Adam Strickfaden

Author: root

  • Changing Controller Mode on DELL RAID Controllers

    Many DELL RAID controllers like the H730 can operate in RAID or HBA mode. To change from one mode to the other it’s necessary to alter the advanced controller settings.

    To start, F2 into the BIOS and click device settings:

    Under devices select your controller. In this case I have an H730 mini installed:

    From here select controller management:

    Scroll down until you see Advanced Controller Management and hit Enter:

    Lastly select your preferred mode. If you’re in RAID mode you will see the option to switch to HBA mode. If you’re in HBA mode you’ll see the option to switch to RAID mode.,

  • Invalid file signature errors on HP G10 servers

    Invalid file signature errors on HP G10 servers

    When attempting to update individual components like the BIOS, you may receive the following error:

    The file signature is invalid. Make sure you are using a valid, signed flash file and try again.

    In my case the iLO 5 firmware was at version 1.46. You can’t easily jump from such an old version to the latest version. Old versions of iLO cannot verify the signatures of the newer BIOS/firmware packages. The solution is to simply stair step the iLO firmware to the latest release and then all the other packages should easily install.

    You also cannot jump from iLO version 1.46 all the way, to let’s say, version 3.18 at the time of this writing.

    I found the following upgrade path works.

    1.46 —> 2.14 —-> 2.35 —–>3.18

    You might also try the following but it fails for me sometimes depending on the server:

    1.46 —>2.35—->3.18 etc.

    Certain version of iLO introduced capabilities to handle larger file sizes. Perhaps some servers have smaller BIOS packages hence the success of this upgrade path for some and the failure for others.

    Once the iLO is fully updated it processes the BIOS upload correctly:

  • iDRAC 9 fails to update firmware at versions 3.21 and below

    iDRAC 9 fails to update firmware at versions 3.21 and below

    If you’re attempting to use DELL’s online updater to update the iDRAC firmware you might notice it fails. This is especially common with iDRAC firmware at 3.21 and earlier.

    The main symptom is of course the failed job in the job queue after using the online or local updater:

    The solution is to perform a manual local update to version 3.30. From 3.30 you can then upgrade to the latest version.

    3.30.30.30 is the last “bridge” release in the original iDRAC9 3.x train. Dell changed the firmware architecture and update prerequisites in later major versions, so systems on 3.21.x are too old to jump directly to current releases.

    Dell doesn’t always state this as “you must install 3.30 first” in every release note, but in practice and in Dell-supported upgrade paths, the progression is:

    3.21.x → 3.30.x → 4.x → 5.x → 6.x → 7.x

    Trying to skip the bridge versions can result in failed updates, Lifecycle Controller incompatibilities, or an iDRAC that needs recovery. Community members and Dell admins consistently report having to step through the major-version boundaries rather than jumping from 3.21 directly to 6.x or 7.x.

    Why 3.30 specifically?

    • It contains major changes to iDRAC and Lifecycle Controller that later releases expect to already be present.
    • Dell’s later upgrade chains are built assuming the system has crossed the 3.30 baseline first.
    • Dell’s own notes contain special handling and migration behavior that first appears at 3.30, including inventory format changes and other internal data structure updates.

    A common successful upgrade path reported for servers starting on 3.21.26.22 is:

    1. 3.21.26.22
    2. 3.30.30.30
    3. 5.10.50.00
    4. 6.00.02.00
    5. Current release

    with BIOS updates performed along the way as required.

  • A configuration change was requested to clear this computers TPM (DELL R640)

    A configuration change was requested to clear this computers TPM (DELL R640)

    The TPM chip in your server typically contains encryption/security related data.. If a request to clear the chip was made you will see the following error.

    “A configuration change was requested to clear this computers TPM (Trusted Platform Module.)

    It then warns you that clearing the TPM will erase all encryption keys stored on the chip.

    You can choose to clear the TPM or reject the change. Your choice depends entirely on your setup.

    Before clearing the TPM, determine whether the server uses:

    • BitLocker (if running Windows)
    • LUKS or other disk encryption (if running Linux)
    • Virtualization security features that store secrets in the TPM

    If the server is not using TPM-backed encryption or security keys, selecting Yes to clear the TPM is generally safe.

    If the server is using BitLocker or other TPM-based encryption, make sure you have the recovery keys before clearing it. Otherwise, the operating system may require recovery information at the next boot.

    A few questions:

    1. What operating system is installed (Windows Server, VMware ESXi, Linux, etc.)?
    2. Did this prompt appear after a BIOS/iDRAC/firmware update?
    3. Is this a production server or a lab/test machine?

    That will help determine whether clearing the TPM is appropriate.

    Other common items stored in a TPM include:

    • Disk encryption keys (or key protectors), such as those used by BitLocker.
    • Platform integrity measurements, which help verify that the server booted with trusted firmware and software.
    • Machine certificates and private keys used for authentication, VPNs, or secure communications.
    • Secure Boot and attestation data used to prove the system’s identity and integrity.
    • Virtualization and security feature secrets, such as credentials used by virtualization-based security features.
    • User authentication material, such as Windows Hello-related keys on desktop systems.

    On a server like a Dell PowerEdge R640, the most important concern is usually whether:

    1. The operating system drive is encrypted and uses the TPM.
    2. Applications or management tools store certificates or cryptographic keys in the TPM.

    What happens if you clear it?

    Clearing the TPM:

    • Deletes the TPM’s stored keys and secrets.
    • Does not erase disks or operating system files.
    • Does not delete application data.
    • May require recovery keys or re-enrollment of security features that depended on those TPM keys.

    If this is a server recently purchased and you have no encrypted data on the machine it is generally OKAY to clear the TPM.

  • A PCIe link training failure is observed in Embedded Network Device

    A PCIe link training failure is observed in Embedded Network Device

    I observed the following error on a server I was troubleshooting. “A PCIe link training failure is observed in Embedded Network Device and the link is disabled.”

    I love errors like this because it’s telling you in no uncertain terms what hardware device is causing the problem. In this case, the NDC or network daughter card.

    Drilling into BIOS—>Devices I can see the problem. This is a 4 port card but only 2 ports are showing up.

    Best case scenario is you reseat the card and the problem goes away. That’s not the case for me so my next course of action is to simply replace the card and if that doesn’t work, begin reseating the processors and inspecting the pins for damage. Because PCIe errors are related to the CPU don’t rule out problems with CPUs or the pins themselves on the motherboard.

    Luckily, I just needed to replace the card. All ports are now good to go and the PCIe errors are resolved.