Monday, 29 August 2011

HP Microserver: Remote Access Card

Remote access functionality, sometimes called "Lights Out" management, is a standard feature on mid- and high-end servers. It allows a system administrator to remotely access the console of the server as well as performing power on, off and reset operations. Most implementations also allow for remote media management, allowing the administrator to remotely connect CD-ROM or floppy images across the network to the server.

Low end servers, including the original ML110 and ML115 G5 servers, and the newer Microserver do not come with this functionality. However, it can be added as an extra.

I was out of spare slots on my KVM, so when I bought the Microserver, I included the Remote Access Card (RAC) in the purchase. The Microserver has a PCIe 16x and PCIe 1x slot. The RAC fits into the 1x slot, leaving another card free for upgrades.

The easiest way to configure the card is to initially use a keyboard and monitor.

The back of the card has a standard RJ45 Ethernet connector and a VGA port. The monitor needs to be connected to this port and not the onboard VGA port. Once connected, the machine can be powered on.

When prompted, press F10 to enter the ROM setup. From here, select the Advanced page and IPMI Configuration:


Select Set LAN Configuration:


Set the BMC LAN Configuration option to Static and then enter and IP address, subnet mask and default gateway:


While in here, it's also worth tuning the VGA configuration. Since this server isn't running anything graphical, I dropped the VGA RAM allocated down to the minumum. From the Advanced page, select PCI Express Configuration:



Under VGA Memory Size, select 32MB.

Exit the ROM setup and save settings. Reboot the server. If everything has been configured successfully, you can now disconnect the monitor and keyboard.

Once configured, open a browser to the IP port and you should get the login screen:



The default username is admin and the default password is password.

I've had problems sometimes getting past the login. My username/password is accepted, but I'm returned to the login page. To avoid, I always go to the index.html and not the login.html, and I use Firefox's Private Browsing mode. I assume a cookie is getting set incorrectly sometimes and this process seems to work around it.

Once logged in, the RAC presents a menu down the left hand side, with the main content on the right. Most is pretty self-explanatory.

Email settings


Remote power control

SNMP trap configuration

 The most interesting are at the bottom and provide access to the virtual media and virtual KVM (Keyboard, Video, Mouse):

Virtual KVM and Media configuration

The Virtual Media is a Java application (loads through Java Webstart) and allows either the local CD/DVD drive, or an ISO image to be connected remotely to the server:



The Virtual KVM is also a Jave Webstart application and provides access to the server console. Special keystrokes such as CTRL-ALT-DEL can be sent using the Macro menu. The following screenshot shows ESXi 5.0 running on the Microserver:


The only problem I had with the Java applications is when I attempted to access them with my Mac. For some reason it had problems opening the file. So I used Windows instead.

So how good is the RAC? While it's probably true to say that I won't be using it all that often, it's a very useful addition to the Microserver, especially if you want to put it somewhere out of the way like the garage or loft.

Unlike the more expensive ILO cards, the RAC does not have an onboard battery, so if the Microserver loses power completely, it's not possible to connect to it. However, if power is connected to the Microserver, you should be able to connect.

** Update 12-FEB-2013: My thanks to Tom Hall who commented that there is a 1.3 firmware for the RAC that fixes a problem where it becomes unresponsive to the network. I've seen this problem a couple of times and it's a pain as it basically makes the RAC useless. The new firmware should resolve this issue. **

46 comments:

teo said...

hi! Really interesting in this card, I wonder did you test the thermal monitoring functions?
Normally you should be able to see temperatures and FAN rpm under the hardware tab of your ESXi server...

Konstantinos said...

Hi, nice article ! Keep walking mate !

JR said...

Hi Teo

I installed ESXi using the "normal" version and not a customised HP version. I don't get any useful information under the Hardware Status tab in vCenter (it reports "Hardware monitoring service on this host is not responding or not available").

Thanks for the comment.

Wudzi said...

I've just managed to solve the issue about KVM not working from a Mac. I changed to port number (to 23 in my case) as I wanted it to get through a firewall and it now works on Mac as well as PC (10.7 Safari and latest Java)

JR said...

