Update firmware of AOC-USAS2LP-H8iR (smc2108) – LSI 2108 MegaRAID Hardware Controller

This card

AOC-USAS2LP-H8iR

is really old (probably 7-9 years), but still it works, so you can check if you are with the latest and greatest firmware. Hope the latest fixes more things than it beaks. To flash the firmware you need Megaraid cli and the firmware file, the two files you check in the sub-directories of https://www.supermicro.com/wftp/driver/SAS/LSI/2108/Firmware/ They are still there despite this product is discontinued. In this URL these are the latest, tested and verified versions by Supermicro so it is advisable to download them from this link or at least use the same versions if they are not available (in the future, now they are still available).
As you know LSI (they bought 3ware RAID in 2009) was bought by Avago (2013), then Avago bought Broadcom (2016 and renamed itself to Broadcom, 2018), so not so easy to find stuff for such old hardware (which still works). So this old MegaRAID controller is better managed by MegaCli despite you can do it with “storcli”, which is a modification of the tw_cli utility of 3ware RAID.

Keep on reading!

Enable internal graphics in SUPERMICRO servers

Here are the steps to enable your internal graphics – the CPU internal video chip in your Intel processor. Multiple Intel processors have video unit in it, which could be used for hardware decoding and encoding of video streams. We have two kind of processors:

Intel(R) Xeon(R) CPU E3-1585 v5 @ 3.50GHz

and

Intel(R) Xeon(R) CPU E3-1285 v4 @ 3.50GHz

the two processors packed with the right motherboard will give you a big advance in hardware decoding and encoding with your server! Intel calls it “Intel Quick Sync Video” and to use it your chipset should support it, so when using SUPERMICRO your motherboard must be equipped with C226 (for v4 CPU) and C236 (for v5 CPU)! Your CPU could have video unit in it, but if your chipset does not support internal graphics you won’t be able to use it, so be careful to have C226 or C236 Chipsets!
So if you have another setup (not Supermicro) you should check the chipset of your motherboard if it support internal graphics this is very important, because there are numerous motherboard, which have BIOS options for Enable/Disable of the internal graphics, but you cannot use it!
Here are the compliant platforms to use the video unit properly:

Intel Xeon E3-1200 v4 Family with C226 chipset
Intel Xeon E3-1200 and E3-1500 v5 Family with C236 chipset

If you enabled the internal graphics properly you’ll see it in hardware devices Device manager in MS Windows and in linux with “lspci”:

[root@srv ~]# lspci |grep -i display
00:02.0 Display controller: Intel Corporation Device 193a (rev 09)

Your BIOS menus could vary, but for SUPERMICRO there are vary similar:

STEP 1) The SUPERMICRO server is intializing you. Hit “DEL” button on your keyboard to enter BIOS Setup.

main menu
SUPERMICRO server

Keep on reading!

Mount and boot ISO file from windows share in Supermicro IPMI Virtual media (CD-ROM)

This tutorial shows you how to load any ISO file in the virtual CD/DVD-ROM of a Supermicro server and boot from it if it is bootable. You could install operating systems from a ISO file or just share a data. Here we use an installation DVD disk of CentOS 7 to boot. This tutorial expect there is a windows (samba) share on the local network if you need to do it you can check here – Configure and mount samba share in Supermicro IPMI Virtual media (CD-ROM)
Loading an ISO disk in the (virtual) CD/DVD-ROM device attached to your server could be of a great help to the system administrators, you could use diagnostic disks, update disks (BIOS and firmware of devices), install multiple operating systems including MS Windows, share data and many more! You could use ISO disk right from your computer or from a server next to the server you want to use the ISO to speed up access.

STEP 1) When you are logged in the Supermicro IPMI web interface click on Virtual Media menu and then CD-ROM Image.

main menu
CD-ROM Image

Keep on reading!

Configure and mount samba share in Supermicro IPMI Virtual media (CD-ROM)

Having many Supermicro servers we used multiple times Virtual Media to install, diagnose and rescue Supermicro server. It is really simple to open the Console Redirection – java web start and just mount the ISO file from Virtual Media -> ISO File, but this way if your server is not local to your network and it is located in a colocation as it should be the connection is slow and in many cases bogus! Because it uses UDP it happened many times to remount or just to lose the connection and the media to disappear in the middle of the booting/loading process from the installation media, for example. And probably you have noticed there is additional option in the web interface of mounting ISO file from a windows share. Of course, in linux world it might be samba share as in our case and the share could be easily configured on a server in your colocation.
And we noticed was several times we have no problems using it, but some time the share could not be even saved and respectively could not be mounted. No error reported, just the edit boxes resets to blank and apparently everything was the same as the previous box, which it worked as a charm!
Here are the steps to enable one of your CentOS 7 servers to share a resource and to use it in your Supermicro IPMI KVM. The server is selinux enabled and the policy is Enforcing.

