###################################################################### CRITICALITY ###################################################################### Recommended ###################################################################### DELL(TM) REMOTE ACCESS CONTROLLERS (RACs) (FIRMWARE VERSION 3.31) ###################################################################### This document contains updated information about the Dell RACs (Dell Remote Access Card III [DRAC III], DRAC III/XT, Embedded Remote Access [ERA], and Embedded Remote Access Option [ERA/O]). For more information about Dell RACs, including installation and configuration information, see the "Dell Remote Access Controller Installation and Setup Guide" and the "Dell OpenManage Server Administrator User's Guide." These documents are located on your documentation CD. ====================================================================== SUPPORTED SYSTEMS ====================================================================== DRAC III is supported on the following Dell PowerEdge(TM) systems: * PowerEdge 1650 * PowerEdge 4600 * PowerEdge 6600 * PowerEdge 6650 * PowerEdge 7150 DRAC III/XT is supported on the following PowerEdge systems: * PowerEdge 650 * PowerEdge 700 * PowerEdge 750 * PowerEdge 1600SC ERA is supported on the following systems: * PowerEdge 2650 * Dell PowerVault(TM) 775N ERA/O is supported on the following systems: * PowerEdge 1650 * PowerEdge 1750 * PowerEdge 2600 * PowerVault 770N ====================================================================== SUPPORTED OPERATING SYSTEMS ====================================================================== MS-DOS(R) version 6.22 supports the RAC Remote Floppy Boot feature (32-bit systems only). ====================================================================== SUPPORTED WEB BROWSERS ====================================================================== * Microsoft(R) Internet Explorer 6.0 on Microsoft Windows(R) Server 2003, Windows 2000, and Windows XP Professional * Mozilla 1.6 and 1.7.1 on Red Hat(R) Enterprise Linux AS version 2.1 and Red Hat Enterprise Linux AS, ES, and WS version 3 * Netscape Navigator 7.02 and 7.1 on Microsoft Windows 2000, Windows Server 2003, Windows XP Professional, Red Hat Enterprise Linux AS version 2.1, and Red Hat Enterprise Linux AS, ES, and WS version 3 Your Web browser requires the installation of one of the following supported Java Virtual Machines (JVMs): * Internet Explorer, Netscape Navigator, and Mozilla: Sun Java Runtime Environment (JRE) 1.4.2 NOTE: When using Internet Explorer or Netscape Navigator on systems running Microsoft Windows, to view localized versions of the RAC's Web-based remote access interface, open the Windows "Control Panel", double-click the "Regional Options" icon, and select the desired locale from the "Your locale (location)" drop-down menu. ###################################################################### CORRECTED ISSUES IN THIS RELEASE (FIRMWARE VERSION 3.31) ###################################################################### * The remote floppy drive now accomodates writes of data blocks larger than 2048 bytes. ###################################################################### NEW FEATURES IN THIS RELEASE ###################################################################### ###################################################################### KNOWN ISSUES FOR RACs ###################################################################### The following subsections list the known issues regarding the implementation and operation of the remote access service and RACs. * DRAC 3 Managed Node software must be installed for accurate population of the "Hostname", "OS Name", and "OS Type" information fields in the Web based interface and racadm getsysinfo command. (143902) * The RAC will reset its NIC every 30 seconds when the network is idle to guarentee the physical hardware mechanisms remain operational. * Nessus reports some vulnerabilities in the DRAC III due to a file being returned on a raw HTTP GET command of a nonexistent file. The returned file will contain only an embedded error stream "RMC Webserver 2.0: error 404 occurred". However, Nessus assumes it is the real file and issues a security warning. * DRAC Firmware versions 3.20 and later support four Web browser sessions when Active Directory logins are present. * Some recent Microsoft telnet clients do not transmit the "F2" key, preventing a "connect com2" session from entering the BIOS setup ("F2 = Setup") from the startup display. This problem can be solved with the "Services for UNIX" (SFU 3.5) that can be downloaded from: http://www.microsoft.com/windows/sfu/downloads/default.asp * The DNS server addresses cannot be obtained from DHCP unless the RAC IP address is obtained from DHCP. * To view the RAC Web-based interface when using Mozilla 1.6, you must configure your cookie settings to "Enable all cookies". To enable all cookies, go to the menu options and click "Edit -> Preferences -> Privacy & Security -> Cookies", and then select "Enable all cookies". If you do not perform these steps, you will not be able to log in to the Web interface and you will receive a message that your username and password are incorrect. * If you use Nessus for vulnerability scanning on your network, it may report security holes with your RAC firmware. As of the date of this release, these security holes have been tested and proven to be false. The reported holes are due to limitations in the Nessus plug-in architecture. * On PowerEdge 4600 systems, DRAC III no longer reads the battery charge when DRAC III is powered