iDrac 1.52 on old R510 ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Question

Trying to access iDrac on an old R510. Chrome returns an unpassable error

"ERR_SSL_VERSION_OR_CIPHER_MISMATCH"

Any ideas on how to get around this?

I SSL'd and checked the cert which expired in 2019. I found a post that mentioned

racadm sslcertresetcfg

But that comes back as an invalid subcommand.

/admin1-> racadm sslcertview -t1
Serial Number            : 01

Subject Information:
Country Code (CC)        : US
State (S)                : Texas
Locality (L)             : Round Rock
Organization (O)         : Dell Inc.
Organizational Unit (OU) : Remote Access Group
Common Name (CN)         : iDRAC6 default certificate

Issuer Information:
Country Code (CC)        : US
State (S)                : Texas
Locality (L)             : Round Rock
Organization (O)         : Dell Inc.
Organizational Unit (OU) : Remote Access Group
Common Name (CN)         : iDRAC6 default certificate

Valid From               : Sep 17 22:47:28 2009 GMT
Valid To                 : Sep 15 22:47:28 2019 GMT

AGLyons · Answer

=============================================================================== RAC Firmware Build Log =============================================================================== BLD_TAG=idracfw_bldtag_1_380119_0314_07 BLD_VERSION=1 BLD_NUMBER=38.01.19 BLD_DATE=Sun Jul 11 18:37:31 UTC 2010 BLD_TYPE=idrac BLD_KERNEL=ZIMAGE

AGLyons · Answer

=============================================================================== Coredump Information =============================================================================== Apr 20 09:38:28 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 20 09:40:02 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 20 09:44:19 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 20 09:45:34 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 20 09:48:27 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 20 09:56:07 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 20 09:57:10 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 20 10:06:29 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 21 02:07:40 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 21 05:55:46 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 21 05:56:41 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 22 17:39:17 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 22 17:47:10 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 22 17:50:32 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 22 17:51:25 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 22 18:28:46 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse Apr 22 18:30:12 r510 kernel: g_kbdmouse: full speed config #1 for Keyboard/Mouse =============================================================================== Network Interface Statistics =============================================================================== Kernel IPv6 routing table Destination Next Hop Flags Metric Ref Use Iface ::1/128 :: U 0 89873 1 lo Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.200.1 0.0.0.0 UG 0 0 0 eth0 Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 192.168.200.87:22 192.168.200.96:58667 ESTABLISHED tcp 1 0 127.0.0.1:56536 127.0.0.1:5988 CLOSE_WAIT =============================================================================== Session Information =============================================================================== SSNID Type User IP Address Login Date/Time --------------------------------------------------------------------------- 1 SSH adrian 192.168.200.96 04/22/2022 18:43:29

AGLyons · Answer

/admin1- racadm racdump =============================================================================== General System/RAC Information =============================================================================== RAC Information: RAC Date/Time = 04/22/2022 19:11:58 Firmware Version = 1.52 Firmware Build = 10 Last Firmware Update = 10/16/2011 22:21:21 Hardware Version = 0.01 MAC Address = 78:2b:cb:52:a2:73 Common settings: Register DNS RAC Name = 1 DNS RAC Name = idrac Current DNS Domain = Domain Name from DHCP = 0 IPv4 settings: Enabled = 1 Current IP Address = 192.168.200.87 Current IP Gateway = 192.168.200.1 Current IP Netmask = 255.255.255.0 DHCP Enabled = 1 Current DNS Server 1 = 0.0.0.0 Current DNS Server 2 = 0.0.0.0 DNS Servers from DHCP = 0 IPv6 settings: Enabled = 0 Current IP Address 1 = :: Current IP Gateway = :: Autoconfig = 1 Link Local IP Address = :: Current IP Address 2 = :: Current IP Address 3 = :: Current IP Address 4 = :: Current IP Address 5 = :: Current IP Address 6 = :: Current IP Address 7 = :: Current IP Address 8 = :: Current IP Address 9 = :: Current IP Address 10 = :: Current IP Address 11 = :: Current IP Address 12 = :: Current IP Address 13 = :: Current IP Address 14 = :: Current IP Address 15 = :: DNS Servers from DHCPv6 = 0 Current DNS Server 1 = :: Current DNS Server 2 = :: System Information: System Model = PowerEdge R510 System Revision = II System BIOS Version = 1.12.0 Service Tag = Host Name = OS Name = Power Status = ON Embedded NIC MAC Addresses: NIC1 Ethernet = 78:2b:cb:52:a2:71 iSCSI = 00:00:00:00:00:00 NIC2 Ethernet = 78:2b:cb:52:a2:72 iSCSI = 00:00:00:00:00:00 NIC3 Ethernet = N/A iSCSI = N/A NIC4 Ethernet = N/A iSCSI = N/A Watchdog Information: Recovery Action = None Present countdown value = 15 seconds Initial countdown value = 15 seconds