Wudzi - thanks for the comment, that's really useful.

visum said...

I am having a weird problem with my HP Proliant N40L Micro server and the HP Remote Access Card (RAC):
After continuous operation for a week or so I powered the server down using the RAC and it would not turn on neither remotely or directly from the power button. First I thought that the PSU is out (the amber light on the power button was on, but no other signs of life) so I ordered a new PSU, installed it, and everything was good until I decided to power off the server using the RAC again…

I removed completely the RAC from the MOBO, but still can't power the server up: completely dead, but the amber light on the power button.

Tested the old PSU with multimeter: everything is in perfect working condition.

In a mean time HP sends me a new MOBO and another PSU.

I am running WHS 2011 with original BIOS and updated RAC firmware.

Any advice will be appreciated.

JR said...

Hi Visum

It sounds to me like you have a hardware problem. I'd try and get this sorted by HP under warranty.

Thanks

JR

Brenton Crosby said...

Good article, thank you for posting.

Dush said...

Just thought I'd relay my experience for anyone googling. I purchased the Microserver with the RAC for what must be now 12 months and it's been working flawlessly.

I've needed to use the RAC a couple times over the last 12 months and it's proved so much easier than having to connect up a monitor/keyboard.

However today my server failed to login via RDP, so I wanted to see what's up via the RAC but to my surprise I couldn't login! Shutdown the power, reboot my router and switches in hope it'd come back up but no such luck.

So I had to lug an old keyboard/monitor and do it manually. For some reason the RAC wasn't picking up the IP address that it showed in the BIOS. So I had to toggle Manual, reboot, then DNS, reboot and it connected under another IP address.

To avoid this situation in the future I'm going to setup a ping monitor to monitor the card so I can hopefully fix an issue before I need it.

Marty McCafferty said...

I also have had the RAC drop its network connection and not respond. The only way I could get it back was to pull the power plug on the server. This is terrible for remote servers. I am searching for a solution that would let me reset the card from the running OS if possible. If anyone finds a solution please post.

Thanks!

Dush said...

I doubt you will be able to reboot it from the OS as it's completely separate from the main machine.

The only alternative I can think of is getting one of those network enabled power strips so you can do a true remote shutdown.

jtang1013 said...

For those who is trying to use vMeida on RAC, I just found out it works only if the Java JRE 32bit installed, not the 64bits (even you're running from a 64 bits of OS, like Windows 7 64bits).

Also, the static IP for the RAC sometime does not response even the IP address was set correctly (which can be checked out by the BIOS)>

Dush said...

Thanks jtang1013 for posting that. My recovery plan was to mount a Acronis boot disk over the RAC so whenever I had my next failure this would have been a further headache that resulted in me doing things manually!

The best thing for the RAC loosing connectivity is just to use a service like uptime robot and whenever it emails you saying it's dead just do a full shutdown by taking the power plug out and allowing the RAC to reset.

Chris Jones said...

I have also experienced the RAC losing networking. Pretty poor stuff for a card that's very likely to spend long periods of time idle on a network!

Andrew Smith said...

Can anyone explain the SSL certificate options for this card. Is the ssl cert used for encrypting the session or for login credentials as opposed to a password. How do i use openssh to generate the key or should I puchase an ssl cert from godaddy etc.?

Tom Hall said...

Hi - if you haven't seen it already, HP have posted a new v1.3 firmware for their HP MicroServer Remote Access Card

http://h20000.www2.hp.com/bizsupport...&printver=true

Problems Fixed:

Resolved an issue with uploading new Security Certificate using Web-GUI of Proliant MicroServer Remote Access card.

Resolved an issue where the HP ProLiant Remote Access Card becomes inaccessible via Http, SSH or remote KVM sessions from client systems over LAN interface and pings time out.

It flashed and is working ok on my system

JR said...

Hi Tom

Thanks for the comment. I wasn't aware of the update and will apply it. Very useful.

Thanks

JR

Andrew Smith said...

