a list of all Dell products and click Continue. – In the Select your product type section, click Software and Security.
  • Page 28 Client System Management Enterprise System Management Remote Enterprise System Management Serviceability Tools – To view the document, click the required product version. • Using search engines as follows: – Type the name and version of the document in the Search box.
  • Page 29: Logging Into Idrac7

    Logging into iDRAC7 You can log in to iDRAC7 as an iDRAC7 user, as a Microsoft Active Directory user, or as a Lightweight Directory Access Protocol (LDAP) user. The default user name and password is root and calvin, respectively. You can also log in using Single Sign-On or Smart Card.
  • Page 30: Logging Into Idrac7 Using Smart Card

    Changing Default Login Password Configuring Supported Web Browsers Logging into iDRAC7 Using Smart Card You can log in to iDRAC7 using a smart card. Smart cards provide Two Factor Authentication (TFA) that provide two- layers of security: • Physical smart card device.
  • Page 31: Logging Into Idrac7 As An Active Directory User Using Smart Card

    NOTE: If you are a local user for whom Enable CRL check for Smart Card Logon is enabled, iDRAC7 attempts to download the CRL and checks the CRL for the user's certificate. The login fails if the certificate is listed as revoked in the CRL or if the CRL cannot be downloaded for some reason.
  • Page 32: Logging Into Idrac7 Sso Using Cmc Web Interface

    Using the SSO feature, you can launch iDRAC7 Web interface from CMC Web interface. A CMC user has the CMC user privileges when launching iDRAC7 from CMC. If the user account is present in CMC and not in iDRAC, the user can still launch iDRAC7 from CMC.
  • Page 33: Accessing Idrac7 Using Local Racadm

    Logging in to iDRAC7 Using Public Key Authentication You can log into the iDRAC7 over SSH without entering a password. You can also send a single RACADM command as a command line argument to the SSH application. The command line options behave similar to remote RACADM since the session ends after the command is completed.
  • Page 34: Changing Default Login Password

    Enabling or Disabling Default Password Warning Message Changing Default Login Password Using Web Interface When you log in to iDRAC7 Web interface, if the Default Password Warning page is displayed, you can change the password. To do this: Select the Change Default Password option.
  • Page 35: Changing Default Login Password Using Idrac Settings Utility

    In the Default Password Warning section, select Enable, and then click Apply to enable the display of the Default Password Warning page when you log in to iDRAC7. Else, select Disable. Alternatively, if this feature is enabled and you do not want to display the warning message for subsequent log-ins, on the Default Password Warning page, select the Do not show this warning again option, and then click Apply.
  • Page 37: Setting Up Managed System And Management Station

    CMC Web interface (see In case of rack and tower servers, you can set up the IP address or use the default iDRAC7 IP address 192.168.0.120 to configure initial network settings, including setting up DHCP or the static IP for iDRAC7.
  • Page 38: Setting Up Idrac Ip Using Idrac Settings Utility

    After you configure iDRAC7 IP address: change the default user name and password after setting up the iDRAC7 IP address . • Make sure to • Access it through any of the following interfaces: – iDRAC7 Web interface using a supported browser (Internet Explorer, Firefox, Chrome, or Safari) –...
  • Page 39 Under Auto Negotiation, select On if iDRAC7 must automatically set the duplex mode and network speed. This option is available only for dedicated mode. If enabled, iDRAC7 sets the network speed to 10, 100, or 1000 Mbps based on the network speed.
  • Page 40: Setting Up Idrac7 Ip Using Cmc Web Interface

    Select Enabled option under Enable IPv6. For the DHCPv6 server to automatically assign the IP address, gateway, and subnet mask to iDRAC7, select Enabled option under Enable Auto-configuration. If enabled, the static values are disabled. Else, proceed to the next step to configure using the static IP address.
  • Page 41: Enabling Auto-Discovery

    NOTE: You must have Chassis Configuration Administrator privilege to set up iDRAC7 network settings from CMC. Log in to CMC Web interface. Go to Server Overview → Setup → iDRAC. The Deploy iDRAC page is displayed. Under iDRAC Network Settings, select Enable LAN and other network parameters as per requirements. For more information, see CMC online help .
  • Page 42: Configuring Servers And Server Components Using Auto Config

    When the iDRAC or CMC obtains an IP address from the DHCP server, the XML file is used to configure the devices. Auto-config is invoked only after the iDRAC7 gets its IP address from the DHCP server. If it does not get a response or an IP address from the DHCP server, then auto-config is not invoked.
  • Page 43 Create or modify the XML file that configures the attributes of Dell servers. Place the XML file in a share location that is accessible by the DHCP server and all the Dell servers that are assigned IP address from the DHCP server.
  • Page 44 – Code – 1 – Description — Dell vendor class identifier Click OK twice to return to the DHCP window. 10. Expand all items under the server name, right-click on Scope Options and select Configure Options. 11. Click on the Advanced tab.
  • Page 45: Setting Up Management Station

    Enable Once — Configures the component only once using the XML file referenced by the DHCP server. After this, Auto Config is disabled. – Enable Once After Reset — After the iDRAC7 is reset, configures the components only once using the XML file referenced by the DHCP server. After this, Auto Config is disabled. –...
  • Page 46: Accessing Idrac7 Remotely

    • Rack and tower servers — Set the iDRAC7 NIC to LOM1 and make sure that the management station is on the same network as iDRAC7. NOTE: If the system is upgraded to iDRAC7 Enterprise, you can set the iDRAC7 NIC to Dedicated.
  • Page 47: Modifying Local Administrator Account Settings

    The local administrator account settings are configured. Setting Up Managed System Location You can specify the location details of the managed system in the data center using the iDRAC7 Web interface or iDRAC Settings utility. Setting Up Managed System Location Using Web Interface To specify the system location details: In the iDRAC7 Web interface, go to Overview →...
  • Page 48: Configuring Supported Web Browsers

    If you are connecting to iDRAC7 Web interface from a management station that connects to the Internet through a proxy server, you must configure the Web browser to access the Internet from through this server. This section provides information to configure Internet Explorer.
  • Page 49 Scroll down to the section labeled ActiveX controls and plug-ins and set the following: NOTE: The settings in the Medium-Low state depend on the IE version. – Automatic prompting for ActiveX controls: Enable – Binary and script behaviors: Enable – Download signed ActiveX controls: Prompt –...
  • Page 50: Adding Idrac7 To The List Of Trusted Domains

    Adding iDRAC7 to the List of Trusted Domains When you access iDRAC7 Web interface, you are prompted to add iDRAC7 IP address to the list of trusted domains if the IP address is missing from the list. When completed, click Refresh or relaunch the Web browser to establish a connection to iDRAC7 Web interface.
  • Page 51: Disabling Whitelist Feature In Firefox

    Firefox has a "whitelist" security feature that requires user permission to install plug-ins for each distinct site that hosts a plug-in. If enabled, the whitelist feature requires you to install a Virtual Console viewer for each iDRAC7 you visit, even though the viewer versions are identical.
  • Page 52 Repository Manager. For more information, see iDRAC7 automatically provides a difference between the BIOS and the firmware that is installed on the server and the repository location or FTP site. All applicable updates contained in the repository are applied to the system. This feature is available with iDRAC7 Enterprise license.
  • Page 53: Downloading Device Firmware

    ** When iDRAC7 is updated from version 1.30.30 or later, a system restart is not necessary. However, firmware versions of iDRAC7 earlier than 1.30.30 require a system restart when applied using the out-of-band interfaces.
  • Page 54 Before updating the firmware using single device update method, make sure that you have downloaded the firmware image to a location on the local system. To update single device firmware using iDRAC7 Web interface: Go to Overview → iDRAC Settings → Update and Rollback .
  • Page 55 Updating Firmware Using FTP You can directly connect to the Dell FTP site or any other FTP site from iDRAC to perform the firmware updates. You can use the Windows based update packages (DUPs) and a catalog file available on the FTP site instead of creating custom repositories.
  • Page 56: Updating Device Firmware Using Racadm

    A log file on the remote server contains information about server access and staged firmware updates. Automatic updates is available only with the iDRAC7 Enterprise license. You can schedule automatic firmware updates using the iDRAC Web interface or RACADM.
  • Page 57 NOTE: Do not create the next scheduled occurrence of an automatic update job if a job is already Scheduled. It overwrites the current scheduled job. In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Update and Rollback . The Firmware Update page is displayed.
  • Page 58: Updating Firmware Using Cmc Web Interface

    Enable and start the Windows Management Instrumentation (WMI) service if your system is running Windows operating system, NOTE: While updating the iDRAC7 firmware using the DUP utility in Linux, if you see error messages such as usb 5-2: device descriptor read/64, error -71 displayed on the console, ignore them.
  • Page 59: Updating Firmware Using Lifecycle Controller Remote Services

    You can rollback the firmware even if the update was previously performed using another interface. For example, if the firmware was updated using the Lifecycle Controller GUI, you can rollback the firmware using the iDRAC7 Web interface.
  • Page 60: Rollback Firmware Using Idrac7 Web Interface

    To roll back device firmware: In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Update and Rollback → Rollback . The Rollback page displays the devices for which you can rollback the firmware. You can view the device name, associated devices, currently installed firmware version, and the available firmware rollback version.
  • Page 61: Rollback Firmware Using Cmc Web Interface

    Lifecycle Controller Remote Services Quick Start Guide available at dell.com/support/manuals. For information, see Recovering iDRAC7 iDRAC7 supports two operating system images to make sure a bootable iDRAC7. In the event of an unforeseen catastrophic error and you lose both boot paths: •...
  • Page 62: Using Tftp Server

    You can use Trivial File Transfer Protocol (TFTP) server to upgrade or downgrade iDRAC7 firmware or install certificates. It is used in SM-CLP and RACADM command line interfaces to transfer files to and from iDRAC7. The TFTP server must be accessible using an iDRAC7 IP address or DNS name.
  • Page 63: Backing Up Server Profile Using Racadm

    Scheduling Automatic Backup Server Profile Using Web Interface To schedule automatic backup server profile: In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Server Profile. The Backup and Export Server Profile page is displayed. Click the Automatic Backup tab.
  • Page 64: Importing Server Profile

    LifeCycleController.lcattributes.autobackup Disabled To clear the backup schedule: racadm systemconfig clearbackupscheduler For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ support/manuals. Importing Server Profile You can use the back up image file to import (restore) the configuration and firmware for the same server or another server with identical configuration, without rebooting the server.
  • Page 65: Importing Server Profile Using Idrac7 Web Interface

    Monitoring iDRAC7 Using Other Systems Management Tools You can discover and monitor iDRAC7 using Dell Management Console or Dell OpenManage Essentials. You cam also use Dell Remote Access Configuration Tool (DRACT) to discover iDRACs, update firmware, and set up Active Directory.
  • Page 67: Configuring Idrac7

    Configuring iDRAC7 iDRAC7 enables you to configure iDRAC7 properties, set up users, and set up alerts to perform remote management tasks. Before you configure iDRAC7, make sure that the iDRAC7 network settings and a supported browser is configured, and the required licenses are updated. For more information about the licensable feature in iDRAC7, see Managing Licenses.
  • Page 68: Viewing Idrac7 Information

    You can view the basic properties of iDRAC7. Viewing iDRAC7 Information Using Web Interface In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Properties to view the following information related iDRAC7 Online Help . to iDRAC7. For information about the properties, see •...
  • Page 69: Modifying Network Settings Using Web Interface

    To modify the network settings using iDRAC7 Web interface or RACADM, you must have Configure privileges. NOTE: Changing the network settings may terminate the current network connections to iDRAC7. Modifying Network Settings Using Web Interface To modify the iDRAC7 network settings: In the iDRAC7 Web interface, go to Overview →...
  • Page 70: Configuring Ip Filtering And Ip Blocking

    • IP filtering limits the IP address range of the clients accessing iDRAC7. It compares the IP address of an incoming login to the specified range and allows iDRAC7 access only from a management station whose IP address is within the range.
  • Page 71 The cfgRacTuneIpRangeMask or the RangeMask property is applied to both the incoming IP address and to the cfgRacTuneIpRangeAddr or RangeAddr property. If the results are identical, the incoming login request is allowed to access iDRAC7. Logging in from IP addresses outside this range results in an error. The login proceeds if the following expression equals zero: •...
  • Page 72: Configuring Services

    Local Configuration — Disable access to iDRAC7 configuration (from the host system) using Local RACADM and iDRAC Settings utility. • Web Server — Enable access to iDRAC7 Web interface. If you disable the option, use local RACADM to re-enable the Web Server, since disabling the Web Server also disables remote RACADM. •...
  • Page 73: Enabling Or Disabling Https Redirection

    – iDRAC.Racadm – iDRAC.SNMP RACADM Command Line Reference Guide for iDRAC7 and CMC available For more information about these objects, see at dell.com/support/manuals. Enabling or Disabling HTTPs Redirection If you do not want automatic redirection from HTTP to HTTPs due to certificate warning issue with default iDRAC certificate or as a temporary setting for debugging purpose, you can configure iDRAC such that redirection from http port (default is 80) to https port (default is 443) is disabled.
  • Page 74: Using Vnc Client To Manage Remote Server

    Web interface or RACADM. NOTE: VNC feature is licensed and is available in the iDRAC7 Enterprise license. You can choose from many VNC applications or Desktop clients such as the ones from RealVNC or Dell Wyse PocketCloud. Only one VNC client session can be active at a time.
  • Page 75: Setting Up Vnc Viewer Without Ssl Encryption

    Configuring LCD Setting Using Web Interface To configure the server LCD front panel display: In iDRAC7 Web interface, go to Overview → Hardware → Front Panel. In LCD Settings section, from the Set Home Message drop-down menu, select any of the following: –...
  • Page 76: Configuring System Id Led Setting

    To configure the System ID LED display: In iDRAC7 Web interface, go to Overview → Hardware → Front Panel. The Front Panel page is displayed. In System ID LED Settings section, select any of the following options to enable or disable LED blinking: –...
  • Page 77: Configuring Time Zone And Ntp

    The system boots from the selected device on the next and subsequent reboots and remains as the first boot device in the BIOS boot order, until it is changed again either from the iDRAC7 Web interface or from the BIOS boot sequence.
  • Page 78: Setting First Boot Device Using Web Interface

    In the Virtual Console Viewer, from the Next Boot menu, set the required device as the first boot device. Enabling Last Crash Screen To troubleshoot the cause of managed system crash, you can capture the system crash image using iDRAC7. To enable the last crash screen:...
  • Page 79: Enabling Or Disabling Os To Idrac Pass-Through

    OS to iDRAC Pass-through feature that provides a high-speed bi-directional in-band communication between iDRAC7 and the host operating system through a shared LOM (rack or tower servers), a dedicated NIC (rack, tower, or blade servers), or through the USB NIC. This feature is available for iDRAC7 Enterprise license.
  • Page 80: Supported Cards For Os To Idrac Pass-Through

    Supported Operating Systems for USB NIC Enabling or Disabling OS to iDRAC Pass-through Using Web Interface Enabling or Disabling OS to iDRAC Pass-through Using RACADM Enabling or Disabling OS to iDRAC Pass-through Using iDRAC Settings Utility Supported Cards for OS to iDRAC Pass-through The following table provides a list of cards that support the OS to iDRAC Pass-through feature using LOM.
  • Page 81 Configure the USB NIC interface using Network Manager tool. Navigate to System → Administrator → Network → Devices → New → Ethernet Connection and select Dell computer corp.iDRAC Virtual NIC USB Device. Click the Activate icon to activate the device. For more information, see the RHEL 5.9 documentation.
  • Page 82: Enabling Or Disabling Os To Idrac Pass-Through Using Web Interface

    Enabling or Disabling OS to iDRAC Pass-through Using RACADM To enable or disable OS to iDRAC Pass-through using RACADM, use the objects in the iDRAC.OS-BMC group. For more RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/ information, see the manuals.
  • Page 83: Obtaining Certificates

    Generating a New Certificate Signing Request SSL Server Certificates iDRAC7 includes a Web server that is configured to use the industry-standard SSL security protocol to transfer encrypted data over a network. Built upon asymmetric encryption technology, SSL is widely accepted for providing...
  • Page 84: Generating A New Certificate Signing Request