from the PCI or AC adaptor power sources. If the battery is charged from one these sources, the adaptor power will always report a normal voltage reading. If DRAC III is powered from the battery, (that is, no PCI or AC adaptor power), then the true battery voltage is reported. * If the RAC firmware is updated using any method other than the RAC Firmware Repair utility, platform sensors and the System Event Log (SEL) will not be available until the RAC is reset. A RAC Reset can be performed using the RAC Web-based interface, or by entering the "racadm racreset" command using the Racadm command line interface. * The following information is not available in the current RAC documentation: The following RAC ports are open for connection: - 21 - FTP (not configurable) - 23 - Telnet (not configurable) - 80 - HTTP (not configurable) - 443 - HTTPS (not configurable) - 5860 - Racadm using PPP for Server Agent bypass (configurable) - 5869 - Remote racadm (configurable) - 5900 - VNC proxy server (configurable) - A random number larger than 32768 - RAC FW update through RAC GUI (not configurable) The following RAC ports are used for connection when the RAC is acting as a client: - 69 - TFTP (not configurable) - 5859 - Talking to MN event server (configurable) - 5981 - VNC proxy client to VNC server (configurable) * After installing the Sun JVM on client systems running the Windows 2000 Server operating system with SP4, you must restart the system to enable the Console Redirection feature. * On management stations running the Windows XP or Windows 2000 operating system, you must reboot your system after you install the Sun Java Runtime Environment (JRE) to complete the installation. * The Remote Floppy Boot feature will not work unless a diskette drive is present in the target system (managed system). * On some versions of the Sun JRE 1.4.2, the "Applet cardApplet noinited" error appears and the remote access interface does not start. To fix this issue, either upgrade to the Sun JRE 1.4.2_02 or 1.4.2_03, or use the Sun 1.4.2 SDK rather than the JRE. * Your RAC serial or telnet console may not work properly unless you have the appropriate system BIOS version. Update your system BIOS to the latest version before using the serial or telnet console. * Some versions of the Microsoft telnet client such as those in Windows 2003 and Windows XP do not properly support sending both and characters when is pressed. Microsoft has a fix for this with a QFE now released. This fix is described in KB824810 at “https://premier.microsof.com/premier/library/default.aspx?scid=kb; en-us;824810”. * The Linux “sysrq” option does not properly support serial flow control during its output when a “connect com2” command is used to connect to the server from a telnet session connected to the RAC. To fix this issue, either use the serial port to connect to the RAC or lower the baud rate for the internal RAC-to-system connection from 57600 baud to 9600 baud. To lower the baud rate for the internal RAC-to-system connection, you must lower the rate on both the RAC and the Linux server by typing the following command: racadm config -g cfgRacTuning -o cfgRacTuneHostCom2BaudRate 9600 To lower the Linux server baud rate, the following two files must be modified. Change the serial rate specification in “/boot/grub/grub.conf” to 9600 baud. For example: serial --unit=1 --speed=9600 console=tty0 console=ttyS1,9600 Change the “getty” specification in “/etc/inittab” to 9600 baud. For example: co:2345:respawn:/sbin/agetty -h -L 9600 ttyS1 vt100 Reset the RAC by typing the “racadm racreset” command, wait at least 10 seconds, and restart the system to complete the baud rate change. * Some terminal servers will not signal the RAC when the user connection has ended. This behavior of the terminal server results in the RAC continuing any validated sessions the user may have started. To prevent this situation, discontinue any validated sessions (log out) before disconnecting from the terminal server. * If the RAC and server are powered up simultaneously (cold start), the “connect com2” command may not function properly. If the “connect com2” is not functioning properly, reboot the server without power-cycling or removing power from the RAC. * Your Remote Floppy Boot image may hang during initialization when "device=EMM386.exe NOEMS" is used. The system may hang when the entry "device=emm386.exe noems" is present in the "config.sys" file image called from the RAC remote floppy boot feature. The problem encountered is that the Dell RAC option ROM is resident in memory at the time the Remote Floppy Boot is executed and occupies the memory ranges being overwritten by the EMM386 memory manager. Two solutions for this issue are: 1. Do not use the "noems" option to call "emm386.exe". Example: device=emm386.exe 2. Call “emm386.exe” and exclude the address range for EMS page frames that is currently in use by the Dell RAC Option ROM (see Microsoft Knowledge Base Article KB78557 for additional information). Example: device=emm386.exe noems x=c000-dfff * To connect to a RAC, your browser's JVM must support the provider of the SSL certificate loaded onto the RAC. For example, the Sun 1.4.2 JVM does not support SSL certificates generated by Microsoft Certificate Server. To work around this issue, use a certificate provider supported by your client's JVM. * The RAC remote access interface takes several minutes to load. This situation occurs when using the RAC remote access interface with Sun Java Virtual Machine (JVM) 1.4.1. * The “Save As” button normally present on the "Log" tabs of the RAC user interface is not present when