- Notes, cautions, and warnings
- Overview
- Benefits of using iDRAC with Lifecycle Controller
- Key features
- New in this release
- How to use this user's guide
- Supported web browsers
- Managing licenses
- Licensed features in iDRAC7 and iDRAC8
- Interfaces and protocols to access iDRAC
- iDRAC port information
- Other documents you may need
- Social media reference
- Contacting Dell
- Accessing documents from Dell support site
- Logging in to
iDRAC
- Logging in to iDRAC as local user, Active Directory user, or LDAP user
- Logging in to iDRAC using a smart card
- Logging in to iDRAC using Single Sign-On
- Accessing iDRAC using remote RACADM
- Accessing iDRAC using local RACADM
- Accessing iDRAC using firmware RACADM
- Accessing iDRAC using SMCLP
- Logging in to iDRAC using public key authentication
- Multiple iDRAC sessions
- Changing default login password
- Enabling or disabling default password warning message
- Invalid password credentials
- Setting up managed
system and management station
- Setting up iDRAC IP address
- Setting up management station
- Setting up managed system
- Configuring supported web browsers
- Updating device
firmware
- Downloading device firmware
- Updating firmware using iDRAC web interface
- Updating device firmware using RACADM
- Scheduling automatic firmware updates
- Updating firmware using CMC web interface
- Updating firmware using DUP
- Updating firmware using remote RACADM
- Updating firmware using Lifecycle Controller Remote Services
- Updating CMC firmware from iDRAC
- Viewing and managing staged updates using iDRAC web interface
- Viewing and managing staged updates using RACADM
- Rolling back device firmware
- Backing up server profile
- Importing server profile
- Monitoring iDRAC using other Systems Management tools
- Configuring
iDRAC
- Viewing iDRAC information
- Modifying network settings
- Configuring services
- Using VNC client to manage remote server
- Configuring front panel display
- Configuring time zone and NTP
- Setting first boot device
- Enabling or disabling OS to iDRAC Pass-through
- Obtaining certificates
- Configuring multiple iDRACs using RACADM
- Disabling access to modify iDRAC configuration settings on host system
- Viewing iDRAC and managed system information
- Viewing managed system health and properties
- Viewing system inventory
- Viewing sensor information
- Monitoring performance index of CPU, memory, and I/O modules
- Checking the system for fresh air compliance
- Viewing historical temperature data
- Viewing network interfaces available on host OS
- Viewing FlexAddress mezzanine card fabric connections
- Viewing or terminating iDRAC sessions
- Setting up iDRAC
communication
- Communicating
with iDRAC through serial connection using DB99 cable
- Configuring BIOS for serial connection
- Enabling RAC serial connection
- Enabling IPMI serial connection basic and terminal modes
- Switching between RAC serial and serial console while using DB9 cable
- Communicating with iDRAC using IPMI SOL
- Communicating with iDRAC using IPMI over LAN
- Enabling or disabling remote RACADM
- Disabling local RACADM
- Enabling IPMI on managed system
- Configuring Linux for serial console during boot
- Supported SSH cryptography schemes
- Communicating
with iDRAC through serial connection using DB99 cable
- Configuring user accounts and privileges
- Configuring local users
- Configuring
Active Directory users
- Prerequisites for using Active Directory authentication for iDRAC
- Supported Active Directory authentication mechanisms
- Standard schema Active Directory overview
- Configuring Standard schema Active Directory
- Extended schema Active Directory overview
- Configuring Extended schema Active Directory
- Extending Active Directory schema
- Installing Dell extension to the Active Directory users and computers snap-in
- Adding iDRAC users and privileges to Active Directory
- Configuring Active Directory with Extended schema using iDRAC web interface
- Configuring Active Directory with Extended schema using RACADM
- Testing Active Directory settings
- Configuring generic LDAP users
- Configuring
iDRAC for Single Sign-On or smart card login
- Prerequisites for Active Directory Single Sign-On or smart card login
- Configuring iDRAC SSO login for Active Directory users
- Configuring iDRAC smart card login for local users
- Configuring iDRAC smart card login for Active Directory users
- Enabling or disabling smart card login
- Configuring
iDRAC to send alerts
- Enabling or disabling alerts
- Filtering alerts
- Setting event alerts
- Setting alert recurrence event
- Setting event actions
- Configuring email alert, SNMP trap, or IPMI trap settings
- Configuring WS Eventing
- Configuring Redfish Eventing
- Monitoring chassis events
- Alerts message IDs
- Managing logs
- Monitoring and managing power
- Inventorying, monitoring,
and configuring network devices
- Inventorying and monitoring network devices
- Inventorying and monitoring FC HBA devices
- Dynamic configuration
of virtual addresses, initiator, and storage target settings
- Supported cards for I/O Identity Optimization
- Supported NIC firmware versions for I/O Identity Optimization
- Virtual/Flex Address and Persistence Policy behavior when iDRAC is set to Flex Address mode or Console mode
- System behavior for FlexAddress and I/O Identity
- Enabling or disabling I/O Identity Optimization
- Configuring persistence policy settings
- Managing storage
devices
- Understanding RAID concepts
- Supported controllers
- Supported enclosures
- Summary of supported features for storage devices
- Inventorying and monitoring storage devices
- Viewing storage device topology
- Managing physical disks
- Managing virtual disks
- Managing controllers
- Configuring controller properties
- Importing or auto importing foreign configuration
- Clearing foreign configuration
- Resetting controller configuration
- Switching the controller mode
- 12 Gbps SAS HBA adapter operations
- Monitoring predictive failure analysis on drives
- Controller operations in non-RAID (HBA) mode
- Running RAID configuration jobs on multiple storage controllers
- Managing PCIe SSDs
- Managing enclosures or backplanes
- Choosing operation mode to apply settings
- Viewing and applying pending operations
- Storage devices — apply operation scenarios
- Blinking or unblinking component LEDs
- Configuring
and using virtual console
- Supported screen resolutions and refresh rates
- Configuring web browsers to use virtual console
- Configuring virtual console
- Previewing virtual console
- Launching virtual console
- Using virtual
console viewer
- HTML5 based virtual console session running on Windows and Linux operating system
- Synchronizing mouse pointers
- Passing all keystrokes through virtual console for Java or ActiveX plug-in
- Managing virtual media
- Installing and using VMCLI utility
- Managing vFlash SD card
- Configuring vFlash SD card
- Managing vFlash partitions
- Using SMCLP
- Using iDRAC Service Module v2.3.0
- Using USB port for server management
- Using iDRAC Quick Sync
- Deploying operating systems
- Troubleshooting managed system using iDRAC
- Using diagnostic console
- Viewing post codes
- Viewing boot and crash capture videos
- Viewing logs
- Viewing last system crash screen
- Viewing front panel status
- Hardware trouble indicators
- Viewing system health
- Generating SupportAssist Collection
- Checking server status screen for error messages
- Restarting iDRAC
- Erasing system and user data
- Resetting iDRAC to factory default settings
- Frequently asked questions
- Use case scenarios
- Troubleshooting an inaccessible managed system
- Obtaining system information and assess system health
- Setting up alerts and configuring email alerts
- Viewing and exporting Lifecycle log and System Event Log
- Interfaces to update iDRAC firmware
- Performing graceful shutdown
- Creating new administrator user account
- Launching server's remote console and mounting a USB drive
- Installing bare metal OS using attached virtual media and remote file share
- Managing rack density
- Installing new electronic license
- Applying I/O Identity configuration settings for multiple network cards in single host system reboot
Velkommen
Dell-websteder
Dell-websteder
Velkommen hos Dell
Min konto
- Afgiv ordrer hurtigt og nemt
- Se ordrer og spor status for din forsendelse
- Opret og få adgang til en liste med dine produkter
- Administrer dine Dell EMC-websteder, -produkter og -kontaktpersoner på produktniveau ved hjælp af Company Administration (Virksomhedsadministration).
iDRAC 8/7 v2.30.30.30 User’s Guide
Active Directory
Active Directory login failed. How to resolve this?
To diagnose the problem, on the Active Directory Configuration and Management page, click Test Settings. Review the test results and fix the problem. Change the configuration and run the test until the test user passes the authorization step.
In general, check the following:
- While logging in, make sure that you use the correct user domain
name and not the NetBIOS name. If you have a local iDRAC user account,
log into iDRAC using the local credentials. After logging in, make
sure that:
- The Active Directory Enabled option is selected on the Active Directory Configuration and Management page.
- The DNS setting is correct on the iDRAC Networking configuration page.
- The correct Active Directory root CA certificate is uploaded to iDRAC if certificate validation was enabled.
- The iDRAC name and iDRAC Domain name matches the Active Directory environment configuration if you are using extended schema.
- The Group Name and Group Domain Name matches the Active Directory configuration if you are using standard schema.
- If the user and the iDRAC object is in different domain, then do not select the User Domain from Login option. Instead select Specify a Domain option and enter the domain name where the iDRAC object resides.
