How To: Set up the Intel Remote Management Module (RMM)

We install the Intel Remote Management Module (RMM) into all of our Intel server based deploys. If deploying a Tier 1 box we install theirs and make sure the KVM over IP option is enabled (license purchased).

Having out-of-band management access to a server can save critical time in the event of a server problem. We no longer need to jump in a vehicle and run down to our client’s site or have someone on-site for our remote clients.

Out of the box the RMM needs to be properly configured.

Once the server has been assembled and all of its components have had their firmware updated (Intel Download Site) we configure our RMM via the server board’s BIOS.

1. Turn the server on and F2 into the BIOS.
2. Server Management Tab.
3. BMC LAN Configuration
4. Set the IP for the RMM
1. In the shop we leave it DHCP so that we can remote into the server while here.
2. Client’s site we tend to plug directly into the Internet and give it a static IP.
5. Set the BMC DHCP Host Name
1. Convention is a bit goofy (no special characters).
2. 
6. Choose User ID and hit [Enter]
1. Choose User3
• 
2. Privilege: Administrator
3. User Status: Enabled
4. Set the user name: JungleJim
5. Set the user password: Icanacc3ssthis (x2)
7. We end up with this.
• 
8. F10 to save settings and reboot the server.

If using DHCP then check the network’s DHCP Server console for the IP that the RMM has picked up.

Open a browser and navigate to the RMM IP.

Log on with the credentials set. Barring two left thumbs we should be able to log in.

Once in we are able to launch the KVM over IP, reset the server’s power, power it up or down, and check the server’s current status.

The cost on the Intel units and Tier 1 equivalents will cover one on-site visit.

We believe that an RMM/iLO Advanced/iDRAC Enterprise and other remote management module should be a part of _every_ server configuration.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

Windows Live Writer

A First Look At Intel’s RMM4

We deploy Intel’s Remote Management Modules in all of our client’s Intel Product Dealer based servers.

We just finished installing the new RMM4 into the Intel Xeon E3 based server we received at the recent TST.

• MPECS Inc. Blog: Intel TST & Microsoft TS2 Registration Now Open

Note that we needed to re-run the integrated BIOS/BMC/SDR-FRU update since we installed the RMM4 and TPM modules after installing Windows Server 2008 R2 Standard with the Hyper-V Role on the box.

The log on page:

We enabled USER3 in the BIOS, setting a username, and setting a password for the RMM4’s administrator. We then set the RMM4 to obtain an IP address dynamically for now.

We were able to log on.

There look to be some new management and alerts features built into the BMC setup:

Having reports e-mailed to us to indicate a hardware problem is definitely a plus for this setup.

The key for us though is the remote KVM abilities:

Which give us complete out-of-band management of our servers:

We require RMM, iDRAC Enterprise, iLO Advanced, or other out-of-band management in all of our server deploys as their cost is paid for by saving us one or two visits to the client’s site.

We can even _fully recover_ the server using this ability.

Note that two ISP IPs are preferred for this setup. One for the gateway device and the other for a direct connection to the RMM.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Providing IT Support – Out-of-Band Management Required

A paraphrase of a post to the SBS2K Yahoo Group.

In our opinion a server should _never_ be deployed without iDRAC Enterprise, iLO Advanced, Intel RMM, or other out-of-band (OOB) device. Period.

Professional grade tools for professionals.

We get:

• KVM, USB, and drive redirection to the server.
• BIOS, Firmware, RAID BIOS, etc access.
• BMC Management and sensor logs/data.
• Power cycle and reset ability (frozen OS).
• At-a-glance view of all firmware versions.

What this does for us:

• Immediate access to the _console_
• No travel time delays ... response is quick.
• No need for client intervention in most cases.

When patching or working on servers we create two connections to the box. One via RD Gateway and one via OOB. It is our preference to have physical access to that box at all times.

With the lack of a speaker on the Dell PERC RAID controllers and Open Manage may or may not e-mailing us about a failed drive we prefer to watch all reboot cycles for any anomalies.

If there is a failure, we can recover that server without any client intervention after the tier 1 tech has done their stuff.

I am sorry, but there is something totally unprofessional about, "I am sorry Mr. Customer, but could you sit at the server and see why I am locked out?" Or having to call a client’s user or contact in before or after business hours to find out why something broke. As IT Professionals we need to set the bar higher than that.

With gas at $1.10/Litre (US Gal = 3.78L, IMP Gal = 4.54L) here and rising at this time _not_ having to travel to client sites for out of scope work is a great thing.

Why?

Because they then _do_ see us when we are there for _positive_ things like rotating their backups or our bi-weekly "how are things?" visit (billable as soon as they say, "Can you fix this?" :*) ).

This aspect more than reinforces our _good_ presence in their business. Thus it strengthens our business relationship with our client contact and their users as we are seen and heard when things are good.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Configuring An Intel RAID Controller Via RMM JViewer

We are in the process of setting up a new server remotely.

We are logged in via the Intel Remote Management Module 3 that is installed on the Intel Server Board S3420GPLX.

In order to get the mouse to a liveable control level we had to close the KVM session and set the mouse configuration to RELATIVE:

Out of the box the mouse is set to ABSOLUTE mode which does not work very well at all.

Neither the Soft Keyboard nor the system’s keyboard that we are using allow for ALT+Key presses. The Keyboard menu at the top has some control over the ALT and CTRL key presses and holds but still it was not too reliable. It just worked to allow us to choose the drives for the disk group.

As long as we remained patient and moved the mouse about in a slow and fluid manner, controlling the RAID BIOS worked . . . just barely.

And finally we had our array:

So, it just takes a bit of patience to work through the process of setting up an array or arrays via the Intel Remote Management Console.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

HP ProLiant MicroServer Remote Access Card

We just installed the HP ProLiant MicroServer Remote Access Card (RAC).

The piece of paper that comes with the RAC makes the process of installing the card a fairly straightforward one.

However, the document does not contain the default username and password that the RAC uses out of the box.

Thanks to SBS MVP Merv Porter (Bing Search) for ferreting out the following link:

• HP Support: HP ProLiant MicroServer - How to Reset Password for ProLiant MicroServer Remote Access Card.

Out of the box the default username and password is:

• Username: admin
• Password: password

Once we had logged in we saw the following Web based console:

As noted in the screenshot above the firmware level is version 1.2.

• HP ProLiant MicroServer RAC Firmware Update Page

The update is also available on the ProLiant MicroServer’s product support page.

• HP ProLiant MicroServer Drivers and Software

Since our firmware was up to date we went right to the Security section to generate an SSL certificate CSR for the URL that will be used to connect to the RAC via the Internet.

Once we have completed all of the needed configuration on the RAC we will then have remote based out-of-band management for the MicroServer meaning full BIOS and RAID controller management along with the ability to power cycle the machine:

Once the system had finished booting we had our console session:

We install out-of-band management in all of our client’s servers whether that client is up the block or half way around the world. Having direct access to the server’s console, BIOS, firmware, and more enables us to manage the box right down to doing a full bare metal restore if ever there was a need.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Huawei E5836 Mobile Wi-Fi (MiFi) on TELUS

While out and about whether travelling to or between clients, or working at a client site we always use a cellular modem to connect to the Internet.

There are times when there is a need for more than one Internet connection that is provided by a USB cellular based modem.

In the US, and perhaps other locations, folks have access to a small wireless device called a MiFi (Wikipedia) or mobile Wi-Fi. Up to recently we here in Canada have not had such a device available by our mobile carriers.

Since our switch to Bell Mobility to gain access to the HTC HD7 for a new phone we called a number of different Bell stores in the Greater Edmonton Area to purchase a Novatel MiFi unit that is listed on their Web site. All of the stores indicated that they had no stock and are no longer carrying them. Bell’s customer service rep that we spoke to indicated that they were having too many issues with the MiFi unit so it was pulled.

So, we headed down to our local TELUS store and picked up a Huawei E5836 Mobile Wi-Fi device.

Once we fired it up we were able to connect to it using the default WPA code that is on a sticker on the back of the unit.

We then opened a Web browser and navigated to http://e5.home.

• Huawei E5836 default admin password: admin

We logged into the admin console:

We side-stepped the Quick Setup wizard and went about configuring our desired subnet, SSID, WPA2 key, and other settings.

Once we were finished we saw the following in our available Wi-Fi list:

• Huawei E5836 SSID: MPECS_MiFi

The unit was really easy to set up and use.

One feature with regards to the screen that is appreciated is its ability to indicate the number of clients connected to the unit.

We anticipate having a laptop or three, the Tega, and perhaps the Zune HD connected simultaneously.

This post was published using the cellular data connection provided by the E5836.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Remote Desktop Connection Manager – Multiple RDP Sessions Managed Easily

This is a pretty kewl utility:

We can set up all of the servers and desktops that we manage on a regular basis in the Connection Manager and have quick and easy access to them.

