I recently bought an older 1u Supermicro server with the intent of turning it into a pfSense firewall. This will be written about in the future once I have done more than simply install pfSense and log into the web gui for the first time.

Supermicro motherboards, like most server grade motherboards, have a built in BMC (baseboard management controller).

Also known as OOBM (out-of-band management) or LOM (lights-out management) this is a generally controlled by a seperate chip on the motherboard that is used for managing the server.

Supermicro call their solution SIM (Supermicro Intelligent Management)”, Hewlett Packard Enterprise: iLo (Integrated Lights Out) and Dell: iDrac (integrated Dell Remote Access Controller).

I have previously mentioned HP iLo which comes built into the Gen8 HP Microservers as standard.

Generally speaking, the BMC in a server is operational and accessible, usually via a web interface, whether the server is turned on or not. It can be used in the event that a server or device needs to be powered on or rebooted from a bad state remotely with no physical access.

In addition to power management, another common feature is a form of remote KVM which allows for the screen on the device to be viewed and controlled remotely. This can be used no matter the state the server is in, allowing for anything from remote BIOS or RAID controller configuration to viewing BSODs and Kernel Panics.

Most implementations can also connect an ISO image to the remote server as if it were a physical disk drive, very useful for remote installations or recoveries.

The first thing I generally do with a new server is to configure it’s BMC. I can then put the server in place and do all of the firmware updates, configuration and testing from the comfort of my desk.

The Problem

Supermicro offer a feature with their out of band management where the port used for accessing the SIM can be changed.

The options are as follows:

  • Dedicated: Use the dedicated OOBM port.
  • Shared: Share the first LAN interface with the server operating system. (Acting as a virtual switch)
  • Failover: Use the dedicated OOBM port if connected, otherwise use the first LAN interface.

On the majority of the servers I have worked with there has been a dedicated OOBM port on the device. However, on this particular motherboard there is no such port and so the only option is to share LAN1.

Not having realised this I logged into the web interface and during configuration, changed the OOBM port from the default of Failover to Dedicated.

This resulted in the instant loss of connectivity with the SIM.

OK, no problem. I rebooted into the BIOS and brought up the IPMI configuration but unfortunately found no way to change the port setting there. After some frantic googling I found many reports that simply removing power from the server temporarily should clear the port setting. However this did not work for me either.

The Solution

After some further reading I found a solution on serverfault using ipmitool under Linux

I booted the server from a linux live disk, installed the ipmitool package and issued the following commands to load the relevant kernel modules:

root@livecd:~$ modprobe ipmi_msghandler
root@livecd:~$ modprobe ipmi_devintf
root@livecd:~$ modprobe ipmi_si

Unfortunately the port setting is not standard to the IPMI specification and so raw values must be used in the form of hex.

These are documented by Supermicro HERE.

The possible values are as follows:

  • Dedicated: 0x30 0x70 0x0c 1 0
  • Shared: 0x30 0x70 0x0c 1 1
  • Failover: 0x30 0x70 0x0c 1 2

I was able to display the current setting with the following command:

root@livecd:~$ ipmitool raw 0x30 0x70 0x0c 0

This output 0 0 meaning dedicated.

It was then possible to set the BMC back to shared mode as follows:

root@livecd:~$ ipmitool raw 0x30 0x70 0x0c 1 0

I was then instantly able to connect back to the SIM and resume working on the server.