    Internet browsers in North America. iDRAC7 Web server has a Dell self-signed unique SSL digital certificate by default. You can replace the default SSL certificate with a certificate signed by a well-known Certificate Authority (CA). A Certificate Authority is a business entity that is recognized in the Information Technology industry for meeting high standards of reliable screening, identification, and other important security criteria.
  • Page 85: Uploading Server Certificate

    After the CA approves the CSR and issues the SSL server certificate, it can be uploaded to iDRAC7. The information used to generate the CSR, stored on the iDRAC7 firmware, must match the information contained in the SSL server certificate, that is, the certificate must have been generated using the CSR created by iDRAC7.
  • Page 86: Viewing Server Certificate

    Viewing Server Certificate Using Web Interface In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → SSL. The SSL page displays the SSL server certificate that is currently in use at the top of the page.
  • Page 87: Deleting Custom Ssl Certificate Signing Certificate

    Configuring Multiple iDRAC7s Using RACADM You can configure one or more iDRAC7s with identical properties using RACADM. When you query a specific iDRAC7 using its group ID and object ID, RACADM creates the .cfg configuration file from the retrieved information. File name is user specified.
  • Page 88: Creating An Idrac7 Configuration File

    Write commands are not transmitted to iDRAC7 if an error is found in the .cfg file. The user must correct all errors before using the file to configure iDRAC7. Use the -c option in the config subcommand, which verifies the syntax and does not perform a write operation to iDRAC7.
  • Page 89: Parsing Rules

    Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals . • Use the racresetcfg subcommand to reset the iDRAC7 to the default setting, and then run the racadm config -f <filename>.cfg or racadm set -f <filename>.cfg command. Make sure that the .cfg file includes all required objects, users, indexes, and other parameters.
  • Page 90: Modifying The Idrac7 Ip Address

    >.cfg, the command builds a .cfg file for the current If you type racadm getconfig -f < iDRAC7 configuration. This configuration file can be used as an example and as a starting point for your unique . cfg file.
  • Page 91 Click Apply. NOTE: If access is disabled, you cannot use Server Administrator or IPMITool to perform iDRAC7 configurations. However, you can use IPMI Over LAN.
  • Page 93: Viewing Idrac7 And Managed System Information

    Viewing Managed System Health and Properties When you log in to iDRAC7 Web interface, the System Summary page allows you to view the managed system's health, basic iDRAC7 information, preview the virtual console, add and view work notes, and quickly launch tasks such as power on or off, power cycle, view logs, update and rollback firmware, switch on or switch off the front panel LED, and reset iDRAC7.
  • Page 94: Viewing Sensor Information

    System Inventory on Reboot (CSIOR) option to collect the system inventory on reboot. After a few minutes, log in to iDRAC7, and navigate to the System Inventory page to view the details. It may take up to five minutes for the information to be available depending on the hardware installed on the server.
  • Page 95 • Voltage — Indicates the status and reading of the voltage sensors on various system components. The following table provides how to view the sensor information using iDRAC7 Web interface and RACADM. For iDRAC7 Online Help for the respective information about the properties that are displayed on the Web interface, see the pages.
  • Page 96: Checking The System For Fresh Air Compliance

    Dell. To check the system for fresh air compliance: In the iDRAC7 Web interface, go to Overview → Server → Power / Thermal → Temperatures. The Temperatures page is displayed. See the Fresh Air section that indicates whether the server is fresh air compliant or not.
  • Page 97: Viewing Historical Temperature Data Using Idrac7 Web Interface

    However, WS-MAN displays information for most of the storage devices in the system. iDRAC7 inventories and monitors the PERC 8 series of RAID controllers that include H310, H710, H710P, and H810. The controllers that do not support Comprehensive Embedded Management are Internal Tape Adapters (ITAs) and SAS 6Gbps HBA.
  • Page 98: Monitoring Storage Device Using Racadm

    To view the network device information, use the hwinventory and nicstatistics commands. For more information, see the RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals. Additional properties may be displayed when using RACADM or WS-MAN in addition to the properties displayed in the iDRAC7 Web interface.
  • Page 99 initiator, and storage target attributes after the device is reset and before it is initialized, thus eliminating a second BIOS restart. The device configuration and boot operation occur in a single system start and is optimized for boot time performance. Before enabling I/O identity optimization, make sure that: •...
  • Page 100 Intel x520 Mezz 10 GB Supported BIOS Version for I/O Identity Optimization The following table provides the minimum BIOS version supported on the 12th generation PowerEdge servers. Dell PowerEdge 12th Generation Server Minimum Supported BIOS Version R720, R720xd, R620, T620, and M620 2.1.0...
  • Page 101: Inventory And Monitoring Fc Hba Devices

    MAC address for iDRAC7s in a chassis. The chassis–assigned MAC address is stored in CMC non–volatile memory and is sent to iDRAC7 during an iDRAC7 boot or when CMC FlexAddress is enabled. If CMC enables chassis–assigned MAC addresses, iDRAC7 displays the MAC address on any of the following pages: •...
  • Page 102: Viewing Or Terminating Idrac7 Sessions

    MAC address and vice–versa, iDRAC7 IP address also changes. Viewing or Terminating iDRAC7 Sessions You can view the number of users currently logged in to iDRAC7 and terminate the user sessions. Terminating iDRAC7 Sessions Using Web Interface The users who do not have administrative privileges must have Configure iDRAC7 privilege to terminate iDRAC7 sessions using iDRAC7 Web interface.
  • Page 103: Setting Up Idrac7 Communication

    Setting Up iDRAC7 Communication You can communicate with iDRAC7 using any of the following modes: • iDRAC7 Web Interface • Serial connection using DB9 cable (RAC serial or IPMI serial) - For rack and tower servers only • IPMI Serial Over LAN •...
  • Page 104: Communicating With Idrac7 Through Serial Connection Using Db9 Cable

    Enabling IPMI Serial Connection Basic and Terminal Modes Configuring BIOS For Serial Connection To configure BIOS for Serial Connection: NOTE: This is applicable only for iDRAC7 on rack and tower servers. Turn on or restart the system. Press <F2>. Go to System BIOS Settings → Serial Communication.
  • Page 105: Enabling Rac Serial Connection

    Enabling IPMI Serial Connection Basic and Terminal Modes To enable IPMI serial routing of BIOS to iDRAC7, configure IPMI Serial in any of the following modes in iDRAC7: NOTE: This is applicable only for iDRAC7 on rack and tower servers.
  • Page 106 This section provides additional configuration settings for IPMI serial terminal mode. Configuring Additional Settings for IPMI Serial Terminal Mode Using Web Interface To set the Terminal Mode settings: In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → Serial...
  • Page 107: Switching Between Rac Serial And Serial Console While Using Db9 Cable

    To go back to the terminal mode use, when connected in Serial Console mode: <Esc> +<Shift> <9> Communicating With iDRAC7 Using IPMI SOL IPMI Serial Over LAN (SOL) allows a managed system’s text-based console serial data to be redirected over iDRAC7’s dedicated or shared out-of-band ethernet management network. Using SOL you can:...
  • Page 108: Configuring Bios For Serial Connection

    Configuring iDRAC7 to Use SOL Using iDRAC7 Web Interface To configure IPMI Serial over LAN (SOL): In the iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → Serial Over LAN. The Serial over LAN page is displayed.
  • Page 109: Enabling Supported Protocol

    The IPMI SOL advanced settings are configured. These values help to improve the performance. iDRAC7 Online Help . For information about the options, see the Configuring iDRAC7 to Use SOL Using RACADM To configure IPMI Serial over LAN (SOL): Enable IPMI Serial over LAN: –...
  • Page 110 The RMCP+ uses an 40-character hexadecimal string (characters 0-9, a-f, and A-F) encryption key for authentication. The default value is a string of 40 zeros. An RMCP+ connection to iDRAC7 must be encrypted using the encryption Key (Key Generator (KG)Key). You can configure the encryption key using the iDRAC7 Web interface or iDRAC Settings utility.
  • Page 111 SSH has improved security over Telnet. iDRAC7 only supports SSH version 2 with password authentication, and is enabled by default. iDRAC7 supports up to two SSH sessions and two Telnet sessions at a time. It is recommended to use SSH as Telnet is not a secure protocol. You must use Telnet only if you cannot install an SSH client or if your network infrastructure is secure.
  • Page 112 – console com2 This connects iDRAC7 to the managed system’s SOL port. Once a SOL session is established, iDRAC7 command line console is not available. Follow the escape sequence correctly to open the iDRAC7 command line console. The escape sequence is also printed on the screen as soon as a SOL session is connected. When the managed system is off, it takes sometime to establish the SOL session.
  • Page 113: Communicating With Idrac7 Using Ipmi Over Lan