the Sun JVM (WinXP/IE6) is installed. * Only one remote access user session may request server sensor information at a time. If more than one session requests server sensor information simultaneously, the sensor information may be inaccurate. * When using the RAC remote access interface with the Java 2 Runtime Environment (J2RE), the "Save As" button that previously appeared in the POST Log, Hardware Log, RAC Log, Boot Path Analysis, and Debug pages does not appear. * When logged in to the RAC Web-based interface, pressing to open a new RAC Web-based interface may cause the browser to become unresponsive. To avoid this situation, always create a new browser instance before attempting to connect to the RAC Web-based interface. * When using Netscape, multiple instances of Netscape run from the same client system are not allowed due to the way Netscape handles session information by default. If you require the ability to use Netscape this way to access the RAC product, see the Netscape user documentation about configuring your Netscape browser to disallow the sharing of session information between instances. * RAC does not support local RAC user IDs with special characters. When adding a local RAC user, use only alphanumeric characters for the user name. * RAC firmware versions 2.0 and later do not support passwords with special characters (non-alphanumeric) only for RAC user IDs logging in using the Web-based interface (with Local RAC Authentication). If you created RAC user IDs using previous versions of the firmware or if you created user IDs using a version of Server Administrator that is running version 2.0 firmware on the managed system, you cannot log into the RAC. Use one of the following four methods to correct this issue: - Change your passwords before updating the firmware. OR - Use the following CLI command to change the password: omconfig rac users username=xx userpassword=yy where "xx" is the original userid and "yy" is the new password OR - Change the password through Server Administrator using the "User" tab. Ensure that the check box to change the password is checked. Enter a new password, and then enter it again to validate the change. OR - Use the racadm utility to change the password: racadm config -g cfgUserAdmin -o cfgUserAdminPassword -i where is the index of the user database entry to be modified and is the new password * Informational SNMP traps are not displayed when sensor readings return to normal values; however, you can use the RAC Web-based interface to view this information in the Hardware Log under the "Logs" tab. * Depending on your network and proxy configurations, and if you are using Netscape Navigator or a Mozilla browser, you may need to enter the exact IP address of the RAC controller you are trying to access in the "No Proxy for" field of your browser. Perform the following steps: 1. Open your Netscape Navigator or Mozilla browser. 2. Click "Edit". 3. Click "Preferences ...". 4. Click "Advanced" in the left sidebar. 5. Click "Proxies" in the left sidebar. 6. Enter the RAC IP address in the "No Proxy for:" field. 7. Click "OK" and then close the browser. * RAC console redirection text mode does not support the key combination. Instead, use . * When using the RAC Remote Floppy Boot feature to start DOS network interfaces, add the following commands to the "autoexec.bat" file: NET INITIALIZE /dynamic NET START basic * The last crash screen is not available when the watchdog recovery action is set to "Shutdown" or "Power Cycle" if the managed system is powered off. * The last crash screen time stamp might be normalized to GMT. * MS-DOS version 6.22 is required for the DOS racadm CLI feature. To limit DOS racadm CLI output to a single screen, use the MS-DOS more.com utility. Type the following command at the prompt: a: racadm help | more * Using the RAC default certificate for SSL generates a Host Mismatch warning message in Netscape. A certificate authority (CA) generated SSL certificate must be downloaded to the RAC for proper security. * During the first 40 seconds after a RAC reset, the RAC is synchronizing with the system ESM and managed system service. If an alert is generated during this time, some of the values may be reported as "unknown". The time field contains the number of seconds since RAC startup. After synchronization has completed, all values are reported correctly. * If the RAC configuration is reset to preinstalled defaults through the "racadm racresetcfg" command, some of the information fields displayed through the "racadm getsysinfo" command and on the "Properties" pane of the DRAC III/XT user interface are not available until the system is rebooted. * On Windows 2003, the RAC Out-of-Band GUI fails to open with built-in browser, if the default security level is set to "High". To fix this issue, perform the following steps: 1. Open your browser. 2. Click "Tools". 3. Select "Internet Options". 4. In "Internet Options", choose the "Security" tab. 5. Select "Internet" for Web Content Zone. 6. Click "Default Level" under "Custom". 7. Change the "Security Level" to "Medium". 8. Click "Apply". 9. Repeat Steps 1 to 5, and select "Trusted Sites" for Web Content Zone. 10. Click "Sites...", and then add the Out-of-Band URL to your list of trusted websites. 