MPX/SDX Series 9100/16000, GUI LOM access to configuration settings are read-only

MPX/SDX Series 9100/16000, GUI LOM access to configuration settings are read-only

book

Article ID: CTX477557

calendar_today

Updated On:

Description

On a new MPX/SDX 9100/16000 appliance, LOM Access works fine via the CLI shell; however, while LOM Access and login via GUI are functional, the settings menu is disabled (grayed out), preventing any changes from being made.

It behaves as if there is read-only access even when logged in as the admin user (nsroot).Screenshot 2024-04-17 at 4.21.19 PM.png 

Resolution

Steps for SDX appliances:

To enable write access for SDX 9100/16000, run the following command in the XS/Dom0 shell:
 

1. Login to the XenServer IP using the root account and the password for nsroot and then execute the below command,

/usr/sbin/sdx_bmc_unlock.sh


Steps for MPX appliances:

To enable write access for MPX 9100/16000, run the following command in the shell:

1. To check the system lockdown status

root@ns# ipmicfg133.bsd -lockdown
System Lockdown Mode: Locked        

2. To unlock the managed system

root@ns# ipmicfg133.bsd -lockdown off         
Done.

 3. To confirm the system lockdown status is unlocked

root@ns# ipmicfg133.bsd -lockdown            
System Lockdown Mode: Unlocked


System lockdown is a new security feature that Citrix purposely designed and implemented for NetScaler MPX/SDX 9100/16000 in X12 ADC generation that prevents unintentional system configuration changes while the system is running.

When the system lockdown is activated, all changes to the system configuration, including firmware updates for BMC and BIOS, will be prevented and displayed as read-only. Other LOM features such as network configuration, user configuration, FRU, and SSL will also display as read-only for out-of-band access. As a result, some features in the LOM GUI will appear grayed out and read-only when the system is under lockdown mode.
 
The following scenarios will activate system lockdown by default in 9100/16000 HW generation:
 

  1. From BMC 2.12.12 and later OEM LOM binary release for 9100/16000, system lockdown is enabled by default.
  2. After rebooting BMC via "ipmitool mc reset cold", system lockdown is enabled by default.
  3. After resetting BMC firmware to factory settings either via using LOM's GUI settings or using raw commands such as "ipmitool raw 0x30 0x48 0x0" or "ipmitool raw 0x30 0x42", system lockdown will be enabled by default.
  4. If the system is under unlocked or locked mode & powered on, later power off the appliance by removing its AC power and then reapplying the AC power to the appliance, the system will turn on in “lockdown mode” by default.
  5. When a new user uploads an SSL LOM certificate via LOM web UI, the system lockdown will turn on or activate by default.

Problem Cause

For new MPX/SDX models 9100 / 16000, LOM is locked for external out-of-band access by default on power reset.

Issue/Introduction

MPX / SDX series 9100 / 16000 LOM GUI settings are read-only.

Additional Information

https://support.citrix.com/s/article/CTX495802-how-to-connect-to-xenserverdom0-and-svm-on-a-sdx

Powered by Wolken Software