STEP 1) Install samba server in CentOS 7

[root@srv0 ~]# yum -y install samba samba-client samba-common
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink                                                                                                                           |  30 kB  00:00:00     
 * base: mirrors.neterra.net
 * epel: mirrors.neterra.net
 * extras: mirrors.neterra.net
 * updates: mirrors.neterra.net
base                                                                                                                                           | 3.6 kB  00:00:00     
epel                                                                                                                                           | 3.2 kB  00:00:00     
extras                                                                                                                                         | 3.4 kB  00:00:00     
updates                                                                                                                                        | 3.4 kB  00:00:00     
(1/7): base/7/x86_64/group_gz                                                                                                                  | 166 kB  00:00:00     
(2/7): epel/x86_64/group_gz                                                                                                                    |  88 kB  00:00:00     
(3/7): base/7/x86_64/primary_db                                                                                                                | 5.9 MB  00:00:00     
(4/7): extras/7/x86_64/primary_db                                                                                                              | 147 kB  00:00:00     
(5/7): updates/7/x86_64/primary_db                                                                                                             | 2.0 MB  00:00:00     
(6/7): epel/x86_64/updateinfo                                                                                                                  | 932 kB  00:00:00     
(7/7): epel/x86_64/primary                                                                                                                     | 3.5 MB  00:00:00     
epel                                                                                                                                                      12584/12584
Package samba-client-4.7.1-6.el7.x86_64 already installed and latest version
Package samba-common-4.7.1-6.el7.noarch already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.7.1-6.el7 will be installed
--> Processing Dependency: samba-libs = 4.7.1-6.el7 for package: samba-4.7.1-6.el7.x86_64
--> Processing Dependency: samba-common-tools = 4.7.1-6.el7 for package: samba-4.7.1-6.el7.x86_64
--> Processing Dependency: libxattr-tdb-samba4.so(SAMBA_4.7.1)(64bit) for package: samba-4.7.1-6.el7.x86_64
--> Processing Dependency: libaio.so.1(LIBAIO_0.4)(64bit) for package: samba-4.7.1-6.el7.x86_64
--> Processing Dependency: libaio.so.1(LIBAIO_0.1)(64bit) for package: samba-4.7.1-6.el7.x86_64
--> Processing Dependency: libxattr-tdb-samba4.so()(64bit) for package: samba-4.7.1-6.el7.x86_64
--> Processing Dependency: libaio.so.1()(64bit) for package: samba-4.7.1-6.el7.x86_64
--> Running transaction check
---> Package libaio.x86_64 0:0.3.109-13.el7 will be installed
---> Package samba-common-tools.x86_64 0:4.7.1-6.el7 will be installed
---> Package samba-libs.x86_64 0:4.7.1-6.el7 will be installed
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.9)(64bit) for package: samba-libs-4.7.1-6.el7.x86_64
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.6)(64bit) for package: samba-libs-4.7.1-6.el7.x86_64
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.0.6)(64bit) for package: samba-libs-4.7.1-6.el7.x86_64
--> Processing Dependency: libpytalloc-util.so.2()(64bit) for package: samba-libs-4.7.1-6.el7.x86_64
--> Running transaction check
---> Package pytalloc.x86_64 0:2.1.10-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================================
 Package                                        Arch                               Version                                     Repository                        Size
======================================================================================================================================================================
Installing:
 samba                                          x86_64                             4.7.1-6.el7                                 base                             661 k
Installing for dependencies:
 libaio                                         x86_64                             0.3.109-13.el7                              base                              24 k
 pytalloc                                       x86_64                             2.1.10-1.el7                                base                              17 k
 samba-common-tools                             x86_64                             4.7.1-6.el7                                 base                             463 k
 samba-libs                                     x86_64                             4.7.1-6.el7                                 base                             275 k

Transaction Summary
======================================================================================================================================================================
Install  1 Package (+4 Dependent packages)

Total download size: 1.4 M
Installed size: 3.8 M
Downloading packages:
(1/5): libaio-0.3.109-13.el7.x86_64.rpm                                                                                                        |  24 kB  00:00:00     
(2/5): pytalloc-2.1.10-1.el7.x86_64.rpm                                                                                                        |  17 kB  00:00:00     
(3/5): samba-4.7.1-6.el7.x86_64.rpm                                                                                                            | 661 kB  00:00:00     
(4/5): samba-common-tools-4.7.1-6.el7.x86_64.rpm                                                                                               | 463 kB  00:00:00     
(5/5): samba-libs-4.7.1-6.el7.x86_64.rpm                                                                                                       | 275 kB  00:00:00     
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                 4.5 MB/s | 1.4 MB  00:00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : pytalloc-2.1.10-1.el7.x86_64                                                                                                                       1/5 
  Installing : samba-libs-4.7.1-6.el7.x86_64                                                                                                                      2/5 
  Installing : samba-common-tools-4.7.1-6.el7.x86_64                                                                                                              3/5 
  Installing : libaio-0.3.109-13.el7.x86_64                                                                                                                       4/5 
  Installing : samba-4.7.1-6.el7.x86_64                                                                                                                           5/5 
  Verifying  : libaio-0.3.109-13.el7.x86_64                                                                                                                       1/5 
  Verifying  : samba-libs-4.7.1-6.el7.x86_64                                                                                                                      2/5 
  Verifying  : samba-common-tools-4.7.1-6.el7.x86_64                                                                                                              3/5 
  Verifying  : samba-4.7.1-6.el7.x86_64                                                                                                                           4/5 
  Verifying  : pytalloc-2.1.10-1.el7.x86_64                                                                                                                       5/5 

Installed:
  samba.x86_64 0:4.7.1-6.el7                                                                                                                                          

Dependency Installed:
  libaio.x86_64 0:0.3.109-13.el7        pytalloc.x86_64 0:2.1.10-1.el7        samba-common-tools.x86_64 0:4.7.1-6.el7        samba-libs.x86_64 0:4.7.1-6.el7       

Complete!
[root@srv0 ~]#

STEP 2) Configure samba server CentOS 7 for the purpose of using it in IPMI Virtual share.

