Step by step configuration of the XSCF console for the Sun SPARC M3000 server.

December 22, 2009
By

I installed the new SPARC M3000 server on the rack and powered it on. The M3000 can only be configured via the serial cable connected to the serial port for XSCF. Any windows computer with hyperterminal should be able to connect to it’s console. Once the XSCF interface has been configured with an IP address and telnet has been enabled, you can then connect to it remotely across the network with telnet.

XSCF (eXtended System Control Facility is used to control, monitor, operate, and service SPARC Enterprise series servers and domains. You can power on/off the server (domain) via the XSCF interface. As long as the server is plugged into a power source the XSCF console will always be online even though the domain (server) is off. For those who are familiar with Windows servers, the XSCF is similar to the DRAC interface for Dell servers or HP Insight Manager.

When you are connected to the XSCF console, you will be prompted for a login ID. The default ID is “default” and there is no password. With this ID you will need to create a new administrative ID. You also need to be standing close to the server for this process as you will be prompted to change the panel mode switch. If you do not create a new logon ID whenever you connect to the console or when the console session times out, you will be prompted to change the panel mode switch.

login: default
Change the panel mode switch to Locked and press return…
Leave it in that position for at least 5 seconds. Change the panel mode switch
to Service, and press return…

Check the version of XSCF.

XSCF> version -c xcp
XSCF#0 (Active )
XCP0 (Current): 1090
XCP1 (Reserve): 1090

Create a user andrew

XSCF> adduser andrew
XSCF> password
password: Permission denied

Change the password for andrew

XSCF> password andrew
New XSCF password:
Retype new XSCF password:

Grant andrew the following privileges, useradm, platadm, aplatop.

XSCF> setprivileges andrew useradm platadm platop

Here is a list of all available privileges.

domainop@n
• Can refer to the status of any hardware mounted in a domain_n.
• Can refer to the status of any part of a domain_n.
• Can refer to the information of all system boards mounted.

domainmgr@n
• Can power on, power off, and reboot a domain_n.
• Can refer to the status of any hardware mounted in a domain_n.
• Can refer to the status of any part of a domain_n.
• Can refer to the information of all system boards mounted.

platop
• Can refer to the status of any part of the entire server but cannot change it.

platadm
• Control of the entire system
• Can operate all hardware in the system.
• Can configure all XSCF settings except the useradm and auditadm privilege settings.
• Can add and delete hardware in a domain.
• Can do the power operation of a domain.
• Can refer to the status of any part of the entire server.

useradm
• Can create, delete, invalidate, and validate user accounts.
• Can change user passwords and password profiles.
• Can change user privileges.

auditop
• Can refer to the XSCF access monitoring status and monitoring methods.

auditadm
• Can monitor and control XSCF access.
• Can delete an XSCF access monitoring method.

fieldeng
• Allows field engineers to perform the maintenance tasks or change the server configuration.

None
• When the local privilege for a user is set to none, that user has no privileges, even if the privileges
for that user are defined in LDAP.
• Setting a user’s privilege to none prevents the user’s privileges from being looked up in LDAP.

XSCF firmware has two networks for internal communication. The Domain to Service Processor Communications Protocol (DSCP) network provides an internal communication link between the Service Processor and the Solaris domains. The Inter-SCF Network (ISN) provides an internal communication link between the two Service Processors in a high-end server.

Configure DSCP with an IP address using the setdscp command.

XSCF> setdscp
DSCP network [0.0.0.0 ] > 10.1.1.0

DSCP netmask [255.0.0.0 ] > 255.255.255.0

XSCF address [10.1.1.1 ] >
Domain #00 address [10.1.1.2 ] >
Commit these changes to the database? [y|n] : y

Configure the XSCF interface with an IP address, this will be the adress you connect to via telnet to manage the console.