11. Click "Apply". ====================================================================== Server Sensor Issues ====================================================================== * When viewing the Hardware Log with the system turned off, the log may contain entries that identify sensors in the following way: "BMCxx,..sensor #..." It is recommended that you wait at least 2 minutes after initially rebooting your system to allow the server sensors to be gathered so that the ESM log can be formatted. - On PowerEdge 1750 systems only, the Hardware Log may contain entries that identify sensors in the following way: "BMCxx,watchdogsensor#" even when the system is powered on. This issue will be corrected in a later release of the firmware. * When viewing server sensors, a difference might occur between the number of sensors displayed when the system is turned on and the number of sensors displayed when the system is turned off. Also, if the system is turned off, then the data that is last displayed are the values just before you shut down the system. The system does not reset itself; therefore, the data is not lost. When the system is restarted, the data will be altered because the ESM firmware is obtaining new sensors. * To avoid issues with receiving server sensor information, access server sensor information through one user session at a time. ###################################################################### KNOWN RAC-SPECIFIC ISSUES ###################################################################### * The following sections provide specific issues, if any, for DRAC III, DRAC III/XT, ERA, and ERA/O controllers. ====================================================================== DRAC III-SPECIFIC ISSUES ====================================================================== * It is recommended that you configure the DRAC III VT-100 interface screen using HyperTerminal to a window size of 80 x 26 when displaying text console redirection. ====================================================================== DRAC III/XT—SPECIFIC ISSUES ====================================================================== * The DRAC III/XT Web-based interface does not display "Post Log" or "Boot Path Analysis" if the DRAC III/XT is reset. * When the RAC is reset, the watchdog timer is set to the default configuration (no configuration). ====================================================================== ERA—SPECIFIC ISSUES ====================================================================== * The ERA Web-based remote access interface does not display "POST log" or "Boot Path Analysis" if the ERA is reset. * When starting a system with an ERA controller installed, the ERA POST log may not capture POST codes and errors. Reboot your system to correct this condition. ====================================================================== ERA/O-SPECIFIC ISSUES ====================================================================== None ====================================================================== POWEREDGE 7150 SYSTEM ISSUES ====================================================================== * On PowerEdge 7150 systems, the DRAC III may display text-only console redirection instead of graphical redirection. For graphical console redirection support, you must update the ATI video driver from the Dell Support website at "support.dell.com" or from the "Systems Management" CD. The installation instructions for updating the driver are in a "readme.txt" file included with the driver. The driver required to support DRAC III graphical console redirection is ATI Rage XL, version 5.0.2462.6000. * The DRAC III does not display the correct sensor values if the PowerEdge 7150 loses power while the DRAC III sensor window is open. If the PowerEdge 7150 loses power while the DRAC III sensors are being displayed, you must log out and log back in to the DRAC III to refresh the DRAC III sensor values. * The Internet Explorer application embedded in the Windows Advanced Server Limited Edition operating system does not support Java applets; therefore, it is not possible to use the Windows Advanced Server Limited Edition's Internet Explorer browser to connect to DRAC III over a local area network (LAN) or the Internet. ###################################################################### KNOWN ISSUES FOR DOCUMENTATION ##################################################################### * In step 14 of the "Exporting the Domain Controller Root CA Certificate" procedure, "RAC Web-based interface -> Configuration tab -> Active Directory page" is no longer a valid option. To upload the Domain Controller Root CA Certificate to the RAC, use the racadm CLI commands. * In the "Importing the RAC Firmware SSL Certificate to All Domain Controllers Trusted Certificate Lists" section, the second note should read as: "You can get this certificate from the RAC by using the racadm CLI commands (see "Configuring the RAC Active Directory Settings Using the racadm CLI")". * The following information is not available in the current RAC documentation: During console redirection sessions, 56-bit DES encryption is used on all keystrokes sent to Dell Remote Access Card (DRAC) III, DRAC III/XT, Embedded Remote Access (ERA) or Embedded Remote Access Option (ERA/O). SSL encryption is used for communication with the RAC Web server at 128 bits strength except in those regions and countries where law requires a lower strength encryption. ###################################################################### Information in this document is subject to change without notice. (C) 2005 Dell Inc. All rights reserved. Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: "Dell", "PowerEdge", "PowerVault", and "Dell OpenManage" are trademarks of Dell Inc.; "Microsoft", "Windows", and "MS-DOS" are registered trademarks of Microsoft Corporation; "Red Hat" is a registered trademark of Red Hat, Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own. July 2005