• Microsoft Download: Remote Desktop Connection Manager

The RDCM can store credentials as well so we will only allow that to happen on workstations or laptops that are BitLocker enabled.

Hat Tip: Jason Miller

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Intel Remote Management 3 A Must

Today, the cost of adding in the Intel Remote Management 3 (RMM3) module in most Intel Server Systems or server boards is very low. To our clients it is actually worth about one visit. So, why not have one installed where we can so that on-site time is reduced?

For Dell we have the DRAC i6 Enterprise, HP has the iLO with Advanced license, and there are others.

What these components do for us is provide a number of out-of-band management features. That means that we do not need an OS to work with the server.

• Console access to the OS, BIOS, firmware, and other server components.
• This is done by redirected KVM session over HTTPS.
• Ability to reset the server, power it up, or power it down.
• Check the server’s sensor logs for errors.

The initial setup of the RMM3 is done in the BIOS of the server. We enable USER3, rename the user, give it a password, and make sure that it has Administrator permissions.

When we first hit the IP address of the RMM3 we need to log on using the above created user:

The page that we will be greeted with will be a summary of the system.

From an RMM3 on an SR1625URR Server System:

From an RMM3 on an SR1630HGPRX Server System:

The FRU Information link gives us our server’s PBA (Part/Model Number), serial number, and other needed information if we are in need of support or warranty replacement.

The Server Health tab gives us a view of the server’s sensor status along with access to the server’s internal Event Log.

The SR1625URR’s sensor readings:

The SR1630HGPRX sensor readings:

Note the difference in the number of sensors between the server systems. The SR1625URR is a dual Intel Xeon Nehalem 5000 series 1U server while the SR1630HGPRX is an Intel Xeon Nehalem 3000 series 1U server.

While all of the above features are very helpful as far as keeping an eye on the server’s health and for troubleshooting purposes the key RMM3 feature is its ability to give us console access to the server’s OS.

Once we click the Launch Console button we will need to approve some Java security warnings before the redirected KVM session begins.

Once we do get our session we are “sitting in front of the server”.

This is a screenshot of the SR1625URR’s KVM session:

We currently have both 1U server’s RMM3 network ports connected to our own internal network. Once we have plugged in the needed optical disk for the OS install if needed and/or USB flash drives we no longer need to be standing at the workbench to run a fresh OS install as is the case in the above screenshot.

We can have a technician run several OS installs and post install configurations while working at their own station.

Once these servers are ready to go into production, the RMM3 Ethernet ports will be set with an ISP delivered static IP address and a GoDaddy certificate will be installed to eliminate the SSL warnings for the Web portal.

When it comes to a standard access method such as Terminal Services/Remote Desktop Services or TS/RDS via TS/RDS Gateway we are stuck if the underlying services get knocked out by an update or something breaks along the way.

Using the RMM3/DRAC/iLO to run those updates means that we do not need to be concerned about the underlying services plus we can watch the server reboot through its BIOS POST as well as RAID Controller POST status indicators.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

Dell iDRAC6 Enterprise Required For Remote Console/KVM

Dell has restructured their DRAC (Dell Remote Access Controller) model features.

On DRAC version 5 remote console KVM redirection was included out of the box.

With the advent of iDRAC6 we now see two versions of the product:

1. iDRAC6 Express
2. iDRAC6 Enterprise

Since out-of-band remote console KVM access is absolutely critical for those of us that manage a lot of servers at remote locations, we need to be absolutely sure that the server’s remote access product meets our needs.

We will be quoting some information from the following Dell document:

• Dell PowerEdge R710 Technical Guidebook (PDF)

On page 49 we find a comparison between the iDRAC6 Express and the iDRAC6 Enterprise products:

Note bullet item number 2 under iDRAC6 Enterprise states:

• Remote video, keyboard, and mouse control with Virtual Console.

So, we now know that all of our remote clients that order Dell servers must have the iDRAC6 Enterprise product installed on the box to give us full out-of-band BMC and console access.

Why Out-Of-Band Access?

We require an iDRAC, DRAC, RMM3, iLO with Advanced license, and other out-of-band management abilities on our remote servers for some of the following reasons:

• We can fully recover a server by booting to OS DVD or USB flash and restoring from attached backup without client intervention.
• We can manage the server from the console (sitting at the keyboard and mouse) when running updates so we don’t lose our connection via RWW or TS/RDS Gateway.
• We can remotely power cycle a server that has an OS that is not responding.
• We can remotely update server component’s firmware.

Essentially, with an out-of-band management device we have the same access to the box as we would if we were standing in the room with it.

