[Cisco] UCSM / FI6248UP ‘default Keyring’s certificate is invalid, reason: expired’

在維護已久的UCSM (FI6xxx) series總是容易見著這樣的錯誤訊息。不去理會其它不會對維運設備造成太大影響,只是偶而客戶問及總不希望有個錯誤訊息掛載在那兒。

Resolution :

step01. SSH login UCSM

step02. # scope security

step03. /security# scope keyring default

step04./security/keyring# set regenerate yes

step05./security/keyring* commit-buffer // 套用立即生效



Rerfernce :

  1. vStrong.info – HOW TO: Regenerate expired UCS Manager certificate
  2. virtualbuildingblocks.com – Regenerate Expired Cisco UCS Certificate
  3. vnotions – Fix: Cisco UCSM – Default Keyring’s certificate is invalid

[Cisco] How to login LDAP / AD enviroment UCSM ?

  • Putty
    Login as: ucs-<domain-name>\<username>
  • From Linux / MAC machine
    ssh ucs-<domain-name>\\<username>@<UCSM-IP-Address>
    ssh -l ucs-<domain-name>\\<username> <UCSM-IP-address>
    ssh <UCSM-IP-address> -l ucs-<domain-name>\\<username>

它能夠登入重點在於前面一定要帶 " ucs- " 才能登入就對了。

Reference : UCSM LDAP Troubleshooting guide

[Server] Cisco UCS C-series use ‘Direct Connect Mode’ , don’t need FEX

自UCS 2.2開始支援C-series (Rack-Server) 可以直連Nexus FI6xxx ,無需透過Nexus 2K series Fabric Extenders (FEX)

1. C200, C210, and C250 do not support Direct Connect.
2. A maximum of 120 virtual interfaces (但透過FEX原是可以到256 virtual interfaces)
3. UCSM need 2.2 and above
4. following supported Cisco UCS C-Series servers and corresponding CIMC release versions listed in the following table
5. VIC adapters must be installed in the correct slot
6. FI ports must be configured as “server" ports
7. At least one 10-Gb SFP cable for each card. You cannot connect the card to the same FI from both the ports

(Before You Begin)
1. FI ports are configured as “server" ports
2. Cisco UCS VIC 1225 or Cisco VIC 1227 is installed in the correct slot
3. Do not mix SFP types on an uplink with FI




Reference : Cisco – Cisco UCS C-Series Server Integration with Cisco UCS Manager 2.2

[Cisco] UCS use CLI collect CIMC Log

# scope cimc

# scope tech-support

tech-support> set remote-protocol tftp // 決要要上傳什麼協定 tftp / scp / ftp ..
tech-support> set remote-ip
tech-support> set remote-path UCS.tar.gz
tech-support> set remote-username user  // 若是ftp / scp 需帳號
tech-support> set remote-password userpass // 若是ftp / scp 需密碼

tech-support> commit // 套用生效

tech-support> start // 開始收集

tech-support> show // 觀察