The firmware update does not address the issue that the card will only generate a 1024 bit CSR. I've been on to HP and after about 12 hours of online chat they have confirmed this when they escalated my case to the next level of support.

IsZatSo said...

Couple of questions. When setting up the card do I use the cards MAC address or the servers MAC address?

2nd question. flashing the bios to the upgraded one is done thru the java applet in the browser on the computer the remote is hooked to? Sorry if i'm not describing it correctly kinda of a neophyte.

JR said...

Hi IsZatSo

To setup, you first go into the BIOS (with a monitor and keyboard attached). In the BIOS you set the IP address you want to connect to over the RAC. Then you can remove the monitor and keyboard and connect over the network. The RAC has its own MAC address, separate from the server.

Depends what you mean by flashing the BIOS. If you mean the actual motherboard BIOS, then you use another PC to write a USB stick and then boot off the stick and it'll update the BIOS. If you mean updating the RAC firmware, then you use the web interface and upload the file through the browser.

Hope this helps.

JR

IsZatSo said...

Thanks for the reply. Set a static address. Setup the apple modem reserving the static port. Logged into the card. Waited about 2 hours for the firmware to upload to flash the microserver remote card, (never seemed to complete)Now working through being able to re-login with default login for card. (Aren't computers fun?)

IsZatSo said...

Another quick question. Because the card and the proliant onboard nic require connections to my apple extreme router, ive run out of connections to within the router. So I get a 5 port gigabit switch. Will I lose al my ip mappings and the like when attaching a switch to the router? or can I lave everything the same?

Regarding the flashing of the remote server card, I could try the dos version but it reverts all the cards' settings. Any tricks to get the java based flash update to work? Seems to just stall on upload although I think the rom file is being uploaded but not auto flashing. BRGDS and thanks for the help.

JR said...

Hi IsZatSo

Yes, you should be able to add a switch to your existing router without any problems. I'm not personally familiar with Apple routers (do you mean AirPort?). This shouldn't have any issues with your IP addressing. It might be worth checking on an Apple forum just in case it's doing something "clever".

For the RAC upgrade, are you sure you're uploading the correct file? You need to extract the zip file and select the phrixus.bmc. file. I originally selected the zip by mistake and it appeared that the upload was working but didn't finish. Even with the right file, it took several minutes.

JR

IsZatSo said...

Thanks again. Got the remote card bios upgraded and seems to be working fine. Some steps I took though, changed ie 9 to use old style compatibility view, changed login and password from the defaults and had previously unzipped and selected the file mentioned in earlier posts. I am somewhat concerned with using it over the internet, don't see a way to do it over https. The microserver card has some potential, but something like pcmonitor installed on the server does a lot in monitoring temps, hdds etc remotely with reboot, shutdown etc functions. As am running a weather website 24/7, I am sure it will come in handy, until something else competes for that slot on the 2 slot MB. Again thanks for the help with the RAC card. Rare site for information on same.

RMassey411 said...

I've had my Microserver running for a while now. While it's not as beefy as I would like, it really helps when it comes to testing things out.

If VMware is too heavy for you, try Proxmox as the hypervisor. I've been using it for 6 months or so and have found it to be be less of a hog than vmware.

Dush said...

My server froze last night, my ping monitor let me know as 3389 stopped responding so I rebooted it via the RAC.

I was wondering though, are there any scripts/services that can ping a port, if it doesn't respond issue a command over SSH?

My idea is to issue the reboot command to the RAC over SSH soon as RDP services dropon the Windows Server.

Thanks for any help guys.

lexios said...

I am trying to update to 1.3 but on 3 different RACs the browser stays at "File Upload in Progress" and never finishes.


Any ideas?

lexios said...

I am trying to update my 3 RACs and all of them remain in the state File Upload In Progress...

Any ideas?

JR said...

Hi lexios

I had a couple of instances of a File Upload that never seemed to complete. In my case I was trying to upload the wrong file. You need to upload the "phrixus.bmc" file. Even then it took a while.

If you want to check it's doing something, download Wireshark (freely available) and listen on the network to check that traffic between your PC and the RAC IP address is working correctly.