We are going to use a share without login credentials, because our KVM IP are always local ones and accessed via a vpn network and in addition only the network of the IPMI IPs could access the share (the samba server has a firewall configured).
Set the configuration file of the samba server – one directory storing the files shared with no login credentials (no username/password means anonymous login).
The configuration file is:

/etc/samba/smb.conf

[global]
workgroup = WINSHARE
server string = Samba Server %v
netbios name = centossrv
security = user
map to guest = bad user
dns proxy = no
#============================ Share Definitions ============================== 
[share]
path = /mnt/storage1/samba
browsable =yes
writable = no
guest ok = yes
read only = yes

As you can see we use “/mnt/storage1/samba” for our directory where the ISO files will be located. Change this path if you want to put your ISO files somewhere else.
Set the right permissions for the directory and selinux (if you server is not selinux enabled, you could skip the selinux part) and run the samba daemon:

[root@srv0 ~]# mkdir /mnt/storage1/samba
[root@srv0 ~]# chown -R nobody:nobody /mnt/storage1/samba/
[root@srv0 ~]# semanage fcontext -a -t samba_share_t '/mnt/storage1/samba(/.*)?'
[root@srv0 ~]# restorecon -Rv /mnt/storage1/samba/
restorecon reset /mnt/storage1/samba context unconfined_u:object_r:unlabeled_t:s0->unconfined_u:object_r:samba_share_t:s0
[root@srv0 ~]# cd /mnt/storage1/samba/
[root@srv0 samba]# wget http://mirror.leaseweb.com/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso
--2018-06-01 14:15:42--  http://mirror.leaseweb.com/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-Minimal-1804.iso
Resolving mirror.leaseweb.com (mirror.leaseweb.com)... 37.58.58.140, 2a00:c98:2030:a034::21
Connecting to mirror.leaseweb.com (mirror.leaseweb.com)|37.58.58.140|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 950009856 (906M) [application/octet-stream]
Saving to: ‘CentOS-7-x86_64-Minimal-1804.iso’

100%[============================================================================================================================>] 950,009,856 40.1MB/s   in 33s    

2018-06-01 14:16:15 (27.3 MB/s) - ‘CentOS-7-x86_64-Minimal-1804.iso’ saved [950009856/950009856]

[root@srv0 samba]# chown nobody:nobody CentOS-7-x86_64-Minimal-1804.iso
[root@srv0 samba]# systemctl start smb
[root@srv0 samba]# systemctl status smb
● smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2018-06-01 14:17:57 UTC; 20s ago
 Main PID: 31961 (smbd)
   Status: "smbd: ready to serve connections..."
    Tasks: 4
   Memory: 19.0M
   CGroup: /system.slice/smb.service
           ├─31961 /usr/sbin/smbd --foreground --no-process-group
           ├─31964 /usr/sbin/smbd --foreground --no-process-group
           ├─31965 /usr/sbin/smbd --foreground --no-process-group
           └─31966 /usr/sbin/smbd --foreground --no-process-group

Jun 01 14:17:56 srv0@local systemd[1]: Starting Samba SMB Daemon...
Jun 01 14:17:57 srv0@local smbd[31961]: [2018/06/01 14:17:57.761913,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jun 01 14:17:57 srv0@local smbd[31961]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections
Jun 01 14:17:57 srv0@local systemd[1]: Started Samba SMB Daemon.

Configure the firewall to allow only connections from the IPMI KVM IP networks (or a single IP if you need to expose it in the Internet). You can work with build in zone “trusted”, but here we prefer more generic approach, which could be used not only for local IP networks but for real IPs:

[root@srv0 samba]# firewall-cmd --new-zone=smbshare --permanent
success
[root@srv0 samba]# firewall-cmd --zone=smbshare --add-source=192.168.7.0/24 --permanent
success
[root@srv0 samba]# firewall-cmd --zone=smbshare --add-service=samba --permanent
success
[root@srv0 samba]# firewall-cmd --zone=smbshare --add-service=samba-client --permanent
success
[root@srv00 samba]# firewall-cmd --reload
success
[root@srv00 samba]# firewall-cmd --zone=smbshare --list-all
smbshare (active)
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 192.168.7.0/24
  services: samba samba-client
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

[root@srv00 samba]#

STEP 3) Mount a disk in IPMI Virutal Media and boot from it

You could check our additional tutorial for it here –

STEP 3.1) Fill “Share host” and “Path image” only, because we configured our samba share without a password

main menu
Image on Windows Share

STEP 3.2) Upon a successful configuration saving you’ll get a confirmation dialog.

If no confirmation is shown you would not be able to mount the share, check out our Troubleshooting below!

main menu
Save configuration of Image on Windows Share

STEP 3.3) After saving the configuration click on “Mount” to load your ISO file in the virtual CD-ROM.

main menu
Mount Image on Windows Share

STEP 3.4) This dialog is always shown no matter there is such share or not: “Please check the device status to confirm whether the image is mounted/unmounted.”

main menu
Check device status

STEP 3.5) If the Supermicro IPMI accessed successfully the share resource it would mount it (load the ISO file as s CD in the virtual CD-ROM).

If not the three Device 1,2,3 will show the same: “No disk emulation set.”, which means the samba share is not accessible, check the permissions for the file and the firewall first (and the logs files, too).

main menu
There is an iso file mounted

* Troubleshooting

– if you click on button “Save” and just nothing happen – no dialog for successful saving and no dialog at all, probably there is a Javascript error, try to open the web interface from a different browser with clean history or click ctrl+F5 when loading the Virtual Media page! More in Cannot save and mount a Supermicro IPMI Virtual media mount – javascript error?

Cannot save and mount a Supermicro IPMI Virtual media mount – javascript error?

