Blog

If you’re attempting to use DELL’s online updater to update the iDRAC firmware you might notice it fails. This is especially common with iDRAC firmware at 3.21 and earlier.

The main symptom is of course the failed job in the job queue after using the online or local updater:

The solution is to perform a manual local update to version 3.30. From 3.30 you can then upgrade to the latest version.

3.30.30.30 is the last “bridge” release in the original iDRAC9 3.x train. Dell changed the firmware architecture and update prerequisites in later major versions, so systems on 3.21.x are too old to jump directly to current releases.

Dell doesn’t always state this as “you must install 3.30 first” in every release note, but in practice and in Dell-supported upgrade paths, the progression is:

3.21.x → 3.30.x → 4.x → 5.x → 6.x → 7.x

Trying to skip the bridge versions can result in failed updates, Lifecycle Controller incompatibilities, or an iDRAC that needs recovery. Community members and Dell admins consistently report having to step through the major-version boundaries rather than jumping from 3.21 directly to 6.x or 7.x.

Why 3.30 specifically?

• It contains major changes to iDRAC and Lifecycle Controller that later releases expect to already be present.
• Dell’s later upgrade chains are built assuming the system has crossed the 3.30 baseline first.
• Dell’s own notes contain special handling and migration behavior that first appears at 3.30, including inventory format changes and other internal data structure updates.

A common successful upgrade path reported for servers starting on 3.21.26.22 is:

1. 3.21.26.22
2. 3.30.30.30
3. 5.10.50.00
4. 6.00.02.00
5. Current release

with BIOS updates performed along the way as required.

The TPM chip in your server typically contains encryption/security related data.. If a request to clear the chip was made you will see the following error.

“A configuration change was requested to clear this computers TPM (Trusted Platform Module.)

It then warns you that clearing the TPM will erase all encryption keys stored on the chip.

You can choose to clear the TPM or reject the change. Your choice depends entirely on your setup.

Before clearing the TPM, determine whether the server uses:

• BitLocker (if running Windows)
• LUKS or other disk encryption (if running Linux)
• Virtualization security features that store secrets in the TPM

If the server is not using TPM-backed encryption or security keys, selecting Yes to clear the TPM is generally safe.

If the server is using BitLocker or other TPM-based encryption, make sure you have the recovery keys before clearing it. Otherwise, the operating system may require recovery information at the next boot.

A few questions:

1. What operating system is installed (Windows Server, VMware ESXi, Linux, etc.)?
2. Did this prompt appear after a BIOS/iDRAC/firmware update?
3. Is this a production server or a lab/test machine?

That will help determine whether clearing the TPM is appropriate.

Other common items stored in a TPM include:

• Disk encryption keys (or key protectors), such as those used by BitLocker.
• Platform integrity measurements, which help verify that the server booted with trusted firmware and software.
• Machine certificates and private keys used for authentication, VPNs, or secure communications.
• Secure Boot and attestation data used to prove the system’s identity and integrity.
• Virtualization and security feature secrets, such as credentials used by virtualization-based security features.
• User authentication material, such as Windows Hello-related keys on desktop systems.

On a server like a Dell PowerEdge R640, the most important concern is usually whether:

1. The operating system drive is encrypted and uses the TPM.
2. Applications or management tools store certificates or cryptographic keys in the TPM.

What happens if you clear it?

Clearing the TPM:

• Deletes the TPM’s stored keys and secrets.
• Does not erase disks or operating system files.
• Does not delete application data.
• May require recovery keys or re-enrollment of security features that depended on those TPM keys.

If this is a server recently purchased and you have no encrypted data on the machine it is generally OKAY to clear the TPM.

I observed the following error on a server I was troubleshooting. “A PCIe link training failure is observed in Embedded Network Device and the link is disabled.”

I love errors like this because it’s telling you in no uncertain terms what hardware device is causing the problem. In this case, the NDC or network daughter card.

Drilling into BIOS—>Devices I can see the problem. This is a 4 port card but only 2 ports are showing up.

Best case scenario is you reseat the card and the problem goes away. That’s not the case for me so my next course of action is to simply replace the card and if that doesn’t work, begin reseating the processors and inspecting the pins for damage. Because PCIe errors are related to the CPU don’t rule out problems with CPUs or the pins themselves on the motherboard.

Luckily, I just needed to replace the card. All ports are now good to go and the PCIe errors are resolved.

You may buy or receive a server that has branding (sometimes ugly branding.) You can rebrand using the DELL OEM Identity module. This will reset the branding back to DELL factory faults.

The following guide can be used to rebrand most DELL servers across different generations. FIrst, download the appropriate Identity module. In the case of the R730xd we want to download this one.

The download will come in an EXE format. What you need to do is extract the EXE with a utility like 7zip to reveal the .PM file. I already have many of them downloaded and renamed but the filename will be something along the lines of 2P6YJ_R730xdDBE_CustBSU_1_00.pm.

Upload this file directly in iDRAC:

Reboot the server and you’ll see the rebranding process come to life:

Once completed the system will reboot itself, revealing the original DELL branding:

And that’s all there is to it!

Perhaps you have an old dusty HP DL-360 G9 laying around with a few spare parts. Maybe everything but a RAID controller. Not to fear, in the absence of an actual hardware RAID controller you can enable the integrated B140i software controller in the BIOS.

Steps:

First F9 into the BIOS and select System Options:

Next enter into SATA controller options:

Enter into Embedded SATA Configuration and Enable Dynamic Smart Array Support.

After reboot you’ll see the controller is now active:

Keep in mind this is a SATA controller. SAS/NVME will not be recognized. Instead of plugging the Mini SAS cables into a controller you will plug them straight into the motherboard.