    Connect to the iDRAC7 using the command: telnet < IP address >:< port number >, where IP address is the IP address for the iDRAC7 and port number is the Telnet port number (if you are using a new port).
  • Page 114: Configuring Ipmi Over Lan Using Idrac Settings Utility

    Enabling or Disabling Remote RACADM You can enable or disable remote RACADM using the iDRAC7 Web interface or RACADM. You can run up to five remote RACADM sessions in parallel. Enabling or Disabling Remote RACADM Using Web Interface To enable or disable remote RACADM: In iDRAC7 Web interface, go to Overview →...
  • Page 115: Enabling Or Disabling Remote Racadm Using Racadm

    Host System. Enabling IPMI on Managed System On a managed system, use the Dell Open Manage Server Administrator to enable or disable IPMI. For more information, Dell Open Manage Server Administrator’s User Guide at dell.com/support/manuals. see the Configuring Linux for Serial Console During Boot The following steps are specific to the Linux GRand Unified Bootloader (GRUB).
  • Page 116: Enabling Login To The Virtual Console After Boot

    # initrd /boot/initrd-version.img #boot=/dev/sda default=0 timeout=10 #splashimage=(hd0,2)/grub/splash.xpm.gz serial --unit=1 --speed=57600 terminal --timeout=10 serial title Red Hat Linux Advanced Server (2.4.9-e.3smp) root (hd0,0) kernel /boot/vmlinuz-2.4.9-e.3smp ro root=/dev/sda1 hda=ide-scsi console=ttyS0 console=ttyS1,115200n8r initrd /boot/initrd-2.4.9-e.3smp.img title Red Hat Linux Advanced Server-up (2.4.9-e.3) root (hd0,00) kernel /boot/vmlinuz-2.4.9-e.3 ro root=/dev/sda1 s initrd /boot/initrd-2.4.9-e.3.im To enable multiple GRUB options to start Virtual Console sessions through the RAC serial connection, add the...
  • Page 117: Supported Ssh Cryptography Schemes

    Supported SSH Cryptography Schemes To communicate with iDRAC7 using SSH protocol, it supports multiple cryptography schemes listed in the following table. Table 12. SSH Cryptography Schemes Scheme Type Scheme Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST...
  • Page 118: Using Public Key Authentication For Ssh

    Public Key Authentication (PKA) over SSH. This is a licensed feature. When the PKA over SSH is set up and used correctly, you need not enter the user name or password while logging into iDRAC7. This is useful for setting up automated scripts that perform various functions.
  • Page 119 When adding new public keys, make sure that the existing keys are not at the index where the new key is added. iDRAC7 does not perform checks to make sure previous key(s) are deleted before a new key(s) are added.
  • Page 120 From remote RACADM using Telnet or SSH: racadm sshpkauth -i <2 to 16> -k <1 to 4> -t <key-text> For example, to upload a valid key to iDRAC7 User ID 2 in the first key space using a file, run the following command: $ racadm sshpkauth -i 2 -k 1 -f pkkey.key NOTE: The -f option is not supported on telnet/ssh/serial RACADM.
  • Page 121: Configuring User Accounts And Privileges

    Configuring Local Users You can configure up to 16 local users in iDRAC7 with specific access permissions. Before you create an iDRAC7 user, verify if any current users exist. You can set user names, passwords, and roles with the privileges for these users. The user names and passwords can be changed using any of the iDRAC7 secured interfaces (that is, Web interface, RACADM or WS-MAN).
  • Page 122: Configuring Local Users Using Racadm

    If you are configuring a new iDRAC7 or if you have used the racadm racresetcfg command, the only current user is root with the password calvin. The racresetcfg subcommand resets the iDRAC7 to the default values.
  • Page 123 To verify, use one of the following commands: racadm getconfig -u john racadm getconfig –g cfgUserAdmin –i 3 RACADM Command Line Reference Guide for iDRAC7 and For more information on the RACADM commands, see the CMC available at dell.com/support/manuals. Enabling iDRAC7 User With Permissions To enable a user with specific administrative permissions (role-based authority): NOTE: You can use the getconfig and config commands or get and set commands.
  • Page 124: Configuring Active Directory Users

    If your company uses the Microsoft Active Directory software, you can configure the software to provide access to iDRAC7, allowing you to add and control iDRAC7 user privileges to your existing users in your directory service. This is a licensed feature.
  • Page 125: Prerequisites For Using Active Directory Authentication For Idrac7

    Integrated PKI into the Active Directory infrastructure. iDRAC7 uses the standard Public Key Infrastructure (PKI) mechanism to authenticate securely into the Active Directory. See the Microsoft website for more information. • Enabled the Secure Socket Layer (SSL) on all domain controllers that iDRAC7 connects to for authenticating to all the domain controllers. Related Links...
  • Page 126: Supported Active Directory Authentication Mechanisms

    14. Upload the certificate you saved in step 13 to iDRAC7. Importing iDRAC7 Firmware SSL Certificate iDRAC7 SSL certificate is the identical certificate used for iDRAC7 Web server. All iDRAC7 controllers are shipped with a default self-signed certificate. If the Active Directory Server is set to authenticate the client during an SSL session initialization phase, you need to upload iDRAC7 Server certificate to the Active Directory Domain controller.
  • Page 127: Standard Schema Active Directory Overview

    Figure 1. Configuration of iDRAC7 with Active Directory Standard Schema In Active Directory, a standard group object is used as a role group. A user who has iDRAC7 access is a member of the role group. To give this user access to a specific iDRAC7, the role group name and its domain name need to be configured on the specific iDRAC7.
  • Page 128: Configuring Standard Schema Active Directory

    If all the login users and role groups, or any of the nested groups, are from multiple domains, then Global Catalog server addresses must be configured on iDRAC7. In this multiple domain scenario, all the role groups and nested groups, if any, must be a Universal Group type.
  • Page 129 11. Click Finish. The Active Directory settings for standard schema is configured. Configuring Active Directory With Standard Schema Using RACADM To configure iDRAC7 Active Directory with Standard Schema using the RACADM: At the racadm command prompt, run the following commands: –...
  • Page 130 Using the following RACADM command may be optional. racadm sslcertdownload -t 0x1 -f <RAC SSL certificate> If DHCP is enabled on iDRAC7 and you want to use the DNS provided by the DHCP server, enter the following RACADM commands: –...
  • Page 131: Extended Schema Active Directory Overview

    Dell has extended the schema to include an used to link together the users or groups with a specific set of privileges to one or more iDRAC7 devices. This model provides an administrator maximum flexibility over the different combinations of users, iDRAC7 privileges, and iDRAC7 devices on the network without much complexity.
  • Page 132 You can create as many or as few association objects as required. However, you must create at least one Association Object, and you must have one iDRAC7 Device Object for each iDRAC7 device on the network that you want to integrate with Active Directory for Authentication and Authorization with iDRAC7.
  • Page 133: Configuring Extended Schema Active Directory