XSCF> setnetwork xscf#0-lan#0 -m 255.255.0.0. 162.10.10.11

Enable the XSCF interface you just configured with an IP address of 162.10.10.11

XSCF> setnetwork -c up lan#0

Confiure the default route

XSCF> setroute -c add -n 0.0.0.0 -g 162.10.10.1 xscf#0-lan#1
XSCF> showroute -a
Destination Gateway Netmask Flags Interface
1622.10.0.0 * 255.255.0.0 U xscf#0-lan#0

Configure the hostname.

XSCF> sethostname xscf#0 paris

Configure the domain name.

XSCF> sethostname -d parishilton.com

You must apply the network configurations with the applynetwork command.

XSCF> applynetwork
The following network settings will be applied:
xscf#0 hostname :paris
DNS domain name :parishilton.com

interface : xscf#0-lan#0
status :up
IP address :162.10.10.11
netmask :255.255.0.0
route :

interface : xscf#0-lan#1
status :down
IP address :
netmask :
route :

Continue? [y|n] :yes

Please reset the XSCF by rebootxscf to apply the network settings.
Please confirm that the settings have been applied by executing
showhostname, shownetwork, showroute and shownameserver after rebooting
the XSCF.

Now reboot XSCF for the configuration to take effect.

XSCF> rebootxscf

After the reboot check the network settings.

XSCF> shownetwork -a
xscf#0-lan#0
Link encap:Ethernet HWaddr 00:0B:5D:E3:39:B4
inet addr:162.10.10.11 Bcast:162.10.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13160 errors:0 dropped:0 overruns:0 frame:0

TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1943545 (1.8 MiB) TX bytes:210 (210.0 B)
Base address:0xe000

xscf#0-lan#1
Link encap:Ethernet HWaddr 00:0B:5D:E3:39:B5
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Base address:0xc000

Enable ssh, it will require a reboot.

XSCF> setssh -c enable
Continue? [y|n] :y
Please reset the XSCF by rebootxscf to apply the ssh settings.

Enable telnet. You probably do not need telnet if ssh is enabled.

XSCF> settelnet -c enable
XSCF> showtelnet
Telnet status: enabled

It is much easier to configure and manage XSCF via https as you do not have to remember all the commands. I will show you how to enable https by creating a Web Server Certificate by constructing the self CA.

First generate the web server private key. Remember the passphrase you will need it in the next step.

XSCF> sethttps -c genserverkey
Enter passphrase:
Verifying – Enter passphrase:

Create the self-signed web server certificate by speficying the DN.

XSCF> sethttps -c selfsign CA Ontario Toronto CupidPost Technology Center andrew_lin@email.com
CA key and CA cert already exist. Do you still wish to update? [y|n] :y
Enter passphrase:
Verifying – Enter passphrase:

Now enable https.

XSCF> sethttps -c enable
Continue? [y|n] :y
Please reset the XSCF by rebootxscf to apply the https settings.

Reboot with the rebootxscf command,

XSCF> rebootxscf
The XSCF will be reset. Continue? [y|n] :y

After the reboot you can connect to the XSCF console by telnet, ssh or https.

Be Sociable, Share!

42 Responses to “ Step by step configuration of the XSCF console for the Sun SPARC M3000 server. ”

  1. Gregory Montoya on April 3, 2015 at 11:29 am

    I’m working on a fujitsu m10-1 server. I know its a slightly different but the commands are much the same. Question…(through seriel connection) If i set the IP and subnet info with the “setnetwork” cmd… why when setting the gateway with “setroute” command does setroute give 3 ip options to possibly input (-n -m -g)????? all i want is the gateway(-g)! If i already put the ip in the “setnetwork” am i supposed to duplicate the same (-n) ip in the “setroute” or can i put {-n 0.0.0.0 -g xxx.xxx.xxx.xxx or will that cause a problem if i put all 0.0.0.0 for the -n… idk its a bit confusing im used to a separate field for the gateway. lastly.. After sxcf port0 has basic IP settings i should be able to use a cat5 from my laptop to port0 and access through the browser right… is the login “default” on that too? Is there anything i must enable to access that.

  2. bl on August 30, 2012 at 1:06 pm

    Does disconnecting the power cables or opening the chassis impact the XSCF card?