If you have multiple Supermicro servers with many different versions of IPMI KVM software installed it could happen your browser to cache some of the JavaScript and other static content to reuse them, but it could very unpleasant when you have different version of IPMI software on different servers and you might notice strange behavior of the web interface! Especially if you use ssh tunneling to access your multiple Supermicro IPMI KVMs from local IP on your computerTunneling the IPMI/KVM ports over ssh (supermicro ipmi ports)

One of the big problems we have when we wanted to mount a Virtual Media

from a windows share (samba share in our case) in IPMI KVM web interface -> Virtual Media -> CD-ROM image -> Save and when the Save is clicked just nothing happen (sometimes it triggers a reload of the iframe) – no error nothing and no confirmation for successful save! At first it seems the web interface accepted the “Share Host” and “Path to Image”:

main menu
Fill “Share Host” and “Path to Image”

but when you click “Mount” it does not mount the media:
main menu
no disk emulation set

and when you reload the CD-ROM image page you get again blank edit boxes or (the old values):
main menu
Old values

Probably a refresh will get the values blank:
main menu
Blank edit boxes

And if you check your browser console you’ll see there is a JavaScript error:

Uncaught ReferenceError: FocusOnErrorSpecificCharSet3 is not defined

The error might be different, this was in our case. the problem was

the browser cached “https://192.168.0.170/js/utils.js”

from one of the previous servers and there the version of the IPMI KVM software was different and apparently the

/js/utils.js

was throwing an error and not working (this function did not exist in some older Supermicro IPMI KVM versions, the file is there but it is slightly different). The solution is so simple!

Just refresh the page with CTRL+F5 or delete the history or use another browser.

Such a simple problem, but could lead to big problems if you try to use the mount virtual media. In fact look for problems in the JavaScript if you cannot save the configuration in the “Share Host” and “Path to Image”, because when saving the IPMI do not check if there is a live “Share Host” with a windows/samba share and an image there, the software just check for special in “Shared” characters like:

var SpeficCharFilter = /[,; &'"<>\\=$|^?*~`()\[\]\{\}#%]/;

And for the password:

var SpeficCharFilter = /[,; &'"<>\\=$|^?~`()\[\]\{\}#%]/;

But in both cases you’ll get an alert with an error.

So to summer it up if you put IP and a path to the windows share of Virtual Media and click “Save” and nothing happen – no confirmation for successful saving you got a JavaScript error and probably your browser cached one of the JavaScript files, the solution is simple just refresh with CTRL+F5 or load from different browser!
We often use ssh tunneling for IPMI KVM accessTunneling the IPMI/KVM ports over ssh (supermicro ipmi ports) and different version of the static files of the supermicro IPMI web interface are cached locally, which as you can see could have really bad consequences!

Working Save button

click Save button

main menu
Fill “Share Host” and “Path to Image”

Confirmation when everything is OK

main menu
The confirmation of image on windows share has been successfully set.

Update supermicro server’s firmware BIOS under linux with the SUM cli

The newer Supermicro motherboards have the ability to update the system BIOS from IPMI Web management or with a Supermicro tool called

“Supermicro Update Manager (SUM)”

This tool consists of a linux cli and it works on most of the X9/X10/X11 Supermicro systems. If you have one of these motherboards you probably could update your BIOS under linux console and throwing away your freedos cd prehistoric update process (probably coming soon). If you’ve used Supermicro with for ages you probably are aware of the problem with the updating the BIOS, their tool is an old DOS flash utility, which could be used under MS Windows and with linux servers we got a problem! But not any more! Recent motherboards with built-in IPMI modules have “BIOS Update” option in the web interface (under Maintenance menu), but you need a license (which by the way is not expensive).

main menu
BIOS Update

So if you happen to have such server you could give a try to SUM linux cli (yes they made a linux cli and even a freebsd one!). With the SUM cli you could do more than just update the BIOS (which is pretty important) here are the functions you can do Key Management, System Checks, BIOS Management, BMC Management, System Event Log, CMM Management, Storage Management, Applications (through the network) and for some of them you still need a license, but for BIOS update you do not need if you do it as Supermicro says

In-Band

which basically means from the server you want to update (or in general use it). KEEP IN MIND this method will reset your BIOS options to DEFAULTS!!! In fact you need a license to use preserve settings you can see the output of the SUM help for the command UpdateBios. So save your changes to recover them after the update!
And here we present a BIOS update with SUM on one of our Supermicro servers with motherboard X11SSV-M4F
So the BIOS version was 1.0 reported by lshw:

[srv@local ~]# lshw|head -n 25
srv@local
    description: System
    product: Super Server (To be filled by O.E.M.)
    vendor: Supermicro
    version: 0123456789
    serial: 0123456789
    width: 64 bits
    capabilities: smbios-3.0 dmi-3.0 smp vsyscall32
    configuration: boot=normal chassis=server family=To be filled by O.E.M. sku=To be filled by O.E.M. uuid=00000000-0000-0000-0000-111111111111
  *-core
       description: Motherboard
       product: X11SSV-M4F
       vendor: Supermicro
       physical id: 0
       version: 1.02
       serial: 112233000044
       slot: To be filled by O.E.M.
     *-firmware
          description: BIOS
          vendor: American Megatrends Inc.
          physical id: 0
          version: 1.0
          date: 10/18/2016
          size: 64KiB
          capacity: 15MiB

And here are the steps to do:

STEP 1) Download the SUM cli – Supermicro Update Manager and unpack it in your server

You could download freely the SUM version 2 from here: https://www.supermicro.com/solutions/SMS_SUM.cfm (this link explains what the tool is used for) at the bottom of the page there is a link to download the SUM – https://www.supermicro.com/SwDownload/UserInfo.aspx?sw=0&cat=SUM Here you should fill the form with your name, company and email address and then you will be redirected to the download page, which at present is like the screenshot below:

main menu
Supermicro Update Manager (SUM)

