[Cisco] UCSM / FI6248UP ‘default Keyring’s certificate is invalid, reason: expired’

在維護已久的UCSM (FI6xxx) series總是容易見著這樣的錯誤訊息。不去理會其它不會對維運設備造成太大影響,只是偶而客戶問及總不希望有個錯誤訊息掛載在那兒。
ucs-error.jpg

Resolution :

step01. SSH login UCSM

step02. # scope security

step03. /security# scope keyring default

step04./security/keyring# set regenerate yes

step05./security/keyring* commit-buffer // 套用立即生效

等待幾分鐘這個錯誤訊息即會消失..^O^


 

Rerfernce :

  1. vStrong.info – HOW TO: Regenerate expired UCS Manager certificate
  2. virtualbuildingblocks.com – Regenerate Expired Cisco UCS Certificate
  3. vnotions – Fix: Cisco UCSM – Default Keyring’s certificate is invalid

[Cisco] How to login LDAP / AD enviroment UCSM ?

  • Putty
    Login as: ucs-<domain-name>\<username>
  • From Linux / MAC machine
    ssh ucs-<domain-name>\\<username>@<UCSM-IP-Address>
    ssh -l ucs-<domain-name>\\<username> <UCSM-IP-address>
    ssh <UCSM-IP-address> -l ucs-<domain-name>\\<username>

它能夠登入重點在於前面一定要帶 " ucs- " 才能登入就對了。


Reference : UCSM LDAP Troubleshooting guide

[Server] Cisco UCS C-series use ‘Direct Connect Mode’ , don’t need FEX

自UCS 2.2開始支援C-series (Rack-Server) 可以直連Nexus FI6xxx ,無需透過Nexus 2K series Fabric Extenders (FEX)

(注意事項)
1. C200, C210, and C250 do not support Direct Connect.
2. A maximum of 120 virtual interfaces (但透過FEX原是可以到256 virtual interfaces)
3. UCSM need 2.2 and above
4. following supported Cisco UCS C-Series servers and corresponding CIMC release versions listed in the following table
5. VIC adapters must be installed in the correct slot
6. FI ports must be configured as “server" ports
7. At least one 10-Gb SFP cable for each card. You cannot connect the card to the same FI from both the ports

(Before You Begin)
1. FI ports are configured as “server" ports
2. Cisco UCS VIC 1225 or Cisco VIC 1227 is installed in the correct slot
3. Do not mix SFP types on an uplink with FI

(Topology)
UCS-C-series-direct-mode.jpg

 

 


Reference : Cisco – Cisco UCS C-Series Server Integration with Cisco UCS Manager 2.2

[Cisco] UCS use CLI collect CIMC Log

# scope cimc

# scope tech-support

tech-support> set remote-protocol tftp // 決要要上傳什麼協定 tftp / scp / ftp ..
tech-support> set remote-ip 192.168.1.1
tech-support> set remote-path UCS.tar.gz
tech-support> set remote-username user  // 若是ftp / scp 需帳號
tech-support> set remote-password userpass // 若是ftp / scp 需密碼

tech-support> commit // 套用生效

tech-support> start // 開始收集

tech-support> show // 觀察

[Cisco] UCS C2xx-M3 series change ‘admin’ password

step01. # show user // 查看目前要變更’admin’ user-id 是多少 , 通常是1

step02. # scope user {user-id}
sample > scope user 1

step03. # set password // 輸入二次新密碼

step04.*# commit // 套用生效

Done.