Hope this helps.

lexios said...

Hello JR and thanks for the reply!

I am trying to upload the file named Phrixus.bmc.20121207

Maybe I need to rename the file to Phrixus.bmc ?


I waited for about 5 minutes (over a WAN connection of 8Mbit).


Any more ideas?

JR said...

Hi lexios

I don't think you need to rename the file, but that's the correct file to use.

I'd definitely look at Wireshark. Run this on the PC that you're doing the upload from. When you start a network capture, you'll get far too much information. To filter out the uninteresting traffic, put the following filter (this example assumes the RAC IP is 192.168.1.2):

ip.addr == 192.168.1.2

When you then try the upload, you should see a lot of traffic as the packets are sent and acknowledged.

Over 8Mbit, it may take more than 5 minutes. I remember it taking a couple of minutes and that was on a gigabit network.

JR

lexios said...

JR,

I used a 1Gbit connection today, same result. I waited about 6 minutes and the update was not completing...

I have a spare Microserver around so I will try on that one.

I will post back if I end up somewhere.

Thanks for your help.

walala said...

Is it possible with this card to wake the server from the internet (Wake On Wan) when i'm not at home?

Darko Dojin said...

Hello. Nice review of RAC for Microserver. I have one question, since I need another couple Network ports on Microserver. Can you share the Network port from RAC card with anything else on the system or its only use is for remote KVM?
Regards

bruce33 said...

How to get cursor keys working when using VKVM on linux client.

I found that using a modern linux client to access the KVM with firmware 1.3 that the cursor keys wouldn't work. This would appear to be a problem for Dell DRAC as well. This has been solved before here: http://ceph.github.io/sepia/drac/remote-console-keys/

That combined with a python script from: https://code.launchpad.net/~cmsj/+junk/microserver

means you can start up the KVM (or VMM) from the command line and avoid the web entirely:

LD_PRELOAD=`pwd`/KeyFix/idrac-kvm-keyboard-fix.git/keycode-hack.so ./vkvm.mod.py -d 127.0.0.1 -v

Chris Jones said...

@bruce33: Wow, that is one ugly hack, but gratefully received, thanks!

Albe said...

Hi, I'm trying to get the RAC working on my LAN without success. I can't even get into the login page, I tried IE, firefox, chrome, no luck with any of them. Any suggestion?

Albe said...

Hi, I'm trying to get the RAC working on my LAN without success. I can't even get into the login page, I tried IE, firefox, chrome, no luck with any of them. Any suggestion?

Albe said...

P.s. Firmware is 1.3

Tom Hall said...

@ Albe Have you set the card up in the BIOS ? (given it an Ip address etc) ?

Also, if you're trying to remote-in from a x64 bit OS, note that the card will only work with the 32-bit JAVA - do not install the 64-bit JAVA version.

Albe said...

Yes', I've set up a static IP from the ipmi submenu.
I've noticed also that in DHCP the BIOS displays empty values (0.0.0.0) in any field. Is this supposed to be normal?

Thorsten Wienert said...

After upgrading to FW 1.3 i cant open the kvm viewer and vm viewer: http://i.imgur.com/AGd5YpC.png
Any suggestions?

Thorsten Wienert said...
This comment has been removed by the author.
Thorsten Wienert said...

Ok, after opening the .jnlp file with an texteditor i saw a section with "user" and "password".
After changing this section with a actual user it works.

Dush said...

Having an odd problem.

I have two Microservers, both with RACs on the same firmware.

One has been on for a very long time. I logged into the RAC and all the options were greyed out for Remote Controlling, Rebooting etc. and the RAC thought the Server was off.

The option to reboot and upgrade the firmware for the RAC had also dissapeared. They weren't greyed out the text buttons on the left had gone.

The other card is fine, and has all options available.

I'm going to try a deep power cycle where I pull the power and wait for the RAC to shutdown to see if that works.

It's a frustratingly buggy card, you only ever need it in a disaster and when disaster strikes it seems to have issues!

Dush said...

Ignore my previous comment, I stupidly logged into a user account rather than Admin!