Lenovo BIOS settings common to servers 

This page contains information about BIOS settings common to Lenovo servers.

Booting and BIOS configuration 

Press F1 during start-up to enter the BIOS and firmware setup menus. In the BMC GUI you may also press Quick Actions and select the Power Action Boot Server to System Setup.
Press F10 for PXE network boot.
Press F12 for a one-time boot menu with all available selections.

Note: The Lenovo UEFI boot goes through PEI and DXE phases before booting the OS.

XClarity Provisioning Manager 

Initial BMC login credentials are:

Username: USERID
Password: PASSW0RD   (Note the zero!)

Notes:

At the first login the user USERID is required to change the password. By default the password must be at least 10 characters long and have some complexity.
If using SSH login and you have several SSH authentication key files ($HOME/.ssh/id_*) they will be tried in turn, and since the BMC accepts a maximum of 5 failed login attempts, SSH logins may fail with the error:
```
Received disconnect from 10.x.x.x port 22:2: Too many authentication failures
```
Workaround: Specify only one selected key to the SSH command, for example:
```
ssh -i $HOME/.ssh/id_rsa <BMC_hostname>
```

Minimal configuration of the BMC of a new server or replaced motherboard 

At our site the following minimal settings are required to configure a new server or a replacement motherboard in an existing server.

The BMC setup is accessed via the physical console or BMC web GUI. Login with the above credentials.

Note: These settings were made with XCC/BMC firmware versions dated from the fall of 2025. Older or newer firmwares may behave slightly differently.

BMC user configuration 

Go to the BMC Configuration -> User/LDAP menus and modify the login credentials as follows.

Click on Global Settings:

Deselect Force to change password on first access
Deselect Complex password required
Set Minimum password length to 8 (or according to your site security policies).
Change Minimum password change interval to 0 so that you can change the password as needed.

In the User/LDAP menu it is preferable to change the BMC local User name from the factory default value of USERID to root. Unfortunately, it is no longer possible to change a BMC user name while that user is logged in!

Therefore a complicated procedure is required for the user name change:

Click on + Create to create a new temporary user, say, root3. Enter a password for the root3 user and click Apply. Note: The root3 user will have an ID=3 value as shown by the Linux command (if the OS is up and running):
```
ipmitool user list 2
```
Logout user USERID from the BMC GUI, and login again as the root3 user.
Go to the User/LDAP menu and change the original user name USERID into root. In User accessible interface use the pull-down menu to add also IPMI over Lan. After this you are requested to enter a new password for the renamed root user. Then click Apply.
Logout user root3 of the BMC GUI, and login again as the root user.
Recommended for security: In the User/LDAP menu delete the temporary root3 user.

BMC Security 

You may change the BMC Configuration->Security settings:

If desired set the IPMI SEL Log Wrapping to Enabled.

While this is theoretically a security risk, we prefer to store all the latest IPMI SEL Log events even if the Log has become full, so Log wrapping is preferres.

BMC network settings 

You may change the BMC Configuration->Network settings:

Change the Network Interface Port (if available) to Dedicated (default may be LOM). Note that the ports’ MAC_address are different for the different Ethernet ports!
Select Obtain Hostname from DHCP. Alternatively, change the Host Name field to the BMC’s DNS name.
In the Ethernet Configuration field Method menu change the setting to DHCP enabled in stead of the default First DHCP, then static IP so that the BMC does not fall back to an unreachable private IP-address!
Set IPv6 to Disabled.
When done press Apply.

Modify the DNS and DDNS settings:

Change DNS Preferred address type to IPv4.
Change DDNS to Disabled.
Disable Use DNS to discover Lenovo XClarity Administrator.

Explanation: By default the BMC will periodically search DNS for a SRV_record _lxca._tcp in your DNS domain. If an LXCA instance is found, the BMC will attempt to announce its presence to the selected address of LXCA instance.

Note: Your network may have a DNS configuration which advertises the address of a Lenovo XClarity Administrator (LXCA) instance. Lenovo offers a 90 days trial license for LXCA.
When done press Apply.

Optional: If your server is actually up and running a Linux OS, you can also use OneCLI to configure BMC network parameters, see the XClarity Essentials OneCLI page.

IPMI over Lan 

In Service Enablement and Port Assignment enable the IPMI over LAN. The web GUI says:

The current security settings require incoming IPMI over LAN connection to use cipher suite ID 17.
If you are using the IPMItool utility (prior to version 1.8.19), you must specify the option “-C 17” to connect to this management controller.

When using the Linux FreeIPMI CLI commands use the -I CIPHER-SUITE-ID option, for example:

ipmipower -I 17 -D LAN_2_0 ....

NOTE: Some BMC brands (HPE, SuperMicro) unfortunately only support the default cipher suite -I 3 and will reject connections with -I 17.

Configuration using the console 

While many settings can be performed in the BMC Web GUI, processor and boot UEFI settings must be configured in the system console.

The BMC GUI has a Remote Console menu to open a console in a new browser tab. Press F1 during start-up to enter the BIOS and firmware setup menus. In the BMC GUI you may also press Quick Actions and select the Power Action Boot Server to System Setup.

UEFI Setup 

In the console go to the menu UEFI Setup:

In System Settings -> Processors select Disable SMT Mode (Symmetric Multithreading) aka Hyperthreading for HPC compute nodes. For general IT loads you may keep the default SMT Mode setting.
In System Settings -> Network -> Network Stack Settings you probably want to Disable IPv6 PXE Support.
In System Settings -> Network -> Network Boot Settings you have to unconfigure PXE for each individual NIC in the MAC_address submenu that will never be used for network PXE booting:
- Set UEFI PXE Mode to Disabled.
- Set Legacy PXE Mode to Disabled.
In Boot Manager -> Change Boot Order use + and - to change the boot order items (if desired) to 1) Network, 2) Hard disk. Press Commit Changes and Exit.
In Boot Manager -> Set Boot Priority -> Network Priority use + and - to move down the priority of IPv6.
When done press Save Settings.
When all configuration is finished press Exit UEFI Setup and boot the server.