    Configuring Active Directory With Extended Schema Using RACADM Extending Active Directory Schema Extending your Active Directory schema adds a Dell organizational unit, schema classes and attributes, and example privileges and association objects to the Active Directory schema. Before you extend the schema, make sure that you have Schema Admin privileges on the Schema Master Flexible Single Master Operation (FSMO) Role Owner of the domain forest.
  • Page 134 Dell Schema Extender utility • LDIF script file If you use the LDIF script file, the Dell organizational unit is not added to the schema. Dell Systems Management Tools and Documentation DVD The LDIF files and Dell Schema Extender are located on your in the following respective directories: •...
  • Page 135 Class Type Auxiliary Class SuperClasses None Attributes dellIsLoginUser dellIsCardConfigAdmin dellIsUserConfigAdmin dellIsLogClearAdmin dellIsServerResetUser dellIsConsoleRedirectUser dellIsVirtualMediaUser dellIsTestAlertUser dellIsDebugCommandAdmin Table 20. dellPrivileges Class 1.2.840.113556.1.8000.1280.1.1.1.4 Description Used as a container Class for the Dell Privileges (Authorization Rights). Class Type Structural Class SuperClasses User Attributes dellRAC4Privileges...
  • Page 136 Table 21. dellProduct Class 1.2.840.113556.1.8000.1280.1.1.1.5 Description The main class from which all Dell products are derived. Class Type Structural Class SuperClasses Computer Attributes dellAssociationMembers Table 22. List of Attributes Added to the Active Directory Schema Attribute Name/Description Assigned OID/Syntax Object Identifier...
  • Page 137 For more information about the Active Directory Users and Computers Snap-in, see Microsoft documentation. Adding iDRAC7 Users and Privileges to Active Directory Using the Dell-extended Active Directory Users and Computers Snap-in, you can add iDRAC7 users and privileges by creating device, association, and privilege objects. To add each object, perform the following: •...
  • Page 138 Select New → Dell Remote Management Object Advanced. The New Object window is displayed. Enter a name for the new object. The name must be identical to iDRAC7 name that you enter while configuring Active Directory properties using iDRAC7 Web interface.
  • Page 139 In the Properties window, click Apply and click OK. Click the Products tab to add one iDRAC7 device connected to the network that is available for the defined users or user groups. You can add multiple iDRAC7 devices to an Association Object.
  • Page 140 IP address of the domain controller> NOTE: You must configure at least one of the three addresses. iDRAC7 attempts to connect to each of the configured addresses one-by-one until it makes a successful connection. With Extended Schema, these are the FQDN or IP addresses of the domain controllers where this iDRAC7 device is located.
  • Page 141: Testing Active Directory Settings

    <primary DNS IP address> racadm set iDRAC.IPv4.DNSFromDHCP.DNS2 <secondary DNS IP address> If you want to configure a list of user domains so that you only need to enter the user name during log in to iDRAC7 Web interface, enter the following command: –...
  • Page 142: Configuring Generic Ldap Users

    Active Directory server be identified by the FQDN and not an IP address. If the Active Directory server is identified by an IP address, certificate validation fails because iDRAC7 is not able to communicate with the Active Directory server.
  • Page 143: Configuring Generic Ldap Directory Service Using Racadm

    FQDN and not an IP address. If the LDAP server is identified by an IP address, certificate validation fails because iDRAC7 is not able to communicate with the LDAP server. NOTE: When generic LDAP is enabled, iDRAC7 first tries to login the user as a directory user. If it fails, local user lookup is enabled.
  • Page 145: Configuring Idrac7 For Single Sign-On Or Smart Card Login

    Configuring iDRAC7 for Single Sign-On or Smart Card Login This section provides information to configure iDRAC7 for Smart Card login (for local users and Active Directory users), and Single Sign-On (SSO) login (for Active Directory users.) SSO and smart card login are licensed features.
  • Page 146: Generating Kerberos Keytab File

    A keytab file is generated. NOTE: If you find any issues with iDRAC7 user for which the keytab file is created, create a new user and a new keytab file. If the same keytab file which was initially created is again executed, it does not configure...
  • Page 147: Creating Active Directory Objects And Providing Privileges

    – Include all sites that bypass the proxy server. Click Advanced. Add all relative domain names that will be used for iDRAC7 instances that is part of the SSO configuration (for example, myhost.example.com.) Click Close and click OK twice. Configuring Firefox to Enable Active Directory SSO To configure the browser settings for Firefox: In Firefox address bar, enter about:config.
  • Page 148: Configuring Idrac7 Sso Login For Active Directory Users Using Web Interface

    NOTE: For information about the options, see the Verify whether the iDRAC7 DNS name matches the iDRAC7 Fully Qualified Domain Name. To do this, in iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → Network and see the DNS Domain Name property.
  • Page 149: Uploading Trusted Ca Certificate For Smart Card

    Uploading Trusted CA Certificate For Smart Card Using Web Interface To upload trusted CA certificate for smart card login: In iDRAC7 Web interface, go to Overview → iDRAC Settings → Network → User Authentication → Local Users. The Users page is displayed.
  • Page 150: Enabling Or Disabling Smart Card Login

    Enabling or Disabling Smart Card Login Using Web Interface To enable or disable the Smart Card logon feature: In the iDRAC7 Web interface, go to Overview → iDRAC Settings → User Authentication → Smart Card . The Smart Card page is displayed.
  • Page 151: Configuring Idrac7 To Send Alerts

    Configuring Email Alert, SNMP Trap, or IPMI Trap Settings Enabling or Disabling Alerts Using Web Interface To enable or disable generating alerts: In iDRAC7 Web interface, go to Overview → Server → Alerts. The Alerts page is displayed. Under Alerts section:...
  • Page 152: Enabling Or Disabling Alerts Using Racadm

    NOTE: Even if you are a user with read-only privileges, you can filter the alerts. In iDRAC7 Web interface, go to Overview → Server → Alerts . The Alerts page is displayed. Under Alerts Filter section, select one or more of the following categories: –...
  • Page 153: Filtering Alerts Using Racadm

    RACADM Command Line Reference To filter the alerts, use the eventfilters command. For more information, see the Guide for iDRAC7 and CMC available at dell.com/support/manuals. Setting Event Alerts You can set event alerts such as e-mail alerts, IPMI alerts, SNMP traps, remote system logs, operating system logs, and WS events to be sent to configured destinations.
  • Page 154: Setting Alert Recurrence Event

    Setting Event Actions Using Web Interface To set an event action: In iDRAC7 Web interface, go to Overview → Server → Alerts . The Alerts page is displayed. Under Alerts Results, from the Actions drop-down menu, for each event select an action: –...
  • Page 155: Configuring Email Alert, Snmp Trap, Or Ipmi Trap Settings

    The management station uses Simple Network Management Protocol (SNMP) and Intelligent Platform Management Interface (IPMI) traps to receive data from iDRAC7. For systems with large number of nodes, it may not be efficient for a management station to poll each iDRAC7 for every condition that may occur. For example, event traps can help a management station with load balancing between nodes or by issuing an alert if an authentication failure occurs.
  • Page 156: Configuring Email Alert Settings

    You can configure the email address to receive the email alerts. Also, configure the SMTP server address settings. NOTE: If your mail server is Microsoft Exchange Server 2007, make sure that iDRAC7 domain name is configured for the mail server to receive the email alerts from iDRAC7.
  • Page 157 Go to Overview → Server → Alerts → SNMP and Email Settings . Select the State option to enable the email address to receive the alerts and type a valid email address. For more iDRAC7 Online Help. information about the options, see the Click Send under Test Email to test the configured email alert settings.
  • Page 158: Configuring Ws Eventing

    The steps required to configure WS eventing feature to receive WS Eventing messages for changes related to Lifecycle Controller jobs are described in the Web service Eventing Support for iDRAC7 1.30.30 specification document. In addition to this specification, see the DSP0226 (DMTF WS Management Specification), Section 10 Notifications (Eventing) document for the complete information on the WS Eventing protocol.
  • Page 159 Table 23. Alert Message IDs Message ID Description Amperage Auto Sys Reset Backup/Restore Battery Event BIOS BIOS Management BOOT BOOT Control Cable Processor CPUA Proc Absent Storage Contr Cert Mgmt Auto-Discovery Storage Enclosr Fan Event Debug Hardware Config DRAC IP Change Intrusion Job Control Lifecycle Contr...
  • Page 160 Message ID Description Redundancy FW Download IDSDM Media RFLA IDSDM Absent FlexAddress SD RRDU IDSDM Redundancy Remote Service Security Event Sys Event Log Software RAID PCIe SSD STOR Storage FW Update Job Software Config Software Change System Info Temperature Test Alert UEFI UEFI Event User Tracking...
  • Page 161: Managing Logs

    Lifecycle log that contains events related to system, storage devices, network devices, firmware updates, configuration changes, license messages, and so on. However, the system events are also available as a separate log called System Event Log (SEL). The lifecycle log is accessible through iDRAC7 Web interface, RACADM, and WS-MAN interface.
  • Page 162: Viewing System Event Log Using Idrac Settings Utility

    Audit • Updates • Work notes When you log in or log out of iDRAC7 using any of the following interfaces, the log in, log out, or log in failure events are recorded in the Lifecycle logs: • Telnet •...
  • Page 163: Viewing Lifecycle Log Using Web Interface

    RACADM Command Line Reference To view Lifecycle logs, use the lclog command. For more information, see the Guide for iDRAC7 and CMC available at dell.com/support/manuals. Exporting Lifecycle Controller Logs You can export the entire Lifecycle Controller log (active and archived entries) in a single zipped XML file to a network share or to the local system.
  • Page 164: Exporting Lifecycle Controller Logs Using Racadm

    Adding Work Notes Each user who logs in to iDRAC7 can add work notes and this is stored in the lifecycle log as an event. You must have iDRAC7 logs privilege to add work notes. A maximum of 255 characters are supported for each new work note.
  • Page 167: Monitoring And Managing Power

    Monitoring and Managing Power You can use iDRAC7 to monitor and manage the power requirements of the managed system. This helps to protect the system from power outages by appropriately distributing and regulating the power consumption on the system. The key features are: •...
  • Page 168: Executing Power Control Operations

    Power Capping in Blade Servers Before a blade server powers up, iDRAC7 provides CMC with its power requirements. It is higher than the actual power that the blade can consume and is calculated based on limited hardware inventory information. It may request a smaller power range after the server is powered up based on the actual power consumed by the server.
  • Page 169: Viewing And Configuring Power Cap Policy

    525W. If the power cap value is set to be lower than the minimum recommended threshold, iDRAC7 may not be able maintain the requested power cap.
  • Page 170: Configuring Power Supply Options

    Configuring Power Supply Options Using Web Interface To configure the power supply options: In iDRAC7 Web interface, go to Overview → Server → Power/Thermal → Power Configuration → Power Configuration. The Power Configuration page is displayed. iDRAC7 Online Help .
  • Page 171: Configuring Power Supply Options Using Idrac Settings Utility

    System.Power.Hotspare.Enable • System.Power.Hotspare.PrimaryPSU • System.Power.PFC.Enable RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/ For more information, see the support/manuals. Configuring Power Supply Options Using iDRAC Settings Utility To configure the power supply options: In iDRAC Settings utility, go to Power Configuration.
  • Page 173: Configuring And Using Virtual Console

    Configuring and Using Virtual Console You can use the virtual console to manage a remote system using the keyboard, video, and mouse on your management station to control the corresponding devices on a managed server. This is a licensed feature for rack and tower servers. It is available by default in blade servers.
  • Page 174: Configuring Web Browsers To Use Virtual Console

    Console, the server console resolution may reset if the server is selected on the local console. If the system is running a Linux operating system, an X11 console may not be viewable on the local monitor. Press <Ctrl><Alt><F1> at the iDRAC7 Virtual Console to switch Linux to a text console. Configuring Web Browsers to Use Virtual Console...
  • Page 175 Make sure that the Enable Protected Mode option is not selected for Trusted Sites zone. Alternatively, you can add the iDRAC7 address to sites in the Intranet zone. By default, protected mode is turned off for sites in Intranet Zone and Trusted Sites zone.
  • Page 176: Importing Ca Certificates To Management Station

    To clear older versions of Java viewer in Windows or Linux, do the following: At the command prompt, run javaws-viewer or javaws-uninstall. The Java Cache viewer is displayed. iDRAC7 Virtual Console Client. Delete the items titled Importing CA Certificates to Management Station When you launch Virtual Console or Virtual Media, prompts are displayed to verify the certificates.
  • Page 177: Configuring Virtual Console

    Configuring Virtual Console Before configuring the Virtual Console, make sure that the management station is configured. You can configure the virtual console using iDRAC7 Web interface or RACADM command line interface. Related Links Configuring Web Browsers to Use Virtual Console...
  • Page 178: Previewing Virtual Console

    NOTE: The Virtual Console image is available only if you have enabled Virtual Console. Launching Virtual Console You can launch the virtual console using the iDRAC7 Web Interface or a URL. NOTE: Do not launch a Virtual Console session from a Web browser on the managed system.
  • Page 179: Launching Virtual Console Using Url

    The Virtual Console Viewer displays the remote system’s desktop. Using this viewer, you can control the remote system’s mouse and keyboard functions from your management station. Multiple message boxes may appear after you launch the application. To prevent unauthorized access to the application, navigate through these message boxes within three minutes.
  • Page 180: Using Virtual Console Viewer

    NOTE: If the remote server is powered off, the message ’No Signal’ is displayed. The Virtual Console Viewer title bar displays the DNS name or the IP address of the iDRAC7 you are connected to from the management station. If iDRAC7 does not have a DNS name, then the IP address is displayed. The format is: •...
  • Page 181: Passing All Keystrokes Through Virtual Console

    This may be due to the Predictable Pointer Acceleration feature of the GNOME desktop. For correct mouse synchronization in the iDRAC7 Virtual Console, this feature must be disabled. To disable Predictable Pointer Acceleration, in the mouse section of the /etc/X11/xorg.conf file, add: Option "AccelerationScheme"...
  • Page 182 Java-based Virtual Console Session running on Windows Operating System • Ctrl+Alt+Del key is not sent to the managed system, but always interpreted by the management station. • When Pass All Keystrokes to Server is enabled, the following keys are not sent to the managed system: –...
  • Page 183 – If SysRq is enabled on the management station, then <Ctrl+Alt+SysRq+b> or <Alt+SysRq+b> resets the management station irrespective of the system’s state. – If SysRq is disabled on the management station, then the <Ctrl+Alt+SysRq+b> or <Alt+SysRq+b>keys resets the operating system on the managed system. –...
  • Page 185: Managing Virtual Media

    ISO image file. The following figure shows a typical Virtual Media setup. • Virtual floppy media of iDRAC7 is not accessible from virtual machines. • Any connected Virtual Media emulates a physical device on the managed system.
  • Page 186: Supported Drives And Devices

    Configuring Virtual Media Using iDRAC7 Web Interface To configure virtual media settings: CAUTION: Do not reset iDRAC7 when running a Virtual Media session. Otherwise, undesirable results may occur, including data loss. In the iDRAC7 Web interface, go to Overview → Server → Attached Media.
  • Page 187: Configuring Virtual Media Using Idrac Settings Utility

    Computer folder option, and click OK. To access Virtual Media using Virtual Console: In the iDRAC7 Web interface, go to Overview → Server → Virtual Console. The Virtual Console page is displayed. Click Launch Virtual Console.
  • Page 188: Launching Virtual Media Without Using Virtual Console

    Hide empty drives in the Computer folder option, and click OK. To launch Virtual Media when Virtual Console is disabled: In the iDRAC7 Web Interface, go to Overview → Server → Virtual Console. The Virtual Console page is displayed. Click Launch Virtual Console.
  • Page 189: Adding Virtual Media Images

    A message is displayed warning the user that resetting the USB connection can affect all the input to the target device including Virtual Media, keyboard, and mouse. Click Yes. The USB is reset. NOTE: iDRAC7 Virtual Media does not terminate even after you log out of iDRAC7 Web interface session. Mapping Virtual Drive To map the virtual drive:...
  • Page 190 DVD or a USB flash drive (that is connected to the management station.) To map the drives, launch IE as an administrator or add the iDRAC7 IP address to the list of trusted sites. To establish a Virtual Media session, from the Virtual Media menu, click Connect Virtual Media.
  • Page 191: Unmapping Virtual Drive

    Virtual Media is in To enable the boot once option and boot the managed system from the Virtual Media: In the iDRAC7 Web interface, go to Overview → Server → Attached Media. Under Virtual Media, select the Enable Boot Once and click Apply.
  • Page 192 Turn on the managed system and press <F2> during boot. Change the boot sequence to boot from the remote Virtual Media device. Reboot the server. The managed system boots once from the Virtual Media. Related Links Mapping Virtual Drive Configuring Virtual Media...
  • Page 193: Installing And Using Vmcli Utility

    The Virtual Media Command Line Interface (VMCLI) utility is an interface that provides virtual media features from the management station to iDRAC7 on the managed system. Using this utility you can access virtual media features, including image files and physical drives, to deploy an operating system on multiple remote systems in a network.
  • Page 194: Vmcli Commands To Access Virtual Media

