"The updates you are trying to apply are not Dell-authorized updates."
After searching around I finally came up with a solution. The firmware updates have the signing certificates checked by iDRAC and the Lifecycle Controller. Dell changed/expired their cert so it is no longer considered valid by the old firmware. To get the new certs to be considered valid the iDRAC and Lifecycle Controller need to be updated, but since they are considered invalid this can't be done from the UEFI GUI. The answer is to update from the iDRAC web GUI.
Quick note: I documented this after updating, so some screenshots and instructions may not be 100% exact, but should be close enough to get through. Also, if you FUBAR your server its on you. This worked for me, but verify that the files mentioned and process shown match your hardware.
On reboot enter the iDrac by hittering CTRL-E when prompted:
Now enable iDrac. Set "iDRAC6 LAN" to "On":
Under "LAN Parameters" scroll down to IPv4 Settings and set IPv4 to "Enabled" and set valid LAN parameters (static would likely be easiest):
Now would also be a good time to set your iDrac credentials to something you know. Set the password in "LAN User Configuration":
Save changes and exit.
The server will start to boot normally. Would be best to halt the boot process here as you'll just have to reboot again soon (Windows - F8, VMWare - CTRL+O, Linux - Arrow keys, etc).
Now you need to wait for the iDrac to start its networking services. This could happen in 30 secs, or maybe a few minutes. I usually just run a continuous ping of the IP I just set it to until I start seeing a response.
Log into the iDRAC web GUI - https://<IP-you-set-the-idrac-to> (root and whatever you set the password to)
Click the "iDRAC Settings" on the left then choose the "Update" tab at the top:
Download this file (Life Cycle Controller Repair): http://downloads.dell.com/FOLDER00502596M/1/BDF_1.5.5_BIN-12.usc
Click on the "Choose File" button and point it at the BDF_1.5.5_BIN-12.usc file. Click "Upload".
The file will be uploaded and after a few minutes it will prompt you if you want to update. Choose Yes. It should quickly come back saying the update has been applied successfully.
Download this file (iDRAC firmware updater): http://downloads.dell.com/FOLDER01270825M/1/iDRAC6_1.95_A00_FW_IMG.exe
This contains a .d6 file you need (firmimg.d6). I just extracted the file from the exe using 7zip.
Navigate back to the update page (I had to navigate to a different page first) and upload the .d6 file.
The file will be uploaded and after a few minutes (could take up to 20) again it will prompt you if you want to update. Choose Yes. Eventually it should come back saying the update has been applied successfully and the iDRAC will now restart.
You now have to wait for the iDRAC to restart. I just run a continuous ping again and wait to see a few timing out - this happens when iDRAC restarts. Once it starts responding it's successfully restarted.
Restart your server and enter the UEFI - "F10 = System Services"
Run your update again and it should now complete successfully (usually takes several reboots). When its done it will drop you at the main UEFI screen. I usually run the update one more time and it should show everything at the current version:
Reboot and disable iDRAC again unless you have appropriate security measures in place to protect it.
I was able to apply the same process to both R610 and R710 servers of the same generation. YMMV.
Credit to the original thread where I found this solution: http://en.community.dell.com/support-forums/servers/f/177/t/19475476.aspx
thank you drew
ReplyDeleteThis was very very helpful thank you drew!
ReplyDelete