If you have multiple Supermicro servers with many different versions of IPMI KVM software installed it could happen your browser to cache some of the JavaScript and other static content to reuse them, but it could very unpleasant when you have different version of IPMI software on different servers and you might notice strange behavior of the web interface! Especially if you use ssh tunneling to access your multiple Supermicro IPMI KVMs from local IP on your computer – Tunneling the IPMI/KVM ports over ssh (supermicro ipmi ports)
One of the big problems we have when we wanted to mount a Virtual Media
from a windows share (samba share in our case) in IPMI KVM web interface -> Virtual Media -> CD-ROM image -> Save and when the Save is clicked just nothing happen (sometimes it triggers a reload of the iframe) – no error nothing and no confirmation for successful save! At first it seems the web interface accepted the “Share Host” and “Path to Image”:
but when you click “Mount” it does not mount the media:
and when you reload the CD-ROM image page you get again blank edit boxes or (the old values):
Probably a refresh will get the values blank:
And if you check your browser console you’ll see there is a JavaScript error:
Uncaught ReferenceError: FocusOnErrorSpecificCharSet3 is not defined
The error might be different, this was in our case. the problem was
the browser cached “https://192.168.0.170/js/utils.js”
from one of the previous servers and there the version of the IPMI KVM software was different and apparently the
/js/utils.js
was throwing an error and not working (this function did not exist in some older Supermicro IPMI KVM versions, the file is there but it is slightly different). The solution is so simple!
Just refresh the page with CTRL+F5 or delete the history or use another browser.
Such a simple problem, but could lead to big problems if you try to use the mount virtual media. In fact look for problems in the JavaScript if you cannot save the configuration in the “Share Host” and “Path to Image”, because when saving the IPMI do not check if there is a live “Share Host” with a windows/samba share and an image there, the software just check for special in “Shared” characters like:
var SpeficCharFilter = /[,; &'"<>\\=$|^?*~`()\[\]\{\}#%]/;
And for the password:
var SpeficCharFilter = /[,; &'"<>\\=$|^?~`()\[\]\{\}#%]/;
But in both cases you’ll get an alert with an error.
So to summer it up if you put IP and a path to the windows share of Virtual Media and click “Save” and nothing happen – no confirmation for successful saving you got a JavaScript error and probably your browser cached one of the JavaScript files, the solution is simple just refresh with CTRL+F5 or load from different browser! We often use ssh tunneling for IPMI KVM access – Tunneling the IPMI/KVM ports over ssh (supermicro ipmi ports) and different version of the static files of the supermicro IPMI web interface are cached locally, which as you can see could have really bad consequences!
The newer Supermicro motherboards have the ability to update the system BIOS from IPMI Web management or with a Supermicro tool called
“Supermicro Update Manager (SUM)”
This tool consists of a linux cli and it works on most of the X9/X10/X11 Supermicro systems. If you have one of these motherboards you probably could update your BIOS under linux console and throwing away your freedos cd prehistoric update process (probably coming soon). If you’ve used Supermicro with for ages you probably are aware of the problem with the updating the BIOS, their tool is an old DOS flash utility, which could be used under MS Windows and with linux servers we got a problem! But not any more! Recent motherboards with built-in IPMI modules have “BIOS Update” option in the web interface (under Maintenance menu), but you need a license (which by the way is not expensive).
So if you happen to have such server you could give a try to SUM linux cli (yes they made a linux cli and even a freebsd one!). With the SUM cli you could do more than just update the BIOS (which is pretty important) here are the functions you can do Key Management, System Checks, BIOS Management, BMC Management, System Event Log, CMM Management, Storage Management, Applications (through the network) and for some of them you still need a license, but for BIOS update you do not need if you do it as Supermicro says
In-Band
which basically means from the server you want to update (or in general use it). KEEP IN MIND this method will reset your BIOS options to DEFAULTS!!! In fact you need a license to use preserve settings you can see the output of the SUM help for the command UpdateBios. So save your changes to recover them after the update!
And here we present a BIOS update with SUM on one of our Supermicro servers with motherboard X11SSV-M4F
So the BIOS version was 1.0 reported by lshw:
[srv@local ~]# lshw|head -n 25
srv@local
description: System
product: Super Server (To be filled by O.E.M.)
vendor: Supermicro
version: 0123456789
serial: 0123456789
width: 64 bits
capabilities: smbios-3.0 dmi-3.0 smp vsyscall32
configuration: boot=normal chassis=server family=To be filled by O.E.M. sku=To be filled by O.E.M. uuid=00000000-0000-0000-0000-111111111111
*-core
description: Motherboard
product: X11SSV-M4F
vendor: Supermicro
physical id: 0
version: 1.02
serial: 112233000044
slot: To be filled by O.E.M.
*-firmware
description: BIOS
vendor: American Megatrends Inc.
physical id: 0
version: 1.0
date: 10/18/2016
size: 64KiB
capacity: 15MiB
And here are the steps to do:
STEP 1) Download the SUM cli – Supermicro Update Manager and unpack it in your server
[srv@local ~]# cd
[srv@local ~]# unzip X11SVMF8_308.zip
Archive: X11SVMF8_308.zip
creating: X11SVMF8.308/
inflating: X11SVMF8.308/AFUDOSU.SMC
inflating: X11SVMF8.308/CHOICE.SMC
inflating: X11SVMF8.308/FDT.smc
inflating: X11SVMF8.308/FLASH.BAT
inflating: X11SVMF8.308/Readme for UP X11 AMI BIOS.txt
inflating: X11SVMF8.308/X11SVMF8.308
The file “X11SVMF8.308” is the BIOS firmware of the motherboard. As you can see the prehistoric DOS executable flash utility is still distributed and is supported method of updating.
As you can see we got critical warning! You may not have the critical, but if you do you need to run the command second time to really flash the new BIOS firmware. So here it is, AFTER rebooting your server login again and execute the command again:
And there you have it you updated the BIOS of your server successfully. KEEP IN MIND the BIOS settings are reset to Defaults! When you restart the server the second time (if you get the critical warning or the first time if you do not) you should load the optimized defaults and change your settings according your needs. Go to BIOS and load the optimized defaults and change the settings according your needs (or your backup).
[srv@local ~]# lshw|head -n 25
srv@local
description: System
product: Super Server (To be filled by O.E.M.)
vendor: Supermicro
version: 0123456789
serial: 0123456789
width: 64 bits
capabilities: smbios-3.0 dmi-3.0 smp vsyscall32
configuration: boot=normal chassis=server family=To be filled by O.E.M. sku=To be filled by O.E.M. uuid=00000000-0000-0000-0000-111111111111
*-core
description: Motherboard
product: X11SSV-M4F
vendor: Supermicro
physical id: 0
version: 1.02
serial: 112233000044
slot: To be filled by O.E.M.
*-firmware
description: BIOS
vendor: American Megatrends Inc.
physical id: 0
version: 1.1
date: 03/08/2018
size: 64KiB
capacity: 15MiB
After the previous howto “SUPERMICRO IPMI to use one of the one interfaces or dedicated LAN port” (in the howto is showed how to install the needed tool for managing the IPMI/KVM unit under console) of setting the network configuration there are a couple of interesting and important tips when working with the IPMI/KVM module. Here are they are:
Reset IPMI/KVM module – sometimes it happen the keyboard or mouse not to work when the Console Redirection is loaded, it is easy to reset the unit from the web interface, but there are case when the web interface is not working – so ssh to your server and try one of the following commands:
* warm reset – it’s like a reboot, inform the IPMI/KVM to reboot itself.
ipmitool -I open bmc reset warm
It does not work in all situations! So try a cold reset
* cold reset – resets the IPMI/KVM, it’s like unplug and plug the power to the unit.
ipmitool -I open bmc reset cold
Reset the configuration of an IPMI/KVM module to factory defaults. It is useful when something goes wrong when upgrading the firmware of the unit and the old configuration is not supported or it says it is, but at the end the unit does not work properly. In rare cases it might help when the KVM (Keyboard, Video, Monitor part aka Console redirection does not work)
Here is the command for resetting to factory defaults:
ipmitool -I open raw 0x3c 0x40
Reset admin password – reset the password for the administrator login of the IPMI/KVM unit. It’s trivial losing the password so with the help of the local console to the server you can reset the password to a simple one and then change it from the web interface.
ipmitool -I open user set password 2 ADMIN
The number “2” is the ID of the user, check it with:
Sometimes if a hacker got to your IPMI/KVM you could see the user table with the above command. There was a serious bug aka backdoor in some of these units, the ID of the ADMIN user or even the username could be changed, so you should use the list command to list the current user table.
Use set name to set the username of the user.
The best security for the remote management unit in your server such as IPMI/KVM is to have local IP. All IPMI/KVM IP should be switched to a separated switch and a local sub-network used for the LAN Settings. So to be able to connect to the IPMI/KVM module you need a VPN connection to gain access to the local sub-network used for your servers’ management modules. However, sometimes the VPN cannot be used or it just happened the server is down, or you are at a place restricting unknown ports (or ports above 1024), which your VPN uses (that’s why the VPN server should use only one port from the most popular – 80, 443, but that’s a thing for another howto…) and so on. So you end with no ability to connect to the VPN server or you think you do not need at all a VPN server, because you always could use
openssh
to do the trick of tunneling ports from your computer to the IPMI/KVM module of your server through a server, which has an access to the local sub-network of the IPMI/KVM modules.
So here is what you need to get to the remote management of your server just using ssh for tunneling:
STEP 1) A server, which has access to the IP network of the IPMI/KVM modules.
Let’s say you set to all your servers’ IPMI/KVM modules IPs from network 192.168.7.0/24, so your server must have an IP from 192.168.7.0/24, for example 192.168.7.1, add it as an alias or to a dedicated LAN connected to the switch, in which of all your IPMI/KVM modules are plugged in. This server will be used as a transfer point to a selected IPMI/KVM IP.
STEP 2) Tunnel local selected ports using ssh to the server from STEP 1)
With the above command you can use the web interface (https://127.0.0.1/, you could replace 127.0.0.1 with a local IP or a local IP alias of your machine), the java web start “Console Redirection” (the KVM – Keyboard, Video and Mouse) and you can mount Virtual Media from your computer to your server’s virtual CD/DVD device. Unfortunately to use properly the Virtual CD/DVD you must tunnel the UDP on port 623 (not only TCP 623), which is a little bit tricky. To tunnel the UDP packets
socat – Multipurpose relay (SOcket CAT)
program must be used.
STEP 3) Tunnel local selected ports using ssh to the server from STEP 1) and UDP port using socat
This will start a UDP listening socket on localhost port 8000. Every packet will be relayed using TCP to localhost 8000, which will be tunneled using ssh command to the remote server, where there is a started another socat listening TCP socket on port 8000, which will relay every packet to the UDP port 623 of IP 192.168.7.150. Replace the IP 192.168.7.150 with your IPMI/KVM IP.
* Here are the required ports for SUPERMICRO IPMI functionality in X9 and X10 motherboards
Sometimes the output of the last command (that using the lanplus) will output:
Unable to send RAW command (channel=0x0 netfn=0x30 lun=0x0 cmd=0x70)
But it sets the value despite the error output “Unable to send”. You could check it with the read command (the last example).
Get the current value with:
[root@srv0 ~]# ipmitool -I open raw 0x30 0x70 0x0c 0
02
[root@srv0 ~]#
Default (failover): you will see 02
Onboard LAN: you will see 01
Dedicated LAN: you will see 00
The 192.168.7.157 is the IP of the IPMI KVM module and the -U ADMIN and -P ADMIN are username and the password login details to the module (ADMIN/ADMIN are just default settings for the Supermicro IPMI/KVM)
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.