When downloaded the linux version you would have the following files in the archive file:

[srv@local ~]# cd
[srv@local ~]# tar xzvf sum_2.0.0_Linux_x86_64_20171108.tar.gz
sum_2.0.0_Linux_x86_64/
sum_2.0.0_Linux_x86_64/ReleaseNote.txt
sum_2.0.0_Linux_x86_64/sum
sum_2.0.0_Linux_x86_64/ExternalData/
sum_2.0.0_Linux_x86_64/ExternalData/VENID.txt
sum_2.0.0_Linux_x86_64/ExternalData/SMCIPID.txt
sum_2.0.0_Linux_x86_64/driver/
sum_2.0.0_Linux_x86_64/driver/RHL4_x86_64/
sum_2.0.0_Linux_x86_64/driver/RHL4_x86_64/sum_bios.ko
sum_2.0.0_Linux_x86_64/driver/RHL6_x86_64/
sum_2.0.0_Linux_x86_64/driver/RHL6_x86_64/sum_bios.ko
sum_2.0.0_Linux_x86_64/driver/RHL5_x86_64/
sum_2.0.0_Linux_x86_64/driver/RHL5_x86_64/sum_bios.ko
sum_2.0.0_Linux_x86_64/driver/RHL7_x86_64/
sum_2.0.0_Linux_x86_64/driver/RHL7_x86_64/sum_bios.ko
sum_2.0.0_Linux_x86_64/SUM_UserGuide.pdf

The “sum” file binary is the tool you need.

STEP 2) Download the new motherboard BIOS firmware

, which for our board (X11SSV-M4F – https://www.supermicro.com/products/motherboard/Xeon/C236_C232/X11SSV-M4F.cfm) it was version 1.1 with filename “X11SVMF8_308.zip”, unpack the file under X11SVMF8_308

[srv@local ~]# cd
[srv@local ~]# unzip X11SVMF8_308.zip
Archive:  X11SVMF8_308.zip
   creating: X11SVMF8.308/
  inflating: X11SVMF8.308/AFUDOSU.SMC  
  inflating: X11SVMF8.308/CHOICE.SMC  
  inflating: X11SVMF8.308/FDT.smc    
  inflating: X11SVMF8.308/FLASH.BAT  
  inflating: X11SVMF8.308/Readme for UP X11 AMI  BIOS.txt  
  inflating: X11SVMF8.308/X11SVMF8.308

The file “X11SVMF8.308” is the BIOS firmware of the motherboard. As you can see the prehistoric DOS executable flash utility is still distributed and is supported method of updating.

STEP 3) Update the BIOS

[srv@local ~]# cd /root/sum_2.0.0_Linux_x86_64
[srv@local ~]# ./sum -c UpdateBios --file ../X11SVMF8.308/X11SVMF8.308 
Supermicro Update Manager (for UEFI BIOS) 2.0.0 (2017/11/08) (x86_64)
Copyright©2017 Super Micro Computer, Inc. All rights reserved
Reading BIOS flash ..................... (100%)
Checking BIOS ID ...
Checking ME Firmware ...
Comparing FDT for ROM file and flash.... (100%)

***************************<<<<<CRITICAL WARNING>>>>>***************************

ExitCode                = 254
Description             = Manual steps are required
Program Error Code      = 119.18
Error message:
    FDT is different. Please use system reboot(do not shutdown 
    or poweroff system) command to force ME enter manufacturing mode 
    and run UpdateBIOS command again to update BIOS and ME region.

********************************************************************************
[srv@local ~]# reboot

As you can see we got critical warning! You may not have the critical, but if you do you need to run the command second time to really flash the new BIOS firmware. So here it is, AFTER rebooting your server login again and execute the command again:

[srv@local ~]# cd /root/sum_2.0.0_Linux_x86_64
[srv@local ~]# ./sum -c UpdateBios --file ../X11SVMF8.308/X11SVMF8.308 
Supermicro Update Manager (for UEFI BIOS) 2.0.0 (2017/11/08) (x86_64)
Copyright©2017 Super Micro Computer, Inc. All rights reserved
Reading BIOS flash ..................... (100%)
Checking BIOS ID ...
Programming BIOS and ME (including FDT)
Writing BIOS flash ..................... (100%)
Verifying BIOS flash ................... (100%)
Checking ME Firmware ...
Putting ME data to BIOS ................ (100%)
Writing ME region in BIOS flash ...
 - Update success for FDR
 - Updated Recovery Loader to OPRx
 - Updated FPT, MFSB, FTPR and MFS
 - ME Entire Image done
WARNING:Must power cycle or restart the system for the changes to take effect!
[srv@local ~]# reboot

And there you have it you updated the BIOS of your server successfully. KEEP IN MIND the BIOS settings are reset to Defaults! When you restart the server the second time (if you get the critical warning or the first time if you do not) you should load the optimized defaults and change your settings according your needs. Go to BIOS and load the optimized defaults and change the settings according your needs (or your backup).

