Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-73-1391761.1
Update Date:2015-01-02
Keywords:
Solution Type  FAB (standard) Sure

Solution  1391761.1 :   FAB: Standard: Reactive: Oracle Key Management System (OKM/KMS) OKM Boot issue on Sun Fire X4170 M2 installations or during a disk replacement.  

Related Items 
    

  • Sun Fire X4170 M2 Server
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>Sun_Other>Sun Collections>SN-OTH: Sun FAB
    •  






In this Document


Symptoms


Changes


Cause


Solution



 Oracle Confidential (PARTNER). Do not distribute to customers.

 Reason: FABs available to Internals and Partners only



Applies to: 

Sun Fire X4170 M2 Server - Version Not Applicable to Not Applicable [Release N/A]
Information  in this document applies to any platform.

__________



SUNBUG: 15752231



__________



542-0410  -  X4170 M2 500GB Disk Drive







Symptoms


Oracle Key Management (OKM) on Sun Fire X4170 M2 may experience Boot issues during the initial OKM Quickstart boot process.

A manufacturing issue has been found on currently shipping Sun Fire X4170 M2 Servers with OKM 2.4 installed.

The issue you may see is when trying to Launch the ILOM redirection,  the screen goes blank and does not display the quickstart console.

Also, when attaching a VGA Monitor and a USB Keyboard and then booting, it may not display the quickstart console.

Impact

This problem will impact new installations of Oracle Key Management 2.3.1, 2.4, 2.4.1 or 2.5 installed and shipped on Sun Fire X4170 M2 Servers, and has also been observed during disk replacements.  It will prevent the field from gaining access to the ILOM console in order to perform the quickstart steps necessary to install/configure the KMA.


Changes


Contributing Factors

Sun Fire X4170 M2 Servers with Oracle Key Manager 2.3.1, 2.4, 2.4.1 or 2.5 installed are potentially impacted although this problem has only been seen with OKM 2.4.


Cause


Root Cause

Systems shipped with down-level ILOM.

In the cases seen to date, even though impacted systems were shipping with OKM 2.4 (build1182) they contained server (ILOM)  firmware 1.2 from OKM 2.3 (ILOM 3.0.9.27 r58107 and BIOS 08.04.01.10) instead of server firmware 1.3 from OKM 2.4 (ILOM 3.0.14.11 r61398 and BIOS 08.06.01.08). 

The /boot/solaris/bootenv.rc file contains an incorrect entry.  The line...

   setprop console 'ttya'

...should be replaced with;

   setprop console 'text'


Solution


To correct this problem in the field follow either of the two procedures below.

I. Procedure if VGA/USB Keyboard is able to get to quickstart screen:

1) Ask the customer to log into the OKM Console (accessed for example via
    a keyboard, mouse, and monitor attached to the rear of the KMA) as a
    Security Officer, enable the technical support account, and enable
    primary administrative privileges.

    Since the need to enable the primary administrator first a quickstart
    must be completed first.

2) An Oracle service engineer then uses ssh to log into the KMA using the
    support account and assumes the padm role. padm passphrase must be
    obtained from KMS/OKM Level 2 support.

    Note: A padm passphrase must be obtained from KMS/OKM Level 2 support
             and can only be given to FE via voice/phone. Customer is not
             allowed to be given the padm passphrase.

3) Login as user support with passphrase created earlier.

4) su - padm
    su -

5) The Oracle service engineer then runs the following commands and
    logs off:

    /usr/sbin/eeprom console=text
    /usr/sbin/eeprom console

    exit

6) Ask the customer to log off of the OKM Console and remove the keyboard,
    mouse, and monitor from the rear of the KMA.



7) Ask the customer to bring up a web browser, log into the ILOM of the KMA,
    and launch the Remote KVM. Does the OKM Console appear?  If not, then
    restart the kma via the ILOM "Graceful Shutdown and Power off" option.
    Then attempt to relaunch the remote console.


8) If the OKM Console properly appears in the remote KVM, ask the customer
     to log into the OKM Console as a Security Officer, disable primary
     administrative privileges, and disable the technical support account.


II. Procedure if VGA Monitor/USB Keyboard also does not display quickstart/console.

The display goes blank and is stuck on a blinking cursor right after the "Checking NVRAM" step
as soon as the "Loading GRUB" message starts. If this is seen follow the CLI procedure below.

If customer agrees to a webex then OKM Level 2 support can perform this procedure.

1) Log into the ILOM CLI. For example:

    ssh root@10.8.183.106

    root default password is changeme

2) Start an interactive session to the console stream.

    start /SYS
    start /SP/console

3) The system console should appear. If the system is still booting up,
    then watch bootup messages. After the system has booted up, look for
    the OKM QuickStart "Welcome" message (or the OKM Console if the KMA
    has already been configured).

4) Have customer quickstart the KMA, and either join exiting cluster or
    config as new cluster and later factory reset after changing the
    eeprom settings.

5) Enable technical support account and primary administrator account.

6) Login via ssh to the KMA Management IP address.

    Note: Padm passphrase must be obtained from KMS/OKM Level 2 support
             and only given to FE via voice/phone. Customer is not allowed 
             to be given the padm passphrase.

If customer agrees to a webex then OKM Level 2 support can peform.

7) The Oracle service engineer then runs the following commands and
    logs off;

    su - padm
    su -

    /usr/sbin/eeprom console=text
    /usr/sbin/eeprom console

    exit



8) Ask the customer to bring up a web browser, log into the ILOM of the
    KMA, and launch the Remote KVM. Does the OKM Console appear?


    If not, then restart the kma via the ILOM "Graceful Shutdown and Power off"
    option.  Then attempt to relaunch the remote console.


9) If the OKM Console properly appears in the remote KVM, ask the customer
    to log into the OKM Console as a Security Officer, disable primary
    administrative privileges, and disable the technical support account.



More information about connecting to the ILOM CLI and invoking ILOM CLI  commands appears in the Oracle ILOM 3.0 Daily Management - CLI Procedures Guide which can be found via the below URL;

  http://docs.oracle.com/cd/E19860-01/index.html

Comments

For any questions about the above procedure please contact KMS/OKM Level 2 support.

References

BugID: 7107379



Contacts

Contributor: stephen.patching@oracle.com, michael.e.ellis@oracle.com
Responsible Engineer: judy.dwyer@oracle.com
Responsible Manager: mike.milillo@oracle.com
Business Unit Group: NWS





Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback