Lenovo BIOS settings common to servers
This page contains information about BIOS settings common to Lenovo servers.
Booting and BIOS configuration
Press
F1during start-up to enter the BIOS and firmware setup menus. In the BMC GUI you may also pressQuick Actionsand select the Power ActionBoot Server to System Setup.Press
F10for network boot andF12for a one-time boot menu.
XClarity Provisioning Manager
Initial BMC login credentials:
Username: USERID
Password: PASSW0RD (Note the zero!)
Note: If you have several SSH authentication key files ($HOME/.ssh/id_*) they will be tried in turn,
and since the BMC accepts a maximum of 5 login attempts, SSH logins may fail with the error:
Received disconnect from 10.x.x.x port 22:2: Too many authentication failures
Workaround: Specify only 1 of the keys to the SSH command, for example:
ssh -i $HOME/.ssh/id_rsa <BMC_hostname>
Minimal configuration of a new server or a new motherboard
At our site the following minimal settings are required for a new server or a new motherboard.
The (BMC) setup is accessed via the console or BMC web GUI.
Login with the above credentials.
Go to the BMC Configuration menus and the login credentials:
Click on
Global Settingsand deselectComplex password requiredand setMinimum password lengthto 8 (or according to your policies). Also changeMinimum password change intervalto0so that you can change the password as needed.In the
User/LDAPmenu edit the BMC localUser namefromUSERIDtoroot. Here you may also change the password.
BMC network settings
You may change the BMC Configuration Network settings:
Change the BMC
Hostnameto the server’s DNS name, or selectObtain Hostname from DHCP.Configure
DHCP controltoDHCP enabled. Important: Set the BMC network address selection toObtain IP from DHCPin stead of the defaultFirst DHCP, then static IPso that the BMC does not fall back to a private IP-address!Set
IPv6toDisabled.When done press
Apply.
Modify the DNS and DDNS settings:
Change DNS
Preferred address typetoIPv4.Change DDNS to
Disabled.Disable
Use DNS to discover Lenovo XClarity Administrator. Note: If your network has a DNS server configured to advertise the address of a Lenovo XClarity Administrator (LXCA) instance. Lenovo offers a 90 days trial license for LXCA. The BMC will periodically search each DNS server for SRV records defined as:_lxca._tcp. If an LXCA instance is found, the BMC will attempt to announce its presence to the selected address of LXCA instance.When done press
Apply.
In Service Enablement and Port Assignment enable the IPMI over LAN.
The web GUI says:
The current security settings require incoming IPMI over LAN connection to use cipher suite ID 17.
If you are using the IPMItool utility (prior to version 1.8.19), you must specify the option “-C 17” to connect to this management controller.
When using the Linux FreeIPMI CLI commands use the -I CIPHER-SUITE-ID option, for example:
ipmipower -I 17 -D LAN_2_0 ....
NOTE: Some BMC brands (HPE, SuperMicro) unfortunately only support the default cipher suite -I 3 and will reject connections with -I 17.
BMC Security
You may change the BMC Configuration Security settings:
If desired set the
IPMI SEL Log WrappingtoEnabled.
Configuration using the console
The BMC GUI has a Remote Console menu to open a console in a new browser tab.
Press F1 during start-up to enter the BIOS and firmware setup menus.
In the BMC GUI you may also press Quick Actions and select the Power Action Boot Server to System Setup.
Use the console to configure the UEFI setup.
Go to the menu BMC settings submenu Network settings:
Configure
DHCP controltoDHCP enabled. Important: Set the BMC network address selection toObtain IP from DHCPin stead of the defaultFirst DHCP, then static IPso that the BMC does not fall back to a private IP-address!Set
IPv6toDisabled.When done press
Save Network Settings.
Go to the menu UEFI Setup:
In
System Settings -> Processorsselect DisableSMT Mode(Symmetric Multithreading).In
System Settings -> Network -> Network Stack Settingsyou probably want to setIPv6 PXE Supportto Disabled.In
System Settings -> Network -> Network Boot Settingsyou have tounconfigure PXEfor each individual NIC in theMAC addresssubmenu that will never be used for network PXE booting:Set
UEFI PXE Modeto Disabled.Set
Legacy PXE Modeto Disabled.
In
Boot Manager -> Change Boot Orderuse + and - to change the boot order items to 1) Network, 2) Hard disk. PressCommit Changes and Exit.In
Boot Manager -> Set Boot Priority -> Network Priorityuse + and - to move down the priority of IPv6.When done press
Save Settings.When all configuration is finished press
Exit UEFI Setup.