    We need to upgrade our M5000. We shutdown the operating system and issued a “poweroff -a” at the XSCF prompt. Then we opened the chassis and removed and replaced one CPU card and one memory module. Now we cannot get our server to boot. A “showhardconf” returns “Permission denied”.

    The user still has privileges.
    XSCF> showuser
    User Name: mainadmin
    UID: 100
    Status: Enabled
    Minimum: 0
    Maximum: 99999
    Warning: 7
    Inactive: -1
    Last Change: Jun 15, 2009
    Password Expires: Never
    Password Inactive: Never
    Account Expires: Never
    Privileges: useradm
    platadm
    fieldeng
    auditadm

    Thank you

    • Andrew Lin on September 7, 2012 at 3:02 pm

      Hmm, sorry I do not know the answer for this.

      • vinoth on September 13, 2012 at 6:29 am

        I need a clarification. We have got a new SPARC M4000 server. When i create a new user account in XSCF as root or admin it replies me as already exists. If it is so then what’ll be the default password for those two user accounts in XSCF. Now we are using from account default only. Expecting your reply soon.

        • Andrew Lin on November 14, 2012 at 11:26 am

          If the account already exists, you can try to change the password.

  3. Sriram on July 27, 2012 at 3:16 am

    Hi Andrew,

    Is anyway to reset the XSCF from solaris OS?

  4. max on March 7, 2012 at 1:14 am

    Good day!
    Thanks for nice article. One thing I wnated to clarify. What will happen with running domain if I change panel mode switch to service? Will it go down?

  5. Anup on January 8, 2012 at 1:59 pm

    Hi Andrew…Will rebooting a xscf affect the domain on a M3000?
    Regards

  6. Cal on September 27, 2011 at 12:14 am

    Recently a temporary IOU error occurred on one of our M5000’s as a result of one of our sysadmins pulling a pcie card then reinserting into a different IO slot. We were able to clear this up for the most part by ourselves with exception that ‘showstatus’ on XSCF was no longer showing a good clean status. Rather the showstatus indicated “degraded IOU#0”. We tried to clear the degraded status following the command syntax of fmadm on the XSCF. Yet apparently even with fieldeng and platadm privilege, one hasn’t the authority to use fmadm on the xscf except for the very basics. After creating an SR with Oracle support, solution center engineer said they would send a field engineer out… that they only allowed field engineers to sign in and clear the status. There may be good reason for this however since we messed ourselves up and new the issue was temporary it sure would of helped if we could of cleared the degraded status without creating a service call. After the fact now, I believe there may have been a way for us to clear this ourselves… By signing on as ‘default’ to XSCF via the serial interface and following the instructions to physically turn the mode to key to service… then I think we may have been able to clear this on our own via fmadm on XSCF. Has anyone on this thread ever run into this before?

    • Andrew Lin on September 30, 2011 at 6:44 am

      Cal,
      I have not run into this issue. But please feel free to update us.

  7. Dace on September 21, 2011 at 1:21 am

    Great article, very helpful. Unfortunately, my problem is getting the XSCF> prompt. I have a M4000 Server & am trying to access XSCF via Hyperterminal. Used the Serial Connection but am getting a console login rather than the XSCF> prompt; logged a call with Oracle as it’s on maintenance; they advised to connect via the Ethernet connections but getting nothing there at all. Do I need to reboot the Server to get to XSCF? Sun/Oracle say no. I found them very unhelpful; I guess they expect me to have a lot more knowledge than I actually have. Any feedback appreciated.

    • Andrew Lin on September 21, 2011 at 1:41 am

      I strongly feel that you probably have it connected to the wrong port or are using the wrong cable.

