Lenovo BIOS settings common to servers
This page contains information about BIOS settings common to Lenovo servers.
Booting and BIOS configuration
Press
F1during start-up to enter the BIOS and firmware setup menus. In the BMC GUI you may also pressQuick Actionsand select the Power ActionBoot Server to System Setup.Press
F10for PXE network boot.Press
F12for a one-time boot menu with all available selections.
Note: The Lenovo UEFI boot goes through PEI and DXE phases before booting the OS.
XClarity Provisioning Manager
Initial BMC login credentials are:
Username: USERID
Password: PASSW0RD (Note the zero!)
Notes:
At the first login the user
USERIDis required to change the password. By default the password must be at least 10 characters long and have some complexity.If using SSH login and you have several SSH authentication key files (
$HOME/.ssh/id_*) they will be tried in turn, and since the BMC accepts a maximum of 5 failed login attempts, SSH logins may fail with the error:Received disconnect from 10.x.x.x port 22:2: Too many authentication failures
Workaround: Specify only one selected key to the SSH command, for example:
ssh -i $HOME/.ssh/id_rsa <BMC_hostname>
Minimal configuration of the BMC of a new server or replaced motherboard
At our site the following minimal settings are required to configure a new server or a replacement motherboard in an existing server.
The BMC setup is accessed via the physical console or BMC web GUI. Login with the above credentials.
Note: These settings were made with XCC/BMC firmware versions dated from the fall of 2025. Older or newer firmwares may behave slightly differently.
BMC user configuration
Go to the BMC Configuration -> User/LDAP menus and modify the login credentials as follows.
Click on Global Settings:
Deselect
Force to change password on first accessDeselect
Complex password requiredSet
Minimum password lengthto8(or according to your site security policies).Change
Minimum password change intervalto0so that you can change the password as needed.
In the User/LDAP menu it is preferable to change the BMC local User name
from the factory default value of USERID to root.
Unfortunately, it is no longer possible to change a BMC user name while that user is logged in!
Therefore a complicated procedure is required for the user name change:
Click on
+ Createto create a new temporary user, say,root3. Enter a password for theroot3user and click Apply. Note: Theroot3user will have anID=3value as shown by the Linux command (if the OS is up and running):ipmitool user list 2
Logout user
USERIDfrom the BMC GUI, and login again as theroot3user.Go to the
User/LDAPmenu and change the original user nameUSERIDintoroot. InUser accessible interfaceuse the pull-down menu to add alsoIPMI over Lan. After this you are requested to enter a new password for the renamedrootuser. Then clickApply.Logout user
root3of the BMC GUI, and login again as therootuser.Recommended for security: In the
User/LDAPmenu delete the temporaryroot3user.
BMC Security
You may change the BMC Configuration->Security settings:
If desired set the
IPMI SEL Log WrappingtoEnabled.
While this is theoretically a security risk, we prefer to store all the latest IPMI SEL Log events even if the Log has become full, so Log wrapping is preferres.
BMC network settings
You may change the BMC Configuration->Network settings:
Change the
Network Interface Port(if available) toDedicated(default may be LOM). Note that the ports’ MAC_address are different for the different Ethernet ports!Select
Obtain Hostname from DHCP. Alternatively, change theHost Namefield to the BMC’s DNS name.In the
Ethernet ConfigurationfieldMethodmenu change the setting toDHCP enabledin stead of the defaultFirst DHCP, then static IPso that the BMC does not fall back to an unreachable private IP-address!Set
IPv6toDisabled.When done press
Apply.
Modify the DNS and DDNS settings:
Change DNS
Preferred address typetoIPv4.Change DDNS to
Disabled.Disable
Use DNS to discover Lenovo XClarity Administrator.Explanation: By default the BMC will periodically search DNS for a SRV_record
_lxca._tcpin your DNS domain. If an LXCA instance is found, the BMC will attempt to announce its presence to the selected address of LXCA instance.Note: Your network may have a DNS configuration which advertises the address of a Lenovo XClarity Administrator (LXCA) instance. Lenovo offers a 90 days trial license for LXCA.
When done press
Apply.
Optional: If your server is actually up and running a Linux OS, you can also use OneCLI to configure BMC network parameters, see the XClarity Essentials OneCLI page.
IPMI over Lan
In Service Enablement and Port Assignment enable the IPMI over LAN.
The web GUI says:
The current security settings require incoming IPMI over LAN connection to use cipher suite ID 17.
If you are using the IPMItool utility (prior to version 1.8.19), you must specify the option “-C 17” to connect to this management controller.
When using the Linux FreeIPMI CLI commands use the -I CIPHER-SUITE-ID option, for example:
ipmipower -I 17 -D LAN_2_0 ....
NOTE: Some BMC brands (HPE, SuperMicro) unfortunately only support the default cipher suite -I 3 and will reject connections with -I 17.
Configuration using the console
While many settings can be performed in the BMC Web GUI, processor and boot UEFI settings must be configured in the system console.
The BMC GUI has a Remote Console menu to open a console in a new browser tab.
Press F1 during start-up to enter the BIOS and firmware setup menus.
In the BMC GUI you may also press Quick Actions and select the Power Action Boot Server to System Setup.
UEFI Setup
In the console go to the menu UEFI Setup:
In
System Settings -> Processorsselect Disable SMT Mode (Symmetric Multithreading) aka Hyperthreading for HPC compute nodes. For general IT loads you may keep the default SMT Mode setting.In
System Settings -> Network -> Network Stack Settingsyou probably want to DisableIPv6 PXE Support.In
System Settings -> Network -> Network Boot Settingsyou have to unconfigure PXE for each individual NIC in the MAC_address submenu that will never be used for network PXE booting:Set
UEFI PXE Modeto Disabled.Set
Legacy PXE Modeto Disabled.
In
Boot Manager -> Change Boot Orderuse + and - to change the boot order items (if desired) to 1) Network, 2) Hard disk. PressCommit Changes and Exit.In
Boot Manager -> Set Boot Priority -> Network Priorityuse + and - to move down the priority of IPv6.When done press
Save Settings.When all configuration is finished press
Exit UEFI Setupand boot the server.