We have Secure Boot enabled in our environment as a standard, but we also have some PowerEdge M630s with Intel X520 Mezz cards installed whose firmware is old enough not to have a signed boot ROM, which means that every single time those servers reboot, they halt on a Secure Boot warning about the NIC's untrusted firmware. The fix is of course to update the firmware, but even the latest updates available on support.dell.com for the X520 and X710, both released in the last 1-2 weeks, do not run on Windows Server 2016 -- even though they're listed in the Drivers and Downloads page after I select Server 2016 as my OS. The updates instead immediately fail with an "Inventory Collection Failed" error, and when I extract the update contained in the Dell package to run the underlying file directly and dig through the logs it generates, the root error mentions an unrecognized OS. In our particular environment it isn't feasible to temporarily move these NICs into servers running an older OS in order to complete the update, nor will these firmware updates run from WinPE or even directly on the Lifecycle Controller. Disabling Secure Boot also isn't a viable option, especially with no ETA on when the underlying problem will be resolved.
I'm not sure if this is a Dell issue or an Intel issue, but Windows Server 2016 has been out for a year now, and in fact Microsoft just announced the NEXT release called Windows Server 2016 Version 1709, which will be coming out this month or next, so there is absolutely no excuse for major OEMs like Dell and/or Intel to not fully support 2016 by now.
I just tested the X710 firmware and it works on Windows Server 2016. If it will not run the update on your system then it is likely a permission issue. It could also be that you are not running the update from the host OS, you can't update firmware from a virtual machine.
nor will these firmware updates run from WinPE or even directly on the Lifecycle Controller
Why can't you update from the Lifecycle Controller? There are instructions for updating using the LCC in the installation instructions section of the download page. You should also be able to use the DUP to update from the iDRAC web interface under the update and rollback section.
Dell EMC, Enterprise Engineer
Thanks for the reply. Just to make sure we're on the same page, I'm on an M630 on Server 2016 and trying to run this update: Network_Firmware_539P6_WN64_18.0.17_A00.EXE. I am definitely an admin on the box, and I am most certainly not trying to run this update from inside a VM....
When I run that file directly and click Install, I get an "Inventory collection failed" error less than 1 second into the process. This is also true if I launch the file by choosing "Run as administrator", which I expected because I got a UAC prompt even when launching it the regular way.
If I launch that DUP and choose Extract, then open an elevated Command Prompt and attempt to run "Intelfw.cmd i" (inventory mode just to see what happens), I immediately get an "OS layer initialization failed" error. Reading through that batch file and the VBS script that it calls (I see there's a commented out reference to a PowerShell script that doesn't exist in the folder contents -- on a production release, really?), I see that ultimately nvmupdaten64e.exe or nvmupdatew64e.exe are called, and I've verified that running them directly even with no parameter produces that same "OS layer initialization failed" error.
I can try running the DUP via iDRAC or LCC again, but last time I tried the LCC after spending time making the necessary virtual media, which ended up being quite a bit larger than the EXE it contained (a bit aggravating given that I was working from my VPN-connected laptop at the time), I got an error that the file could not be used, with no meaningful description as to why. I can try the iDRAC method again, but if you're telling me that you've gotten this to work from inside the OS, I'd appreciate any suggestions you have for addressing the error messages I've just posted, or any way to get more detailed logs out of those firmware update EXEs I mentioned in order to help identify the underlying problem.
And using the iDRAC "Update and Rollback" mechanism, I was able to upload the NIC firmware update and it was recognized as such, but when I clicked "Install and Reboot" and went to the Job Queue, I received this error a few seconds after the installation attempt began: "RED006: Unable to download Update Package". The iDRAC firmware 220.127.116.11 and the M630 BIOS is 2.4.2, if that matters.
"RED006: Unable to download Update Package".
One of your previous firmware updates may be partially installed. I would take the system down, disconnect power to drain flea power, and attempt the update again.
Dell EMC, Enterprise Engineer
I've already done that, and that wouldn't explain the error I receive in the OS just trying to run the NVM firmware update EXEs.