      Here is the instructions for the M4000 and M5000. I did not write this, the original content is here, http: // linuxshellaccount.blogspot.com/2008/12/quick-xscf-setup-walk-through-for-sun.html

      Quick XSCF Setup Walk-through For The Sun M4000 Server

      This link will take you to a walk-through of the basic setup of the XSCF controller (Comparable to ALOM on some Sun systems, and the Service Controller on some others) on the new(ish) M4000 servers. Believe it or not, the hardest part was figuring out how to get started, even though I’ve worked on them, replacing system boards before. How embarrassing ;) These few pointers might be helpful to you (and, in the process, expose the possibly entertaining inner workings of a sleep-deprived mind ;)

      1. Rather than a straight Ethernet connection, like on some of Sun’s servers, the M4000 XSCF controller needs to be connected to with a serial cable (they include one with your purchase as a way of saying “Thank You” for spending 10’s of thousands of dollars ;)

      2. The correct port is not identified, typically, as a serial port. For ease of location, it’s the second port (RJ45) in from the right, if you are looking at the server from the back.

      3. Even though the XSCF has power running to it, you actually need to turn on the M4000 in order to do the initial setup through the M4000’s serial connection to the XSCF (This one had me stumped for about a half an hour while I tried different cables and setups in HyperTerminal. There’s just no substitute for reading the manuals that it takes forever to locate online ;) They didn’t come with the physical product this time, so I just assumed a few things that ended up making my day go by much faster :)

      4. For some reason, I couldn’t get these basic manuals without a login to Sunsolve, although they’re probably available on docs.sun.com somewhere. If you need to do any hardware work on M4000 or M5000 servers, I put up two essential guides (in PDF format) on one of my web hosting providers. These are worth their weight in paper ;)

      The M4000/5000 Server Information Guide

      The M4000/5000 Server Service Manual

      Hope you can get some use out of those. My wife is obsessed with painting the kitchen – which is why I’m reasonably sure she won’t ever read this – and I’m stuck with putting the kids to bed, which means an early night for me and more hallucinogenic dreams about Sponge Bob ;)

      To leave you with another quick tip (if you need to install and get the Hell outta there ;), during our initial configuration, we intentionally opted not to set up the DSCP (Domain To Service Processor) protocol during our setup of the XSCF (Extended Control Facility). Once you have the basic networking set up, you can ssh in and set that up later. The DSCP is “important” because it’s the protocol XSCF uses to communicate with your server (i.e. if it’s not running, you can connect to your domain or console, but good luck getting it to manipulate your M4000 ;)

      Hope you’re having a peaceful evening, and that the official Sun XSCF Setup Documentation helps you some :)

      • Dace on September 21, 2011 at 4:38 am

        Andrew,

        Thank you so much for going to the bother of giving me all that information. Much appreciated. I’m not near the Server at the moment but will be working on it again tomorrow. Will let you know how I get on. Hope you have a good evening, also & keep up the good work

  8. Mohammad Salehin Sirajee on January 27, 2011 at 10:17 am

    Thanks Guys

  9. jayh on December 20, 2010 at 9:01 am

    Thanks for the article also. We’ve got an M5000 already in place that we had sun installation as part of the purchase. We went cheaper with a new M4000 so this time I had to do the initial xscf configuration before I could do anything with the box. You step by step was really helpful, much more so than the docs that sun provides. Since we keep our console access on an isolated subnet the only thing I changed was omitting the default router and did the apply and things went smoothly. What did we ever do before google?

    Jay

  10. Bill Yoder on November 30, 2010 at 1:10 pm

    Hi, Andrew:

    This great stuff. Thanks!

    However, alas and alack, somewhere during its Data Center installation, our M3000 server lost its “mode switch” key. Without this key, we are unable to get past the XSCF login: prompt and to configure anything :-(

    Would you know of a way around this missing key problem? We’ve got the Sun Service manual and can remove the operator panel, but doing this seems a bit extreme.

    Thanks in advance,
    Bill

    • Andrew Lin on November 30, 2010 at 2:17 pm

      Hi Bill,

      I always wondered how long it would take for Sun to provide a replacement key. Unfortunately I do not know of a work around beside taking apart the panel and shorting the wires. Makes you wonder why Sun will not replace the key with a switch. The key looks simple enough, it does not have many groves and cuts, it makes me think that a thin bladed screwdriver may be able to turn the lock. This key reminds me of the lock I use to have on my old floppy disk case, it looks the same as the key that would open it. Sometimes I would use a screwdriver to unlock the case.

