for security purposes, the service processor counts the number of attempts to enter passwords. the results of not recognizing a password within this error threshold are different, depending on whether the attempts are being made locally (at the server) or remotely (through a modem). the error threshold is three attempts.
if the error threshold is reached by someone entering passwords at the server, the service processor commands the server to resume the initial program load (ipl). this action is taken based on the assumption that the server is in an adequately secure location with only authorized users having access. such users must still successfully enter a login password to access aix.
if the error threshold is reached by someone entering passwords remotely, the service processor commands the server to power off to prevent potential security attacks on the server by unauthorized remote users. the following table lists what you can access with the privileged-access password and the general-access password.
1 change privileged-access password
set or change the privileged-access password. it provides the user with the capability to access all service processor functions. this password is usually used by the system administrator or root user.
2 change general-access password
set or change the general-access password. it provides limited access to service processor menus, and is usually available to all users who are allowed to power on the server, especially remotely.
the general-access password can only be set or changed after the privileged access password is set.
3 enable/disable console mirroring
console mirroring is disabled in partitioned systems.
console mirroring is supported on serial port 1 (s1) and serial port 2 (s2). when console mirroring is enabled, the service processor sends information to all serial ports. the serial port from which console mirroring is enabled is referred to as the active port. the mirror port is determined when keyboard input is detected from one of the other ports. from this point on, the service processor sends information only to the active port and the mirror port. this capability can be enabled by local or remote users, providing local users with the capability to monitor remote sessions. console mirroring can be enabled for the current session only. for more information, see “console mirroring” on page 59.
4 start talk mode
in a console-mirroring session, it is useful for those who are monitoring the session to be able to communicate with each other. selecting start talk mode activates the keyboards and displays for such communications while console mirroring is established. this is a full duplex link, so message interference is possible. alternating messages between users works best.
5 os surveillance setup menu
this option is disabled in partitioned systems.
this menu can be used to set up operating system (os) surveillance.
os surveillance setup menu
1. surveillance:
currently enabled
2. surveillance time interval:
2 minutes
3. surveillance delay:
2 minutes
98. return to previous menu 0]
– surveillance
can be set to enabled or disabled.
– surveillance time interval
can be set to any number from 2 through 255.
– surveillance delay
can be set to any number from 0 through 255.
refer to “service processor system monitoring - surveillance” on page 56 for more information about surveillance.
1 reset service processor
if this option is selected, entering y causes the service processor to reboot.
2 reprogram flash eprom menu
this option updates the system eproms. after entering y to indicate that you want to continue, you are prompted to enter the update diskettes. follow the instructions on the screen. when the update is complete, the service processor reboots.
all system eproms that can be reprogrammed are updated at the same time and are as follows:
1 system power control network programming
2 service processor programming
3 system firmware programming
4 run-time abstraction services
3 serial port snoop setup menu
this option is disabled in partitioned systems.
this menu can be used to set up serial port snooping, in which the user can configure serial port 1 as a 2catch-all2 reset device.
from the service processor main menu, select option 1, service processor setup menu, then select option 8 (serial port snoop setup menu).
serial port snoop setup menu
1. system reset string:
currently unassigned
2. snoop serial port:
currently unassigned
98. return to previous menu 1]
use the snoop serial port option to select the serial port to snoop.
only serial port 1 is supported.
use the system reset string option to enter the system reset string, which resets the machine when it is detected on the main console on serial port 1.
after serial port snooping is correctly configured, at any point after the system is booted to aix, whenever the reset string is typed on the main console, the system uses the service processor reboot policy to restart.
because pressing enter after the reset string is not required, make sure that the string is not common or trivial. a mixed-case string is recommended.
scan log dump policy
a scan dump is the collection of chip data that the service processor gathers after a system malfunction, such as a checkstop or hang. the scan dump data may contain chip scan rings, chip trace arrays, and scom contents.
the scan dump data are stored in the system control store. the size of the scan dump area is approximately 4 mb.
during the scan log dump, a8xx (in the range a810 to a8ff) displays in the operator panel. the xx characters will change as the scan log dump progresses. if the xx characters do not change after several minutes, the service processor is hung and must be reset.
when the scan log dump is complete, depending on how the reboot policy is set, the system will either:
1 go to the standby state (and the service processor menus will be available), indicated by ok or stby in the operator panel or
2 attempt to reboot.
scan log dump policy menu
1. scan log dump policy:
currently never
2. scan log dump content:
not applicable
98. return to previous menu 0]
option 1 displays the following screen:
select from the following options:
(as needed=1, never=2, always=3, immediate=4)
enter new option: 0]
the scan log dump policy can be set to the following:
1 = as needed
the processor run-time diagnostics record the dump data based on the error type. selecting this option will set the scan log dump policy to 2not applicable2. this is the default value.
2 = never
selecting this option will set the scan log dump policy to 2not applicable2.
3 = always
selecting this option will set the scan log dump policy to 2currently checkstop hardware abbreviated2; this is the default. however, if the dump policy is set to always, the scan log dump content can be changed, by selecting option 2, to either 2abbreviated2 or 2complete2. selecting 2complete2 will result in more data being stored in a larger scan dump, but the scan dump operation will take longer.
4 = immediately
this option can only be used when the system is in the standby state with power on. it is used to dump the system data after a checkstop or machine check occurs when the system firmware is running, or when the operating system is booting or running.
the scan log dump policy can also be set from the tasks menu in the aix service aids.