This page looks best with JavaScript enabled

Remote Installation of Server via Serial Port

 ·  🎃 kr0m

In this article, we will install a remote server via a serial port by enabling the BIOS Console Redirection option. This will allow us to see the BIOS boot in ASCII via the serial port, so we can perform remote installations without KVM as long as we have a second device with access to the serial ports of the other servers.

The server in question is a very old IBM system:

IBM System x3250
Type: 4364
Model: 42G

The specifications are as follows:

CPU:
hw.model: Intel(R) Xeon(R) CPU            3040  @ 1.86GHz
hw.machine: amd64
hw.ncpu: 2
RAM:
4Gb DDR2
DISK: 
ATA Hitachi HDS72161 ABCA 150Gb

This model supports IPMI-1.5, which allows us to perform certain tasks remotely. It also supports the installation of a management card: Remote Supervisor Adapter II SlimLine, which provides us with KVM and SOL access, but in my case, I don’t have that hardware.

If we physically see the server, we will notice that it has an RJ45 connector called MGMT, which would be the connector used by the Remote Supervisor Adapter II SlimLine where we would have KVM and SOL.

An advantage of KVM is that we can stream installation ISOs, while with IPMI-1.5 and access to the serial port, we cannot. But we can leave a USB permanently connected to the server, install the OS, dump another image on the USB, and repeat the process.

To access the server via the serial port, we must configure the Remote Console to the serial port from the BIOS:

Devices and I/O ports -> Remote Console Redirection -> Remote Console Serial Port: Serial Port 1
Remote Console Serial Port: Serial Port 1
Baud Rate: 9600
Console Type: VT100 8bit
Flow Control: None
Console Connection: Direct
Continue C.R. after: On

We save and restart, now on the computer with access to the server’s serial port, we can see the boot:

screen /dev/ttyUSB0 9600

*** NOTE: *** Be careful not to leave several screen sessions open against the serial port, as this will cause garbage/random output.

We can access the BIOS parameters:

If we access the serial port redirection configuration, we can see the RSA II option, this option would enable SOL if the Remote Supervisor Adapter II SlimLine module is available.


To enable SOL, we should switch from Serial Port 1 to Serial Port 2 (RSA II):

We enable IPMI, which will work through the server’s first network card, meaning that this interface will also serve as a regular network card as well as IPMI.
It is recommended to have a VLAN for administrative traffic, therefore we have two options:

  • Use the interface only for IPMI, where we must configure the switch port in access mode and the management VLAN as native.
  • Use the interface for both IPMI and regular use, where we must configure the switch port in hybrid mode, the management VLAN as native, and in the OS tag all traffic with the data VLAN.

We proceed with the IPMI configuration:

Advanced Setup -> IPMI -> LAN Settings



If we need to change any parameter of the disk controller, we just need to press Ctrl+c:




The default FreeBSD installer is available both through the VGA output and the serial port output, but it is only the start menu. If we press ENTER, the installation will continue only through the VGA output. To perform the installation through the serial port, we must indicate some parameters:

Press 3: Escape to loader prompt

We indicate the parameters:

set boot_multicons=YES
set boot_serial=YES
set comconsole_speed=9600
set console=comconsole
boot

We will see the FreeBSD installer:

When we finish installing, we must prepare the OS to serve the output through the serial port:

echo ‘boot_multicons="YES"’ » /boot/loader.conf
echo ‘boot_serial="YES"’ » /boot/loader.conf
echo ‘comconsole_port="0x3f8"’ » /boot/loader.conf
echo ‘comconsole_speed="9600"’ » /boot/loader.conf
echo ‘console="comconsole"’ » /boot/loader.conf

If we restart, we will see the boot from the serial port:

We can check with Nmap that IPMI is listening:

nmap -p 623 -sU -P0 10.69.69.69

Starting Nmap 7.92 ( https://nmap.org ) at 2021-09-29 17:43 CEST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for 10.69.69.69
Host is up (0.0044s latency).

PORT    STATE SERVICE
623/udp open  asf-rmcp
MAC Address: 00:1A:64:6D:E6:F9 (IBM

IPMI provides some interesting commands, for which we must access using a username and password, by default: USERID/PASSW0RD

