Skip to main content

Activate or unlock the system

Being shipped, encountering tamper events, or receiving lockdown command from Lenovo management software, the server would be in System Lockdown Mode for security. Before operation, the server needs to be activated or unlocked to be able to boot up and go fully functional. Complete the steps in this topic to activate or unlock the system.

If the security LED of the server is blinking, the server is in System Lockdown Mode. Activate or unlock the system for operation. See Front LEDs to locate the security LED.

System Lockdown Mode Control

To distinguish whether the system needs to be activated or unlocked, see System Lockdown Control status on the home page of Lenovo XClarity Controller web interface. System Lockdown Control status would be one of the following:

  • ThinkShield Portal: The system can be activated through ThinkShield Key Vault Portal. See Activate the system to activate the system.

  • XClarity Controller: The system can be unlocked through Lenovo XClarity Controller. See Unlock the system to unlock the system.

Important

  • When System Lockdown Control status is XClarity Controller, if XClarity Controller is reset to defaults, the default credentials can be used to login to XClarity Controller and unlock the system. It is important to use security controls such as an UEFI PAP to prevent unauthorized users from executing an XClarity Controller reset to defaults. For the highest level of security, it is recommended to set System Lockdown Control to ThinkShield Portal.

  • Once the System Lockdown Control status is changed to ThinkShield Portal, it cannot be changed back to XClarity Controller.

  • To set System Lockdown Control to ThinkShield Portal, use Lenovo XClarity Essentials UpdateXpress. See Upgrading lockdown control mode section in Lenovo XClarity Essentials UpdateXpress User Guide for the details.

Activate the system

Complete the following steps to activate the system through ThinkShield Key Vault Portal.

Have a Lenovo ID with proper permission

Before activating a system for the first time, make sure to have a Lenovo ID with proper permission to log in to the ThinkShield Key Vault Portal web interface or ThinkShield mobile app.
Note
The role of Lenovo ID should be Organization Admin, Maintenance User or Edge User to activate the system.

Activation methods

There are different methods to activate the system through ThinkShield Key Vault Portal. Depending on the environment of the server, decide the most suitable way to activate the system.

  • Mobile App activation

    For Mobile App activation method, you will need an Android or iOS based smart phone with cellular data connection.

    1. Connect the power cable to your ThinkEdge SE455 V3.

    2. Download the ThinkShield Edge Mobile Management App from Google Play Store or Apple App Store to your Android or iOS based smart phone (search term: “ThinkShield Edge”).

    3. Log-in to the ThinkShield Edge Mobile Management App using your Organization registered ID.

    4. When App instructs to do so, connect USB cable with USB mobile phone charging cable to the ThinkEdge SE455 V3.

      Note
      When the smart phone prompts for the USB connection purpose, choose data transfer.

    5. Follow the “Activate Device” on-screen instructions to complete secure activation of the system.

    6. When activated successfully, ThinkShield Edge Mobile Management App will provide “Device Activated” screen.

      Note
      For the detailed steps, see ThinkShield Edge Mobile Management Application User Guide in ThinkEdge Security.

  • Portal automatic activation

    Note
    To activate the system through ThinkShield Key Vault Portal web interface for the first time, the system should be claimed by your organization. Machine Type, Serial Number, and Activation Code are required to claim a device. For more information of claiming the device, see ThinkEdge Security.

    1. Connect the power cable to your ThinkEdge SE455 V3.

    2. Connect the XClarity Controller Management Ethernet port to a network that has access to the internet.
      Note
      Outbound TCP port 443 (HTTPS) must be open for activation to occur.

    3. Log in to the ThinkShield Key Vault Portal with your Organization registered ID.

    4. If the server is not claimed by your organization, claim the server. Add the device by clicking the Claim device button in Device Manager. Enter machine type, serial number, and secure activation code in the corresponding fields.

    5. From the Device Manager, select the server you plan to activate and click activate. The status of the server will change to Ready.

    6. Server will be activated within 15 minutes and power on automatically. After successful activation, the status of the server will change to Active on the ThinkShield Key Vault Portal.

    Note
    • If the server activation is not initiated within 2 hours after the power cable plug in, perform a disconnect then re-connect of the power cable to your ThinkEdge SE455 V3.
    • For the detailed steps, see ThinkShield Key Vault Portal Web Application User Guide in ThinkEdge Security.

Unlock the system

Important

  • When System Lockdown Control status is XClarity Controller, if XClarity Controller is reset to defaults, the default credentials can be used to login to XClarity Controller and unlock the system. It is important to use security controls such as an UEFI PAP to prevent unauthorized users from executing an XClarity Controller reset to defaults. For the highest level of security, it is recommended to set System Lockdown Control to ThinkShield Portal. See System Lockdown Mode Control for the details.

Complete the following steps to unlock the system in Lenovo XClarity Controller web interface

Note
To unlock the system, the role of XCC user should be one of the following:
  • Administrator
  • Administrator+

  1. Log in to Lenovo XClarity Controller web interface, and go to BMC Configuration > Security > System Lockdown Mode.

  2. Press Active button, and then press Apply button. When the status of System Lockdown Mode switches to Inactive, the system is unlocked.