      Let me know how you make out with this predicament, I’m sure you figured out a solution by now.

      Regards,
      Andrew

      • Bill Yoder on December 10, 2010 at 4:08 pm

        Hi, Andrew:

        My colleague and I were about ready to remove the Operator panel and short-out the contacts to access Service Mode. However, we figured doing so might void our Oracle/Sun warranty, so we decided to give up until we got a replacement key.

        As we headed out of the Data Center, we met an interested IT administrator who asked about our problem. After we laid it out, he took pity and spent the next 30 minutes walking up and down the DC aisles to find a possible replacement. Good luck! He found an M3000 in one of racks with its key still in place.

        Fortunately, as you noted, it’s a simple “one-size-fits-all” key, and it fit our server. Thereafter, we were able to follow your documentation and the Admin Guide to configure both XCSF and Solaris 5.10. So we’re up and happy.

        Thanks again for your helpful advice and support.

        Bill

        • Andrew Lin on December 13, 2010 at 2:07 pm

          Bill,

          I am glad things worked out for you.

          Regards,
          Andrew

  11. Suresh on October 14, 2010 at 8:58 am

    Wounderful My dear Friend, Hats off to ur valuable post

    • Andrew Lin on October 14, 2010 at 12:14 pm

      You are welcome Suresh. This article seems to very popular. I guess most people struggled to figure out how to configure the XSCF console, much like I did. I had a tough time trying to figure things out and the documentation from SUN was not very helpful.

      Andrew Lin

  12. Jeevan on September 29, 2010 at 2:33 am

    Really Good one…

  13. Maurizio on August 25, 2010 at 7:00 am

    It’s a really useful article.

    Thanks a lot!!

    • Andrew Lin on August 25, 2010 at 9:01 am

      Maurizio, you are welcome. This seems to be a popular article, I am getting a lot of positive feedback. I struggled to get the XSCF console working the first time I came across it.

      Andrew

  14. Madhu on August 19, 2010 at 6:41 pm

    Excellent !!!

  15. Jeane Bramasco on August 7, 2010 at 4:02 pm

    Excellent article :)

  16. warez cracks on February 7, 2010 at 1:26 am

    Great information. It’s really useful. Thanks

  17. John M. on February 4, 2010 at 10:31 am

    Was looking over the information you provided. It will come in handy when I sart to configure my M3000. I have a few questions
    1)can the dscp net work set like in the example?
    2) after you did the setnetwork, you do a shownetwork -a. But the IP address are different. they should be the same right?

    • Andrew Lin on February 4, 2010 at 1:28 pm

      1) Yes, you can use the same IP address and steps as I have shown, it is the default IP. If this IP is already in use on your network then use a different IP subnet.
      2) Thanks for pointing out the typo. I have corrected the IP address.

      TIP:
      After the XSCF is configured, to switch to the server console from XSCF, enter the command
      console -d 0
      enter yes to contunue.

      At the server console enter the command boot to startup the OS if it came factory installed with one.

      Good luck, feel free to drop me a line is you are stuck.

  18. kevin on January 28, 2010 at 7:12 am

    brilliant, cheers

    • Andrew Lin on January 28, 2010 at 12:09 pm

      Thank you Kevin, it’s always good to know that someone found my post useful.

  19. mohammed mukram on January 14, 2010 at 11:22 pm

    Thanks for the information..very nice .:-)

    • Andrew Lin on January 15, 2010 at 8:58 am

      You are welcome Mohammed. I am glad someone found my post helpful.

  20. iphonekoenig on January 3, 2010 at 7:00 am

    great blog, happy new year wishes!

  21. königiphone on January 2, 2010 at 8:50 am

    thanks for this – happy holidays :D

  22. Bert ??????? on December 25, 2009 at 9:50 pm

    A very interesting post thanks for writing it!

  23. Edwas on December 23, 2009 at 10:38 am

    Greatings, Thanks for article. Everytime like to read you.

Leave a Reply