ipmitool -I lan -H 10.69.69.69 -U USERID -P PASSW0RD sensor

Fan 1 Tach       | 7800,000   | RPM        | ok    | na        | 4950,000  | na        | na        | na        | na        
Fan 2 Tach       | 8400,000   | RPM        | ok    | na        | 4950,000  | na        | na        | na        | na        
Fan 3 Tach       | 7950,000   | RPM        | ok    | na        | 4950,000  | na        | na        | na        | na        
Fan 4 Tach       | 7500,000   | RPM        | ok    | na        | 4950,000  | na        | na        | na        | na        
Fan 5 Tach       | 7650,000   | RPM        | ok    | na        | 4950,000  | na        | na        | na        | na        
Sys Pwr Monitor  | 0x0        | discrete   | 0x0080| na        | na        | na        | na        | na        | na        
Watchdog         | 0x0        | discrete   | 0x0080| na        | na        | na        | na        | na        | na        
Planar 1.5V      | 1,540      | Volts      | ok    | na        | 1,350     | na        | na        | 1,810     | na        
Planar 1.8V      | 1,860      | Volts      | ok    | na        | 1,630     | na        | na        | 2,140     | na        
Planar 12V       | 12,070     | Volts      | ok    | na        | 10,579    | na        | na        | 13,348    | na        
Planar 5V        | 5,190      | Volts      | ok    | na        | 4,380     | na        | na        | 5,580     | na        
CPU Status       | 0x0        | discrete   | 0x0080| na        | na        | na        | na        | na        | na        
VRD Status       | 0x0        | discrete   | 0x0080| na        | na        | na        | na        | na        | na        
CPU Vtt          | 1,240      | Volts      | ok    | na        | 1,080     | na        | na        | 1,320     | na        
NMI State        | 0x0        | discrete   | 0x0080| na        | na        | na        | na        | na        | na        
SEL Fullness     | 4,000      | % messages | ok    | na        | na        | na        | 75,000    | 90,000    | 99,000    
Planar 3.3V      | 3,460      | Volts      | ok    | na        | 2,960     | na        | na        | 3,620     | na        
Login violation  | 0x0        | discrete   | 0x0080| na        | na        | na        | na        | na        | na        
Memory PFA       | na         | discrete   | na    | na        | na        | na        | na        | na        | na        
PEF Action       | na         | discrete   | na    | na        | na        | na        | na        | na        | na        
PCI Bus Fault    | na         | discrete   | na    | na        | na        | na        | na        | na        | na        
POST Firmware    | na         | discrete   | na    | na        | na        | na        | na        | na        | na        
Drive 0 Status   | na         | discrete   | na    | na        | na        | na        | na        | na        | na        
Drive 1 Status   | na         | discrete   | na    | na        | na        | na        | na        | na        | na        
Drive 2 Status   | na         | discrete   | na    | na        | na        | na        | na        | na        | na        
Drive 3 Status   | na         | discrete   | na    | na        | na        | na        | na        | na        | na        
RSA II Detect    | 0x0        | discrete   | 0x0080| na        | na        | na        | na        | na        | na        
Ambient Temp     | 32,000     | degrees C  | ok    | na        | na        | na        | 55,000    | na        | 65,000    
CPU Temp         | 25,000     | degrees C  | ok    | na        | na        | na        | 85,000    | na        | 95,000    
CPU VCore        | 1,158      | Volts      | ok    | na        | 0,702     | na        | na        | 1,603     | na        
CPU OverTemp     | na         | discrete   | na    | na        | na        | na        | na        | na        | na    

We can also restart the server:

ipmitool -I lan -H 10.69.69.69 -U USERID -P PASSW0RD power cycle

IPMI supports many commands, we can see the list and its description in the man.

As we see, it seems that IPMI-1.5 supports SOL:

isol	    Configure  and  connect Intel IPMIv1.5 Serial-over-LAN

But I suppose that only if we have the Remote Supervisor Adapter II SlimLine board installed, in my case the command throws the following error:

ipmitool -I lan -H 10.69.69.69 -U USERID -P PASSW0RD isol activate

IPMI v1.5 Serial Over Lan (ISOL) not supported!

From the server itself, we can also access IPMI, we load the kernel module:

kldload ipmi

We make sure that in future OS startups it does so autonomously:

vi /etc/rc.conf

kld_list="ipmi"

As an example, we can check the available users:

ipmitool user list 1

ID  Name	     Callin  Link Auth	IPMI Msg   Channel Priv Limit
1                    true    false      true       USER
2   USERID           true    false      true       ADMINISTRATOR
3                    false   false      false      NO ACCESS
4                    false   false      false      NO ACCESS

IPMI is not a very reliable system, it tends to hang without any reason after a while, so before performing any dangerous task on the server, we must make sure we have access to it, the best way is to restart it:

ipmitool bmc reset cold

Sent cold reset command to MC

I would even venture to recommend a daily restart from Cron.

As a final summary, we have obtained a way to restart the server remotely and see the BIOS/SO output through the serial port, the combination of IPMI/serial port does not reach the level of a KVM but can be useful in certain environments.

If you liked the article, you can treat me to a RedBull here