    <iDRAC7-user-password> -c {< device-name > | < image-file >} — Indicates whether the iDRAC7 CA certificate is valid. If the certificate is not valid, a warning message is displayed when you run this command. However, the command is executed successfully and a VMCLI session is established. For more information on VMCLI parameters, see the VMCLI Help or the VMCLI Man pages .
  • Page 195 • stderr/stdout redirection — Redirects any printed utility output to a file. For example, using the greater-than character (>) followed by a filename overwrites the specified file with the printed output of the VMCLI utility. NOTE: The VMCLI utility does not read from standard input (stdin). Hence, stdin redirection is not required. •...
  • Page 197: Managing Vflash Sd Card

    16 GB capacity. After you insert the card, you must enable vFlash functionality to create and manage partitions. vFlash is a licensed feature. If the card is not available in the system's vFlash SD card slot, the following error message is displayed in the iDRAC7 Web interface at Overview → Server → vFlash: SD card not detected.
  • Page 198: Enabling Or Disabling Vflash Functionality

    Enabling or Disbaling vFlash Functionality Using Web Interface To enable or disable the vFlash functionality: In the iDRAC7 Web interface, go to Overview → Server → vFlash . The SD Card Properties page is displayed. Select or clear the vFLASH Enabled option to enable or disable the vFlash functionality. If any vFlash partition is attached, you cannot disable vFlash and an error message is displayed.
  • Page 199: Initializing Vflash Sd Card

    The initialize operation reformats the SD card and configures the initial vFlash system information on the card. Initializing vFlash SD Card Using Web Interface To initialize the vFlash SD card: In the iDRAC7 Web interface, go to Overview → Server → vFlash . The SD Card Properties page is displayed. Enable vFLASH and click Initialize.
  • Page 200: Getting The Last Status Using Racadm

    NOTE: If you click any option on the vFlash pages when an application such as WS-MAN, iDRAC Settings utility, or RACADM is using vFlash, or if you navigate to some other page in the GUI, iDRAC7 may display the message: vFlash is currently in use by another process.
  • Page 201: Creating An Empty Partition

    Creating an Empty Partition Using the Web Interface To create an empty vFlash partition: In iDRAC7 Web interface, go to Overview → Server → vFlash → Create Empty Partition. The Create Empty Partition page is displayed. iDRAC7 Online Help .
  • Page 202: Formatting A Partition

    NOTE: The uploaded image and the emulation type must match. There are issues when iDRAC7 emulates a device with incorrect image type. For example, if the partition is created using an ISO image and the emulation type is specified as Hard Disk, then the BIOS cannot boot from this image.
  • Page 203: Viewing Available Partitions

    Viewing Available Partitions Using Web Interface To view the available vFlash partitions, in the iDRAC7 Web interface, go to Overview → Server → vFlash → Manage. The Manage Partitions page is displayed listing the available partitions and related information for each partition. For iDRAC7 Online Help .
  • Page 204: Attaching Or Detaching Partitions

    If you detach a partition, it is not visible in the operating system and the BIOS boot order menu. When you attach or detach a partition, the USB bus in the managed system is reset. This affects applications that are using vFlash and disconnects the iDRAC7 Virtual Media sessions. Before attaching or detaching a partition, make sure that: •...
  • Page 205: Deleting Existing Partitions

    Attaching or Detaching Partitions Using Web Interface To attach or detach partitions: In the iDRAC7 Web interface, go to Overview → Server → vFlash → Manage. The Manage Partitions page is displayed. In the Attached column: – Select the checkbox for the partition(s) and click Apply to attach the partition(s).
  • Page 206: Downloading Partition Contents

    Deleting Existing Partitions Using Web Interface To delete an existing partition: In the iDRAC7 Web interface, go to Overview → Server → vFlash → Manage. The Manage Partitions page is displayed. In the Delete column, click the delete icon for the partition that you want to delete.
  • Page 207: Booting To A Partition

    To set a vFlash partition as the first boot device, use cfgServerInfo. For more information, see the Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals. NOTE: When you run this command, the vFlash partition label is automatically set to boot once—...
  • Page 209: Using Smclp

    • View system properties Running SMCLP Commands You can run the SMCLP commands using SSH or Telnet interface. Open a SSH or Telnet interface and log in to iDRAC7 as an administrator. The SMCLP prompt (admin ->)is displayed. SMCLP prompts: •...
  • Page 210: Idrac7 Smclp Syntax

    SMCLP Syntax The iDRAC7 SMCLP uses the concept of verbs and targets to provide systems management capabilities through the CLI. The verb indicates the operation to perform, and the target determines the entity (or object) that runs the operation.
  • Page 211 Target Definitions System Event Log (SEL) record entry admin1/system1/logs1/log1 An individual SEL record instance on the managed system admin1/system1/logs1/log1/record* Managed system SMASH collection settings admin1/system1/settings1 Managed system capacities SMASH collection admin1/system1/capacities1 Managed system consoles SMASH collection admin1/system1/consoles1 Service Processor admin1/system1/sp1 Service Processor time service admin1/system1/sp1/timesvc1 Service processor capabilities SMASH collection...
  • Page 212: Navigating The Map Address Space

    The root target is represented by a slash (/) or a backslash (\). It is the default starting point when you log in to iDRAC7. Navigate down from the root using the cd verb.
  • Page 213: Using Show Verb

    Using Show Verb To learn more about a target use the show verb. This verb displays the target’s properties, sub-targets, associations, and a list of the SM-CLP verbs that are allowed at that location. Using the -display Option The show –display option allows you to limit the output of the command to one or more of properties, targets, associations, and verbs.
  • Page 214: Sel Management

    • To switch on the server: start /system1 The following message is displayed: system1 has been started successfully • To reboot the server: reset /system1 The following message is displayed: system1 has been reset successfully SEL Management The following examples show how to use the SMCLP to perform SEL-related operations on the managed system. Type the following commands at the SMCLP command prompt: •...
  • Page 215: Map Target Navigation

    Properties: LogCreationClassName= CIM_RecordLog CreationClassName= CIM_LogRecord LogName= IPMI SEL RecordID= 1 MessageTimeStamp= 20050620100512.000000-000 Description= FAN 7 RPM: fan sensor, detected a failure ElementName= IPMI SEL Record Commands: show help exit version • To clear the SEL: delete /system1/logs1/log1/record* The following output is displayed: All records deleted successfully MAP Target Navigation The following examples show how to use the cd verb to navigate the MAP.
  • Page 217: Using Idrac Service Module

    If you disable this feature after installing the iDRAC Service Module, then you must enable it manually in iDRAC. – If the OS to iDRAC pass-through channel is enabled through LOM in iDRAC7, then you cannot use the iDRAC Service Module. Installing iDRAC Service Module You can download and install the iDRAC Service Module from dell.com/support.
  • Page 218: Replicate Lifecycle Logs To Os Log

    Replicate Lifecycle Logs to OS Log You can replicate the Lifecycle Controller Logs to the OS logs from the time when the feature is enabled in iDRAC. This is similar to the System Event Log (SEL) replication performed by OpenManage Server Administrator. All events that have the OS Log option selected as the target (in the Alerts page, or in the equivalent RACADM or WSMAN interfaces) are replicated in the OS log using the iDRAC Service Module.
  • Page 219: Using Idrac Service Module From Racadm

    This option is disabled if OpenManage Server Administrator is installed on the system. Using iDRAC Service Module From RACADM To use the iDRAC Service Module from RACADM, use the objects in the ServiceModule group. For more information, see RACADM Command Line Reference Guide for iDRAC7 and CMC available at dell.com/support/manuals.
  • Page 221: Deploying Operating Systems

    To deploy the operating system on target remote systems: List the iDRAC7 IPv4 addresses of the target remote systems, in the ip.txt text file. List one IPv4 address per line. Insert a bootable operating system, CD or DVD, into the management station drive.
  • Page 222: Deploying Operating System Using Remote File Share

    NOTE: The vmdeploy script processes the -r option slightly differently than the vmcli -r option. If the argument to the -r option is the name of an existing file, the script reads iDRAC7 IPv4 or IPv6 addresses from the specified file and runs the utility once for each line. If the argument to the -r option is not a filename, then it should a single iDRAC7 address.
  • Page 223: Managing Remote File Share

