Lenovo BIOS settings common to servers
This page contains information about BIOS settings common to Lenovo servers.
Booting and BIOS configuration
Press
F1
during start-up to enter the BIOS and firmware setup menus. In the BMC GUI you may also pressQuick Actions
and select the Power ActionBoot Server to System Setup
.Press
F10
for PXE network boot.Press
F12
for a one-time boot menu with all available selections.
Note: The Lenovo UEFI boot goes through PEI and DXE phases before booting the OS.
XClarity Provisioning Manager
Initial BMC login credentials are:
Username: USERID
Password: PASSW0RD (Note the zero!)
Notes:
At the first login the user
USERID
is required to change the password. By default the password must be at least 10 characters long and have some complexity.If using SSH login and you have several SSH authentication key files (
$HOME/.ssh/id_*
) they will be tried in turn, and since the BMC accepts a maximum of 5 failed login attempts, SSH logins may fail with the error:Received disconnect from 10.x.x.x port 22:2: Too many authentication failures
Workaround: Specify only one selected key to the SSH command, for example:
ssh -i $HOME/.ssh/id_rsa <BMC_hostname>
Minimal configuration of the BMC of a new server or replaced motherboard
At our site the following minimal settings are required to configure a new server or a replacement motherboard in an existing server.
The BMC setup is accessed via the physical console or BMC web GUI. Login with the above credentials.
Note: These settings were made with XCC/BMC firmware versions dated from the fall of 2025. Older or newer firmwares may behave slightly differently.
BMC user configuration
Go to the BMC Configuration -> User/LDAP
menus and modify the login credentials as follows.
Click on Global Settings
:
Deselect
Force to change password on first access
Deselect
Complex password required
Set
Minimum password length
to8
(or according to your site security policies).Change
Minimum password change interval
to0
so that you can change the password as needed.
In the User/LDAP
menu it is preferable to change the BMC local User name
from the factory default value of USERID
to root
.
Unfortunately, it is no longer possible to change a BMC user name while that user is logged in!
Therefore a complicated procedure is required for the user name change:
Click on
+ Create
to create a new temporary user, say,root3
. Enter a password for theroot3
user and click Apply. Note: Theroot3
user will have anID=3
value as shown by the Linux command (if the OS is up and running):ipmitool user list 2
Logout user
USERID
from the BMC GUI, and login again as theroot3
user.Go to the
User/LDAP
menu and change the original user nameUSERID
intoroot
. InUser accessible interface
use the pull-down menu to add alsoIPMI over Lan
. After this you are requested to enter a new password for the renamedroot
user. Then clickApply
.Logout user
root3
of the BMC GUI, and login again as theroot
user.Recommended for security: In the
User/LDAP
menu delete the temporaryroot3
user.
BMC Security
You may change the BMC Configuration->Security
settings:
If desired set the
IPMI SEL Log Wrapping
toEnabled
.
BMC network settings
You may change the BMC Configuration->Network
settings:
Change the
Network Interface Port
(if available) toDedicated
(default may be LOM). Note that the ports’ MAC_address are different for the different Ethernet ports!Select
Obtain Hostname from DHCP
. Alternatively, change theHost Name
field to the BMC’s DNS name.In the
Ethernet Configuration
fieldMethod
menu change the setting toDHCP enabled
in stead of the defaultFirst DHCP, then static IP
so that the BMC does not fall back to an unreachable private IP-address!Set
IPv6
toDisabled
.When done press
Apply
.
Modify the DNS and DDNS
settings:
Change DNS
Preferred address type
toIPv4
.Change DDNS to
Disabled
.Disable
Use DNS to discover Lenovo XClarity Administrator
.Explanation: By default the BMC will periodically search DNS for a SRV_record
_lxca._tcp
in your DNS domain. If an LXCA instance is found, the BMC will attempt to announce its presence to the selected address of LXCA instance.Note: Your network may have a DNS configuration which advertises the address of a Lenovo XClarity Administrator (LXCA) instance. Lenovo offers a 90 days trial license for LXCA.
When done press
Apply
.
Optional: If your server is actually up and running a Linux OS, you can also use OneCLI to configure BMC network parameters, see the XClarity Essentials OneCLI page.
IPMI over Lan
In Service Enablement and Port Assignment
enable the IPMI over LAN
.
The web GUI says:
The current security settings require incoming IPMI over LAN connection to use cipher suite ID 17.
If you are using the IPMItool utility (prior to version 1.8.19), you must specify the option “-C 17” to connect to this management controller.
When using the Linux FreeIPMI CLI commands use the -I CIPHER-SUITE-ID option, for example:
ipmipower -I 17 -D LAN_2_0 ....
NOTE: Some BMC brands (HPE, SuperMicro) unfortunately only support the default cipher suite -I 3
and will reject connections with -I 17
.
Configuration using the console
The BMC GUI has a Remote Console
menu to open a console in a new browser tab.
Press F1
during start-up to enter the BIOS and firmware setup menus.
In the BMC GUI you may also press Quick Actions
and select the Power Action Boot Server to System Setup
.
UEFI Setup
In the console go to the menu UEFI Setup
:
In
System Settings -> Processors
select Disable SMT Mode (Symmetric Multithreading) aka Hyperthreading for HPC compute nodes. For general IT loads you may keep the default SMT Mode setting.In
System Settings -> Network -> Network Stack Settings
you probably want to DisableIPv6 PXE Support
.In
System Settings -> Network -> Network Boot Settings
you have to unconfigure PXE for each individual NIC in the MAC_address submenu that will never be used for network PXE booting:Set
UEFI PXE Mode
to Disabled.Set
Legacy PXE Mode
to Disabled.
In
Boot Manager -> Change Boot Order
use + and - to change the boot order items (if desired) to 1) Network, 2) Hard disk. PressCommit Changes and Exit
.In
Boot Manager -> Set Boot Priority -> Network Priority
use + and - to move down the priority of IPv6.When done press
Save Settings
.When all configuration is finished press
Exit UEFI Setup
and boot the server.