Table Of Contents
General Troubleshooting Solutions
Guidelines for Troubleshooting
Creating a Technical Support File
Creating a Technical Support File in the Cisco UCS Manager CLI
Creating a Technical Support File in the Cisco UCS Manager GUI
Powering Down a Cisco UCS Instance
Verifying LDAP Configurations
Verifying the LDAP Provider Configuration
Verifying the LDAP Provider Group Configuration
General Troubleshooting Solutions
This chapter describes solutions that you can implement when you troubleshoot issues with the Cisco Unified Computing System (Cisco UCS).
This chapter includes the following sections:
•
Guidelines for Troubleshooting
•Creating a Technical Support File
•Powering Down a Cisco UCS Instance
•Verifying LDAP Configurations
Guidelines for Troubleshooting
When you troubleshoot issues with Cisco UCS Manager or a component that it manages, you should follow the guidelines listed in Table 3-1:
Table 3-1 Troubleshooting Guidelines
Guideline
|
Description
|
Check the release notes to see if the issue is a known problem.
|
The release notes are accessible through the Cisco UCS B-Series Servers Documentation Roadmap.
|
Take screenshots of the fault or error message dialog box, the FSM for the component, and other relevant areas.
|
These screenshots provide visual cues about the state of Cisco UCS Manager when the problem occurred. If your computer does not have software to take screenshots, check the documentation for your operating system, as it might include this functionality.
|
Record the steps that you took directly before the issue occurred.
|
If you have access to screen or keystroke recording software, repeat the steps you took and record what occurs in Cisco UCS Manager.
If you do not have access to that type of software, repeat the steps you took and make detailed notes of the steps and what happens in Cisco UCS Manager after each step.
|
Enter the show tech-support command.
|
The information about the current state of the Cisco UCS instance is very helpful to Cisco support and frequently provides the information needed to identify the source of the problem.
|
Creating a Technical Support File
When you encounter an issue that requires troubleshooting or a request for assistance to the Cisco Technical Assistance Center (TAC), collect as much information as possible about the affected Cisco UCS instance. Cisco UCS Manager outputs this information into a technical support file that you can send to Cisco.
You can create a technical support file for the following components of a Cisco UCS instance:
•UCSM—Contains technical support data for the entire Cisco UCS instance.
•Chassis—Contains technical support data for the I/O module or the CIMCs on the blade servers in a given chassis only
•Fabric Extender—Contains technical support data for the given FEX.
•Rack server—Contains technical support data for the given rack-mount server and adapter.
This section includes the following topics:
•Creating a Technical Support File in the Cisco UCS Manager CLI
•Creating a Technical Support File in the Cisco UCS Manager GUI
Creating a Technical Support File in the Cisco UCS Manager CLI
Use the show tech-support command to output information about the Cisco UCS instance that you can send to the Cisco TAC.
| |
Command or Action
|
Purpose
|
Step 1
|
UCS-A# connect local-mgmt {a | b}
Example:
UCS-A# connect local-mgmt a
UCS-A(local-mgmt)#
|
Enters local management mode.
|
Step 2
|
UCS-A(local-mgmt)# show tech-support
{chassis chassis-id {all | cimc slot
[adapter adapter-id] | iom iom-id} | ucsm}
[brief | detail]
Example:
UCS-A(local-mgmt)# show tech-support
chassis 1 all detail
|
Outputs information about the selected objects in a file that you can send to the Cisco TAC.
|
Step 3
|
UCS-A(local-mgmt)# copy
workspace:techsupport/filename.tar {scp |
ftp}: user_name@IP_address
Enter username's password: password
Example:
Fabric-A (local-mgmt) # copy
workspace:techsupport/20100624161130_SAM-FC
S_UCSM.tar scp://whoo@209.165.200.225/
whoo@209.165.200.225's password:
20100624161130_SAM-FCS_UCSM.tar
100% 13MB 13.3MB/s 00:01
UCS-A(local-mgmt)#
|
Copies the output file to an external location through SCP or FTP.
The SCP and FTP commands require an absolute path for the target location. The path to your home directory cannot include special symbols, such as `~'.
|
Creating a Technical Support File in the Cisco UCS Manager GUI
Note In releases earlier than Cisco UCS Manager Release 1.4(1), you can create a technical support file only in the Cisco UCS Manager CLI.
Step 1 In the Navigation pane, click the Admin tab.
Step 2 On the Admin tab, click All.
Step 3 In the Work pane, click Create and Download Tech Support.
The Create and Download a Tech Support File dialog box displays.
Step 4 In the Path field, enter the full path where the technical support file should be saved.
This path must be locally accessible. If you do not know the path, click the Browse button to navigate to it.
Step 5 In the Options area, click one of the following radio buttons:
Radio Button
|
Description
|
ucsm
|
Saves a file that contains technical support data for the entire Cisco UCS Manager instance in the specified directory.
|
chassis
|
Saves a file that contains technical support data for either the CIMCs or I/O modules in a given chassis. When you select this option, the Cisco UCS Manager GUI displays the following fields:
•Chassis ID field—The chassis for which you want technical support data.