[srv@local ~]# lshw|head -n 25
srv@local
    description: System
    product: Super Server (To be filled by O.E.M.)
    vendor: Supermicro
    version: 0123456789
    serial: 0123456789
    width: 64 bits
    capabilities: smbios-3.0 dmi-3.0 smp vsyscall32
    configuration: boot=normal chassis=server family=To be filled by O.E.M. sku=To be filled by O.E.M. uuid=00000000-0000-0000-0000-111111111111
  *-core
       description: Motherboard
       product: X11SSV-M4F
       vendor: Supermicro
       physical id: 0
       version: 1.02
       serial: 112233000044
       slot: To be filled by O.E.M.
     *-firmware
          description: BIOS
          vendor: American Megatrends Inc.
          physical id: 0
          version: 1.1
          date: 03/08/2018
          size: 64KiB
          capacity: 15MiB

* SUM cli – UpdateBios help output

[srv@local ~]# ./sum -h -c UpdateBios
Supermicro Update Manager (for UEFI BIOS) 2.0.0 (2017/11/08) (x86_64)
Copyright©2017 Super Micro Computer, Inc. All rights reserved
Description
    Updates BIOS with the given image file.
Required Arguments
    --file    <file name>
Optional Arguments
    --reboot
          Forces the managed system to reboot or power up after operation.
    --flash_smbios
          Overwrites the SMBIOS data
    --preserve_nv
          Preserves the NVRAM region
    --preserve_mer
          Preserves the ME firmware region
    --preserve_setting
          Preserves setting configurations
Usage Modes
    [OOB] [In-Band] [Multiple systems OOB] 
Node Product Key Required
     No for [In-Band]
    Yes for [OOB]
Examples
OOB
  # ./sum -i 192.168.34.56 -u ADMIN -p ADMIN -c UpdateBios --file BIOS.rom 
    --reboot
In-Band
  # ./sum -c UpdateBios --file BIOS.rom --reboot
Multiple systems OOB
  # ./sum -l IP_ADDR_RANGE.txt -u ADMIN -p ADMIN -c UpdateBios --file BIOS.rom 
    --reboot
Notice
    1. For [OOB] and [Multiple systems OOB] usage modes, before executing this 
    command, it is recommended to shutdown the managed system first.
    2. --preserve_setting option is only supported in Purley and the platforms 
    of later versions. Note that --preserve_setting option for in-band usage 
    requires "SFT-OOB-LIC" product key. The preserved setting configurations 
    will be listed in preserved_settings.log.

* SUM cli generic help output


[srv@local ~]# ./sum 
Supermicro Update Manager (for UEFI BIOS) 2.0.0 (2017/11/08) (x86_64)
Copyright©2017 Super Micro Computer, Inc. All rights reserved

NAME
  sum (Supermicro Update Manager)

SYNOPSIS
  sum [OPTIONs] [COMMAND] [COMMAND ARGUMENTS]

OPTIONS
  -h  Shows help information.
  -v  Displays the verbose output.
  -i  <BMC/CMM IP address or BMC/CMM host name>
  -l  <BMC/CMM system list file name. Refer to the user's guide for formatting>
  -u  <BMC/CMM user ID>
  -p  <BMC/CMM user password>
  -c  <command name> (case insensitive)

USAGE MODES
○  Single System Out-Of-Band (OOB) Management [operates on single BMC/CMM]: 
    Must use -i,-u, -p options
○  Single System In-Band Management [operates on local OS]: Do not use -i, -u 
    and -p options
○  Concurrent Systems OOB Management [operates on multiple system BMCs/CMMs]: 
    Replace -i option with -l option

COMMANDS
Function Group             Command Names

Key Management             ActivateProductKey, QueryProductKey, ClearProductKey
System Checks              CheckOOBSupport, CheckAssetInfo, 
                           CheckSystemUtilization, CheckSensorData
BIOS Management            GetBIOSInfo, UpdateBios, GetDefaultBiosCfg, 
                           GetCurrentBiosCfg, ChangeBiosCfg, 
                           LoadDefaultBiosCfg, GetDmiInfo, ChangeDmiInfo, 
                           EditDmiInfo, SetBiosAction
BMC Management             GetBmcInfo, UpdateBmc, GetBmcCfg, ChangeBmcCfg
System Event Log           GetEventLog, ClearEventLog
CMM Management             GetCmmInfo, UpdateCmm, GetCmmCfg, ChangeCmmCfg
Storage Management         GetRaidControllerInfo, UpdateRaidController, 
                           GetRaidCfg, ChangeRaidCfg, GetSataInfo, GetNvmeInfo
Applications               TpmProvision, MountIsoImage, UnmountIsoImage

COMMAND USAGE
  See help message for each command
  Syntax:"  # ./sum -h -c <command name>"
  Notes: 1)Command support is platform dependent. Please refer to Appendix C in 
         the user's guide for platform dependency hints.
         2)If BMC/CMM user ID or password includes special characters, it has 
         to be quoted.

EXAMPLES
OOB
  # ./sum -i 192.168.34.56 -u ADMIN -p ADMIN -c ChangeBmcCfg --file BmcCfg.txt
  # ./sum -i 192.168.34.56 -u ADMIN -p "&123456" -c ChangeBmcCfg --file 
  BmcCfg.txt
Multiple systems OOB
  # ./sum -l IP_ADDR_RANGE.txt -u ADMIN -p ADMIN -c GetBIOSInfo --file BIOS.rom
  # ./sum -l IP_ADDR_RANGE.txt -u ADMIN -p "&123456" -c GetBIOSInfo --file 
  BIOS.rom
In-Band
  # ./sum -c UpdateBios --file BIOS.rom
Help Message
  # ./sum -h -c UpdateBios

SUPERMICRO IPMI/KVM module tips – reset the unit and the admin password

After the previous howto “SUPERMICRO IPMI to use one of the one interfaces or dedicated LAN port” (in the howto is showed how to install the needed tool for managing the IPMI/KVM unit under console) of setting the network configuration there are a couple of interesting and important tips when working with the IPMI/KVM module. Here are they are:

  1. Reset IPMI/KVM module – sometimes it happen the keyboard or mouse not to work when the Console Redirection is loaded, it is easy to reset the unit from the web interface, but there are case when the web interface is not working – so ssh to your server and try one of the following commands:
    * warm reset – it’s like a reboot, inform the IPMI/KVM to reboot itself.

    ipmitool -I open bmc reset warm
    

    It does not work in all situations! So try a cold reset
    * cold reset – resets the IPMI/KVM, it’s like unplug and plug the power to the unit.

    ipmitool -I open bmc reset cold
    
  2. Reset the configuration of an IPMI/KVM module to factory defaults. It is useful when something goes wrong when upgrading the firmware of the unit and the old configuration is not supported or it says it is, but at the end the unit does not work properly. In rare cases it might help when the KVM (Keyboard, Video, Monitor part aka Console redirection does not work)
    Here is the command for resetting to factory defaults:

    ipmitool -I open raw 0x3c 0x40
    
  3. Reset admin password – reset the password for the administrator login of the IPMI/KVM unit. It’s trivial losing the password so with the help of the local console to the server you can reset the password to a simple one and then change it from the web interface.
    ipmitool -I open user set password 2 ADMIN
    

    The number “2” is the ID of the user, check it with:

    [root@srv0 ~]# ipmitool -I open user list
    ID  Name             Callin  Link Auth  IPMI Msg   Channel Priv Limit
    1                    true    false      false      Unknown (0x00)
    2   ADMIN            true    false      false      Unknown (0x00)
    3                    true    false      false      Unknown (0x00)
    4                    true    false      false      Unknown (0x00)
    5                    true    false      false      Unknown (0x00)
    6                    true    false      false      Unknown (0x00)
    7                    true    false      false      Unknown (0x00)
    8                    true    false      false      Unknown (0x00)
    9                    true    false      false      Unknown (0x00)
    10                   true    false      false      Unknown (0x00)
    

    Sometimes if a hacker got to your IPMI/KVM you could see the user table with the above command. There was a serious bug aka backdoor in some of these units, the ID of the ADMIN user or even the username could be changed, so you should use the list command to list the current user table.
    Use set name to set the username of the user.

    ipmitool -I open user set name 2 ADMIN
    
  4. Set a new network configuration. It’s worth mentioning again the howto for this purpose – “SUPERMICRO IPMI to use one of the one interfaces or dedicated LAN port

All commands using the network option of the ipmitool

ipmitool -I lanplus -H 192.168.7.150 -U ADMIN -P ADMIN bmc reset warm
ipmitool -I lanplus -H 192.168.7.150 -U ADMIN -P ADMIN bmc reset cold
ipmitool -I lanplus -H 192.168.7.150 -U ADMIN -P ADMIN raw 0x3c 0x40
ipmitool -I lanplus -H 192.168.7.150 -U ADMIN -P ADMIN user set password 2 ADMIN
ipmitool -I lanplus -H 192.168.7.150 -U ADMIN -P ADMIN user list

The IP 192.168.7.150 is the IP of your IPMI/KVM module, which you want to change with the above commands.

Tunneling the IPMI/KVM ports over ssh (supermicro ipmi ports)

The best security for the remote management unit in your server such as IPMI/KVM is to have local IP. All IPMI/KVM IP should be switched to a separated switch and a local sub-network used for the LAN Settings. So to be able to connect to the IPMI/KVM module you need a VPN connection to gain access to the local sub-network used for your servers’ management modules. However, sometimes the VPN cannot be used or it just happened the server is down, or you are at a place restricting unknown ports (or ports above 1024), which your VPN uses (that’s why the VPN server should use only one port from the most popular – 80, 443, but that’s a thing for another howto…) and so on. So you end with no ability to connect to the VPN server or you think you do not need at all a VPN server, because you always could use

openssh

to do the trick of tunneling ports from your computer to the IPMI/KVM module of your server through a server, which has an access to the local sub-network of the IPMI/KVM modules.

So here is what you need to get to the remote management of your server just using ssh for tunneling:

STEP 1) A server, which has access to the IP network of the IPMI/KVM modules.

Let’s say you set to all your servers’ IPMI/KVM modules IPs from network 192.168.7.0/24, so your server must have an IP from 192.168.7.0/24, for example 192.168.7.1, add it as an alias or to a dedicated LAN connected to the switch, in which of all your IPMI/KVM modules are plugged in. This server will be used as a transfer point to a selected IPMI/KVM IP.

STEP 2) Tunnel local selected ports using ssh to the server from STEP 1)

Use this command:

ssh -N -L 127.0.0.1:80:[IPMI-IP]:80 -L 127.0.0.1:443:[IPMI-IP]:443 -L 127.0.0.1:5900:[IPMI-IP]:5900 -L 127.0.0.1:623:[IPMI-IP]:623 root@[SERVER-IP]

For example using 192.168.7.150 for an IPMI/KVM IP:

[root@srv0 ~]# ssh -N -L 127.0.0.1:80:192.168.7.150:80 -L 127.0.0.1:443:192.168.7.150:443 -L 127.0.0.1:5900:192.168.7.150:5900 -L 127.0.0.1:623:192.168.7.150:623 root@example-server.com

With the above command you can use the web interface (https://127.0.0.1/, you could replace 127.0.0.1 with a local IP or a local IP alias of your machine), the java web start “Console Redirection” (the KVM – Keyboard, Video and Mouse) and you can mount Virtual Media from your computer to your server’s virtual CD/DVD device. Unfortunately to use properly the Virtual CD/DVD you must tunnel the UDP on port 623 (not only TCP 623), which is a little bit tricky. To tunnel the UDP packets

socat – Multipurpose relay (SOcket CAT)

program must be used.