- Check the domain controller SSL certificates to make sure that the iDRAC time is within the valid period of the certificate.
Active Directory login fails even if certificate validation is enabled. The test results display the following error message. Why does this occur and how to resolve this?
ERROR: Can't contact LDAP server, error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed: Please
check the correct Certificate Authority (CA) certificate has been uploaded to iDRAC. Please also check if the iDRAC date is
within the valid period of the certificates and if the Domain Controller Address configured in iDRAC matches the subject of
the Directory Server Certificate.
If certificate validation is enabled, when iDRAC establishes the
SSL connection with the directory server, iDRAC uses the uploaded
CA certificate to verify the directory server certificate. The most
common reasons for failing certification validation are:
- iDRAC date is not within the validity period of the server certificate or CA certificate. Check the iDRAC time and the validity period of your certificate.
- The domain controller addresses configured in iDRAC does not match the Subject or Subject Alternative Name of the directory server certificate. If you are using an IP address, read the next question. If you are using FQDN, make sure you are using the FQDN of the domain controller and not the domain. For example, servername.example.com instead of example.com.
Certificate validation fails even if IP address is used as the domain controller address. How to resolve this?
Check the Subject or Subject
Alternative Name field of your domain controller certificate. Normally,
Active Directory uses the host name and not the IP address of the
domain controller in the Subject or Subject Alternative Name field
of the domain controller certificate. To resolve this, do any of the
following:
- Configure the host name (FQDN) of the domain controller as the domain controller address(es) on iDRAC to match the Subject or Subject Alternative Name of the server certificate.
- Reissue the server certificate to use an IP address in the Subject or Subject Alternative Name field, so that it matches the IP address configured in iDRAC.
- Disable certificate validation if you choose to trust this domain controller without certificate validation during the SSL handshake.
How to configure the domain controller address(es) when using extended schema in a multiple domain environment?
This must be the host name (FQDN) or the IP address of the domain controller(s) that serves the domain in which the iDRAC object resides.
When to configure Global Catalog Address(es)?
If you are using standard schema and the users and role groups are from different domains, Global Catalog Address(es) are required. In this case, you can use only Universal Group.
If you are using standard schema and all the users and role groups are in the same domain, Global Catalog Address(es) are not required.
If you are using extended schema, the Global Catalog Address is not used.
How does standard schema query work?
iDRAC connects to the configured domain controller address(es) first. If the user and role groups are in that domain, the privileges are saved.
If Global Controller Address(es) is configured, iDRAC continues to query the Global Catalog. If additional privileges are retrieved from the Global Catalog, these privileges are accumulated.
Does iDRAC always use LDAP over SSL?
Yes. All the transportation is over secure port 636 and/or 3269. During test setting, iDRAC does a LDAP CONNECT only to isolate the problem, but it does not do an LDAP BIND on an insecure connection.
Why does iDRAC enable certificate validation by default?
iDRAC enforces strong security to ensure the identity of the domain controller that iDRAC connects to. Without certificate validation, a hacker can spoof a domain controller and hijack the SSL connection. If you choose to trust all the domain controllers in your security boundary without certificate validation, you can disable it through the Web interface or RACADM.
Why does it take up to four minutes to log in to iDRAC using Active Directory Single Sign–On or Smart Card Login?
The Active Directory Single Sign–On or Smart Card log in normally takes less than 10 seconds, but it may take up to four minutes to log in if you have specified the preferred DNS server and the alternate DNS server, and the preferred DNS server has failed. DNS time-outs are expected when a DNS server is down. iDRAC logs you in using the alternate DNS server.
The Active Directory is configured for a domain present in Windows Server 2008 Active Directory. A child or sub domain is present for the domain, the user and group is present in the same child domain, and the user is a member of that group. When trying to log in to iDRAC using the user present in the child domain, Active Directory Single Sign-On login fails.
This may be because of the an incorrect group
type. There are two kinds of Group types in the Active Directory server:
- Security — Security groups allow you to manage user and computer access to shared resources and to filter group policy settings.
- Distribution — Distribution groups are intended to be used only as email distribution lists.
Always make sure that the group type is Security. You cannot use distribution groups to assign permission on any object, however use them to filter group policy settings.
Angiv vurderinger (1-5 stjerner).
Angiv vurderinger (1-5 stjerner).
Angiv vurderinger (1-5 stjerner).
Angiv, om artiklen var nyttig eller ej.
Kommentarer må ikke indeholde følgende specialtegn: <>()\