•CIMC radio button—Select this option to get CIMC technical support data. To get the data for a single server within the chassis, enter that server's ID in the CIMC ID field. To get the CIMC data for all servers in the chassis, enter all in this field.
•IOM radio button—Select this option to get I/O module technical support data. To get the data for a single I/O module within the chassis, enter that I/O module's ID in the IOM ID field. To get the data for all I/O modules in the chassis, enter all in this field.
|
fabric-extender
|
Saves a file that contains technical support data for a Fabric Extender in the specified directory. When you select this option, Cisco UCS Manager GUI displays the FEX ID field. Enter the unique identifier of the FEX for which you want technical support data.
|
rack-server
|
Saves a file that contains technical support data for a C-Series rack-mount server to the specified directory. When you select this option, the Cisco UCS Manager GUI displays the following fields:
•Rack Server ID field—The unique identifier of the rack server for which you want technical support data.
•Rack Server Adapter ID field—The unique identifier of the adapter for which you want technical support data. To get the data for all adapters in the server, enter all in this field.
|
Step 6 Click OK.
Powering Down a Cisco UCS Instance
You can decommission an entire Cisco UCS instance, for instance as part of a planned power outage.
Step 1 Create a configuration backup, as described in the "Backing Up and Restoring the Configuration" chapter of the Cisco UCS Manager CLI Configuration Guide or Cisco UCS Manager GUI Configuration Guide.
Step 2 Gracefully power down all of the blades or rack servers from their installed operating system. The exact steps vary from OS to OS. See the operating system documentation or the help files for the detailed steps.
Step 3 Unplug the chassis power or the power to the rack servers after all of the servers are powered down (the power LEDs are amber rather than green).
Step 4 Power down each fabric interconnect by unplugging the power cords. First, unplug the secondary fabric interconnect, and then unplug the primary fabric interconnect.
Verifying LDAP Configurations
Note This procedure can be performed only through the Cisco UCS Manager CLI.
The Cisco UCS Manager CLI test commands verify the configuration of the Lightweight Directory Access Protocol (LDAP) provider or the LDAP provider group.
This section includes the following topics:
•Verifying the LDAP Provider Configuration
•Verifying the LDAP Provider Group Configuration
Verifying the LDAP Provider Configuration
Note Enter the test aaa server ldap command to verify the server-specific configuration, irrespective of the global configurations (on the General tab of the LDAP settings). This command uses the values for the base DN, filter, attribute, and timeout that are configured at the LDAP provider level. If the base DN or filter at the provider level is empty, the LDAP search fails.
Enter the test aaa server ldap command to verify the following information if Cisco UCS Manager is able to contact the LDAP provider when the following conditions are met:
•The server responds to the authentication request if the correct username and password is provided.
•The roles and locales defined on the user object in the LDAP are downloaded.
•If the LDAP group authorization is turned on, your LDAP groups are downloaded.
An example of the response is as follows:
bgl-samc-17A-A /security # connect nxos
bgl-samc-17A-A(nxos)# test aaa server ldap 10.193.23.84 kjohn Nbv12345
user has been authenticated
Attributes downloaded from remote server:
CN=g3,CN=Users,DC=ucsm CN=g2,CN=Users,DC=ucsm CN=group-2,CN=groups,DC=ucsm
CN=group-1,CN=groups,DC=ucsm CN=Domain Admins,CN=Users,DC=ucsm
CN=Enterprise Admins,CN=Users,DC=ucsm CN=g1,CN=Users,DC=ucsm
CN=Administrators,CN=Builtin,DC=ucsm
shell:roles="server-security,power"
Verifying the LDAP Provider Group Configuration
Note Enter the test aaa group command to verify the configuration used during the normal login (or domain login). If the values for the base DN, filter, attribute and timeout are not provided at the individual provider level, the command uses the configuration at the global level (on the General tab of the LDAP settings), which means that the mix of global and server specific configurations are used.
Enter the test aaa group command to try each of the providers in sequence until the first one responds. This command provides the following information if Cisco UCS Manager is able to contact the LDAP provider when the following conditions are met:
•The server responds to the authentication request if the correct username and password is provided.
•The roles and locales defined on the user object in the LDAP are downloaded.
•If the LDAP group authorization is turned on; then your LDAP groups are downloaded.
An example of the response is as follows:
bgl-samc-17A-A /security # connect nxos
bgl-samc-17A-A(nxos)# test aaa group grp-ad1 kjohn Nbv12345
user has been authenticated
Attributes downloaded from remote server:
CN=g3,CN=Users,DC=ucsm CN=g2,CN=Users,DC=ucsm CN=group-2,CN=groups,DC=ucsm
CN=group-1,CN=groups,DC=ucsm CN=Domain Admins,CN=Users,DC=ucsm
CN=Enterprise Admins,CN=Users,DC=ucsm CN=g1,CN=Users,DC=ucsm
CN=Administrators,CN=Builtin,DC=ucsm
shell:roles="server-security,power"