STEP 3) Tunnel local selected ports using ssh to the server from STEP 1) and UDP port using socat

[root@srv0 ~]# socat -T15 udp4-recvfrom:623,reuseaddr,fork tcp:localhost:8000
[root@srv0 ~]# ssh -L8000:localhost:8000 -L 127.0.0.1:80:192.168.7.150:80 -L 127.0.0.1:443:192.168.7.150:443 -L 127.0.0.1:5900:192.168.7.150:5900 -L 127.0.0.1:623:192.168.7.150:623 root@example-server.com socat tcp4-listen:8000,reuseaddr,fork UDP:192.168.7.150:623

This will start a UDP listening socket on localhost port 8000. Every packet will be relayed using TCP to localhost 8000, which will be tunneled using ssh command to the remote server, where there is a started another socat listening TCP socket on port 8000, which will relay every packet to the UDP port 623 of IP 192.168.7.150. Replace the IP 192.168.7.150 with your IPMI/KVM IP.

* Here are the required ports for SUPERMICRO IPMI functionality in X9 and X10 motherboards

  • X9-motherboards, the ports are

    TCP Ports
    HTTP: 80
    HTTPS: 443
    SSH: 22
    WSMAN: 5985
    Video: 5901
    KVM: 5900
    CD/USB: 5120
    Floppy: 5123
    Virtual Media: 623
    SNMP: 161

    UDP ports:
    IPMI: 623

  • For X10-motherboards, the ports are

    TCP Ports
    HTTP: 80
    HTTPS: 443
    SSH: 22
    WSMAN: 5985
    Video: 5901
    KVM: 5900 , 3520
    CD/USB: 5120
    Floppy: 5123
    Virtual Media: 623
    SNMP: 161

    UDP ports:
    IPMI: 623

You could add the required port to the ssh command above if you need it!

Virtual Device mounted successfully

Successful mount in Console Redirection with Virtual Media:

main menu
Virtual Storage

if you are logged in the server and mount an ISO with the Virtual Device you’ll probably have this in “dmesg”:

[46683751.661063] usb 2-1.3.2: new high-speed USB device number 8 using ehci-pci
[46683751.795048] usb 2-1.3.2: New USB device found, idVendor=0ea0, idProduct=1111
[46683751.795051] usb 2-1.3.2: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[46683751.795365] usb-storage 2-1.3.2:1.0: USB Mass Storage device detected
[46683751.795553] scsi6 : usb-storage 2-1.3.2:1.0
[46683752.795730] scsi 6:0:0:0: CD-ROM            ATEN     Virtual CDROM    YS0J PQ: 0 ANSI: 0 CCS
[46683752.806839] sr0: scsi3-mmc drive: 40x/40x cd/rw xa/form2 cdda tray
[46683752.806842] cdrom: Uniform CD-ROM driver Revision: 3.20
[46683752.806933] sr 6:0:0:0: Attached scsi CD-ROM sr0
[46683752.806971] sr 6:0:0:0: Attached scsi generic sg1 type 5

SUPERMICRO IPMI to use one of the LAN interfaces or dedicated LAN port

If you happen to have a Supermicro server and you want to change the default behavior of the IPMI LAN interface, which is

Failover – on boot check whether the dedicated LAN port is connected if so use the it, otherwise use the shared LAN1

So if change it there are some magic commands to change this default behavior:

  • Always use dedicated LAN:
    within the server under console:

    ipmitool -I open raw 0x30 0x70 0x0c 1 0
    

    from remote using the network:

    ipmitool -I lanplus -H 192.168.7.150 -U ADMIN -P ADMIN raw 0x30 0x70 0x0c 1 0
    

    Sometimes the output of the last command (that using the lanplus) will output:

    Unable to send RAW command (channel=0x0 netfn=0x30 lun=0x0 cmd=0x70)
    

    But it sets the value despite the error output “Unable to send”. You could check it with the read command (the last example).

  • Always use shared LAN1:
    within the server under console:

    ipmitool -I open raw 0x30 0x70 0xc 1 1 
    

    from remote using the network:

    ipmitool -I lanplus -H 192.168.7.150 -U ADMIN -P ADMIN raw 0x30 0x70 0x0c 1 1
    

    Sometimes the output of the last command (that using the lanplus) will output:

    Unable to send RAW command (channel=0x0 netfn=0x30 lun=0x0 cmd=0x70)
    

    But it sets the value despite the error output “Unable to send”. You could check it with the read command (the last example).

  • Always use failover (factory default):
    within the server under console:

    ipmitool -I open raw 0x30 0x70 0xc 1 2
    

    from remote using the network:

    ipmitool -I lanplus -H 192.168.7.150 -U ADMIN -P ADMIN raw 0x30 0x70 0x0c 1 2
    
  • Sometimes the output of the last command (that using the lanplus) will output:

    Unable to send RAW command (channel=0x0 netfn=0x30 lun=0x0 cmd=0x70)
    

    But it sets the value despite the error output “Unable to send”. You could check it with the read command (the last example).

Get the current value with:

[root@srv0 ~]# ipmitool -I open raw 0x30 0x70 0x0c 0
 02
[root@srv0 ~]#

Default (failover): you will see 02
Onboard LAN: you will see 01
Dedicated LAN: you will see 00

The 192.168.7.157 is the IP of the IPMI KVM module and the -U ADMIN and -P ADMIN are username and the password login details to the module (ADMIN/ADMIN are just default settings for the Supermicro IPMI/KVM)

* Here you can set the LAN IP configuration – “Set IP to the IPMI/KVM server module with ipmitool