    The connection status for RFS is available in iDRAC7 log. Once connected, an RFS-mounted virtual drive does not disconnect even if you log out from iDRAC7. The RFS connection is closed if iDRAC7 is reset or the network connection is dropped. The Web interface and command-line options are also available in CMC and iDRAC7 to close the RFS connection.
  • Page 224: Configuring Remote File Share Using Web Interface

    Configuring Remote File Share Using Web Interface To enable remote file sharing: In iDRAC7 Web interface, go to Overview → Server → Attached Media. The Attached Media page is displayed. Under Attached Media, select Attach or Auto Attach. Under Remote File Share, specify the image file path, domain name, user name, and password. For information iDRAC7 Online Help .
  • Page 225: Deploying Operating System Using Virtual Media

    Use one of the following methods to boot to the required device: – Set the boot order to boot once from Virtual Floppy or Virtual CD/DVD/ISO using the iDRAC7 Web interface. – Set the boot order through System Setup → System BIOS Settings by pressing <F2> during boot.
  • Page 226: Enabling Sd Module And Redundancy In Bios

    SD1 fails or is removed, SD2 automatically become the active (master) card. You can view the status, health, and the availability of IDSDM using iDRAC7 Web Interface or RACADM. The SD card redundancy status and failure events are logged to SEL, displayed on the front panel, and PET alerts are generated if alerts are enabled.
  • Page 227: Troubleshooting Managed System Using Idrac7

    Generating Tech Support Report Using Diagnostic Console iDRAC7 provides a standard set of network diagnostic tools that are similar to the tools included with Microsoft Windows or Linux-based systems. Using iDRAC7 Web interface, you can access the network debugging tools.
  • Page 228: Scheduling Remote Automated Diagnostics Using Racadm

    You can also run diagnostics using the appropriate WSMAN command(s). For more information, see the WSMAN documentation. You must have iDRAC7 Express license to use remote automated diagnostics. You can perform the diagnostics immediately or schedule it on a particular day and time, specify the type of diagnostics, and the type of reboot.
  • Page 229: Viewing Post Codes

    This is a licensed feature. iDRAC7 records fifty frames during boot time. Playback of the boot screens occur at a rate of 1 frame per second. If iDRAC7 is reset, the boot capture video is not available as it is stored in RAM and is deleted.
  • Page 230: Viewing System Front Panel Lcd Status

    For blade servers: Only system ID LEDs. Viewing System Front Panel LCD Status To view the LCD front panel status for applicable rack and tower servers, in iDRAC7 Web interface, go to Overview → Hardware → Front Panel . The Front Panel page displays.
  • Page 231: Viewing System Health

    CAUTION: You should only perform troubleshooting and simple repairs as authorized in your product documentation, or as directed by online or telephone service and support team. Damage due to servicing that is not authorized by Dell is not covered by your warranty. Read and follow the safety instructions that came with the product.
  • Page 232: Generating Tech Support Report Using Web Interface

    LCD panel, see the server’s Owner’s Manual. Restarting iDRAC7 You can perform a hard or soft iDRAC7 restart without turning off the server: • Hard restart — On the server, press and hold the LED button for 15 seconds.
  • Page 233: Resetting Idrac7 Using Idrac7 Web Interface

    CMC available at dell.com/support/manuals. Resetting iDRAC7 to Factory Default Settings You can reset iDRAC7 to the factory default settings using the iDRAC Settings utility or the iDRAC7 Web interface. Resetting iDRAC7 to Factory Default Settings Using iDRAC7 Web Interface To reset iDRAC7 to factory default settings using the iDRAC7 Web interface: Go to Overview →...
  • Page 235: Frequently Asked Questions

    Web-based interface and remote RACADM. This certificate is not issued by a trusted CA. To resolve this, upload a iDRAC7 server certificate issued by a trusted CA (for example, Microsoft Certificate Authority, Thawte or Verisign).
  • Page 236: Active Directory

    To resolve this, upload an iDRAC7 server certificate issued to the IP address or the iDRAC7 host name. When generating the CSR (used for issuing the certificate), make sure that the common name (CN) of the CSR matches the iDRAC7 IP address (if certificate issued to IP) or the registered DNS iDRAC7 name (if certificate is issued to iDRAC7 registered name).
  • Page 237 Not in this release. Why does it take up to four minutes to log in to iDRAC7 using Active Directory Single Sign–On or Smart Card Login? The Active Directory Single Sign–On or Smart Card log in normally takes less than 10 seconds, but it may take up to four minutes to log in if you have specified the preferred DNS server and the alternate DNS server, and the preferred DNS server has failed.
  • Page 238: Single Sign-On

    When trying to log in to iDRAC7 using the user present in the child domain, Active Directory Single Sign-On login fails.
  • Page 239: Smart Card Login

    How to resolve this? Make sure that the iDRAC7 IP address is listed in the Tools → Internet Options → Security → Trusted sites. If it is not listed, SSO fails and you are prompted to enter your user name and password. Click Cancel and proceed.
  • Page 240 Before starting a Virtual Console session, make sure that the correct mouse is selected for your operating system. Make sure that the Single Cursor option under Tools in the iDRAC7 Virtual Console menu is selected on iDRAC7 Virtual Console client. The default is two cursor mode.
  • Page 241 When launching both the GUI and Virtual Console to the same iDRAC7 system on a management station, a session time- out for the iDRAC7 GUI occurs if the GUI is launched before the popup closes. If the iDRAC7 GUI is launched from the CMC Web interface after the popup with the Virtual Console closed, this issue does not appear.
  • Page 242: Virtual Media

    Virtual Media Why does the Virtual Media client connection sometimes drop? When a network time-out occurs, iDRAC7 firmware drops the connection, disconnecting the link between the server and the virtual drive. If you change the CD in the client system, the new CD may have an autostart feature. In this case, the firmware can time-out and the connection is lost if the client system takes too long to read the CD.
  • Page 243 /dev/sdx /mnt/CD where: /dev/sdx is the device name found in step 4 and /mnt/floppy is the mount point. Why are the virtual drives attached the server removed after performing a remote firmware update using the iDRAC7 Web interface? Firmware updates cause the iDRAC7 to reset, drop the remote connection, and unmount the virtual drives. The drives reappear when iDRAC7 reset is complete.
  • Page 244: Vflash Sd Card

    To prevent SNMP authentication errors from being generated, you must enter community names that are accepted by the agent. Since the iDRAC7 only allows one community name, you must use the same get and set community name for IT Assistant discovery setup.
  • Page 245: Storage Devices

    Remote RACADM error messages — Problems such as incorrect IP Address, incorrect user name, or incorrect password. During a ping test to iDRAC7, if the network mode is switched between Dedicated and Shared modes, there is no ping response. Clear the ARP table on your system.
  • Page 246: Miscellaneous

    From iDRAC7 Web interface: Click Overview → iDRAC Settings → CMC . The CMC Summary page displays the CMC IP address. From the Virtual Console: Select the "Dell CMC" console in the OSCAR to log in to CMC through a local serial connection. RACADM Command Line Reference Guide for CMC RACADM commands can be issued from this connection.
  • Page 247 Remove and reinsert the server. Check CMC Web interface to see if iDRAC7 is displayed as an upgradable component. If it does, follow the instructions Updating Firmware Using CMC Web Interface.
  • Page 249: Use Case Scenarios

    Troubleshooting An Inaccessible Managed System After receiving alerts from OpenManage Essentials, Dell Management Console, or a local trap collector, five servers in a data center are not accessible with issues such as hanging operating system or server. Need to identify the cause to troubleshoot and bring up the server using iDRAC7.
  • Page 250: Obtaining System Information And Assess System Health

    Viewing and Exporting Lifecycle Log and System Event Log To view and export lifecycle log and system event log (SEL): In iDRAC7 Web interface, go to Overview → Server → Logs to view SEL and Overview → Server → Logs → Lifecycle Log to view lifecycle log.
  • Page 251: Performing Graceful Shutdown

    Performing Graceful Shutdown To perform graceful shutdown, in iDRAC7 Web interface, go to one of the following locations: • Overview → Server → Power/Thermal → Power Configuration → Power Control. The Power Control page is displayed. Select Graceful Shutdown and click Apply.
  • Page 252 To assess the capacity of a rack to add additional servers: View the current power consumption data and historical power consumption data for the servers. Based on the data, power infrastructure and cooling system limitations, enable the power cap policy and set the power cap values.