Further reading:

• Dell Support: Console redirect with iDRAC 6 Express v1.10 (PowerEdge R710)
• User asking about why they cannot find the KVM/Console feature on iDRAC6 Express. Dell’s response was “iDRAC6 Enterprise required”.
• Dell Enterprise Technology Center: 03-25-09 Dell Enterprise Launch Chat Transcript
• Chat transcript quoted in the above support question that talks about what features are tied to which iDRAC6 version.
• Exploring the iDRAC for Dell PowerEdge Blade Servers

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

SBS 2008 – SharePoint Services Service Pack 2 Choke

We have mentioned in the past to hold off on installing that service pack:

• SBS 2008 – Hang On Before Installing WSS SP2

We happened to have one of our SBS 2008 hosting servers come free today, so we took a chance on installing SharePoint v3 Service Pack two and sure enough things went sideways.

The default fix from the SBS Blog does not work for us either:

• Companyweb Inaccessible After SharePoint 3.0 Service Pack 2

Another aspect to this situation: The Service Pack kills the TS Gateway service and thus kills any possibility of gaining remote access to the box via RWW or RDP.

If VPN is not configured on the box, which is the case in many of our client locations, then we would be in a real pickle.

Updating Rule #1: Always have an out-of-band management access on servers being updated.

Some of them are:

• Intel’s Remote Management Module.
• HP’s iLO.
• Dell’s DRAC.
• StarTech’s IP based KVMs and PDUs for no built-in solution.

Otherwise we are asking someone to go to the console to log on and either get the services back up and running, reboot the server, or help with the troubleshooting process. All are not very viable options.

So, now we are in the process of troubleshooting the hosed SharePoint install. Fortunately we have out-of-band access.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

A DRAC, Or Any Other Remote Management Tool Will Only Get Us So Far …

Now, what happens if we have set up the server via baseboard level access to the server using the Dell DRAC add-in, or any other baseboard level management module for that manner, and the remote management module has died before we have run the SBS 2008 Getting Started Tasks?

This:

 

We are assisting with the SBS 2008 and Server Core with Hyper-V Role installs on behalf of an I.T. company at a remote client site of theirs.

So, the second option is to temporarily enable port forwarding for Terminal Services 3389 to the new SBS 2008 server so we can keep moving forward.

But, what happens if there was no one around to do that?

To pre-empt this kind of situation we would do one of the following:

• Ship a preconfigured router/firewall device with the USB flash drive that had the Answer File on it.
• Coach our contact through the port forwarding process on their firewall device.

It just goes to show us that there can be no fool-proof method of connecting to a server remotely without some sort of fall-back measure in place.

Once we had the server configured for Remote Web Workplace access the 3389 port forward would be deleted in the firewall device.

In this case, once we have tried a firmware flash to the DRAC, if things still do not work, then we will initiate a support incident with Dell and have someone come out and replace the defective unit.

The DRAC no longer shows up anywhere … it is toast. Warranty replacement time.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Allowing a Dell DRAC (Remote Management) Session through ISA

The Dell Remote Access Card (DRAC) requires a couple of ports to be opened up outbound through our ISA servers in order for the Console redirection function to work correctly on a remotely managed server:

• TCP Outbound: 5900 (Keyboard and Mouse)
• TCP Outbound: 5901 (Video)

Create a custom protocol with the above settings, we call it Dell DRAC, and then create an Access Rule that allows the custom protocol from Internal/Local Host to External for All Users.

Once the rule has been created we are able to remote into any Dell server that has a DRAC 5 installed.

For any client that we support remotely, we make sure to have a remote management capability in the box ahead of time. This gives us console access via an Internet connection for those times where an OS may have stopped responding and we need to power cycle the box. Or, for SBS updates that like to kill Exchange, IIS, and/or RRAS thus taking us out of our remote session via the Remote Web Workplace or PPTP VPN.

As a result, we no longer need to have a timed script in place to force the box into a reboot during updates which may not bring the box back up in some cases where an update chokes the NICs, RRAS, or even IIS.

An additional benefit to having a remote management capability is being able to watch the boot cycle from start to finish. We can see all of the BIOS, RAID controller, and other firmware messages on our screen prior to the OS loading. It is one more way for us to assess the health of the server.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

Business Contact Manager - Recovered MDF and LDF

Our previous post: Business Contact Manager - Recovery via *.mdf and *.ldf only.

We just spent the afternoon working on a Business Contact Manager recovery for a new client that was not comfortable with getting things to run.

If you need help recovering your databases, please drop us a line: BCM Recovery.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.