DELL-Shine K · Answer

Command to reset iDRAC certificate is 'racadm sslresetcfg' I believe you are seeing this issue because you have very old iDRAC FW. Can you update iDRAC to latest version and check the behavior. You can download latest iDRAC FW from below link. As you have very old iDRAC FW I will not recommend directly updating from old iDRAC FW to latest. You can perform a staged update 1.85 -> 1.97 -> 2.80 -> 2.92   https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=kpccc&oscode=ws8r2&productcode=poweredge-r510

SirLouie75 · Answer

I solved the cipher mismatch problem solely by updating the BIOS, iDRAC6, and Lifecycle Controllers (I've never used racadm commands before). Thanks to DELL-Shine K's suggestion, I tried the various updates in stages (as they wouldn't work direct from the Dell website). The suggested staged update path didn't work for me, but I got it to work after a lot of trial and error! Here is my journey.

I had an R710 with an ancient BIOS (version 2.x!), ancient iDRAC6 (version 1.5x!), and ancient Lifecycle Controller (version 1.4.0.x!). I was able to upgrade ALL of these to the most current versions as of January 2023 on the Dell Website: BIOS 6.6.0, iDRAC6 2.92, and Lifecycle Controller 1.7.5.4, all using only USB media through the Unified Server Configurator via the "Install Platform Update" utility.

BIOS: When I started, none of the Win32 BIOS updates were recognized on my USB flash drive. However, I downloaded the R710-060600C.exe file, copied it to a bootable USB (made with Rufus), and executed it in DOS mode using the System BIOS boot (UEFI boot was not supported on my flash drive) and it updated properly.

iDRAC6: The Win32 updates were not cumulative, so given that I had an old Lifecycle version, it only let me update to 1.85 (ESM_Firmware_3VM7N_WN32_1.85_A00.EXE) and then 1.90 (ESM_Firmware_Y9V1G_WN32_1.90_A00.EXE) before telling me that the other files were not supported.

Lifecycle Controller: This was the longest process, as the Dell website only gave me specific versions of the Win32 updates - none of which were allowed through the update process! I Google searched and found every update I could find, and painstakingly tried each one. I had success with this specific sequence:

1.4.0.586 (LC_APP_WIN_R284305-1.4.0.586.EXE)
1.5.0.672 (LC_APP_WIN_R300967-1.5.0.672.EXE)
1.5.2.32 (Lifecycle-Controller_Application_F0D50_WN32_1.5.2.32_A00.EXE)
1.7.5.4 (Lifecycle-Controller_Legacy_Application_0WFGM_WN32_1.7.5.4_A00.EXE)

iDRAC6 again: With the Lifecycle Controller updated, I was finally able to update iDRAC6 to 2.92 (ESM_Firmware_KPCCC_WN32_2.92_A00.EXE).

I hope this helps someone.

Polderviking · Answer

Yes, this is the way.I was in the same situation.The key is getting the Lifecycle controller where it needs to be. Install updates mentioned here in sequence, once that is at 1.7.5.4 you can just install all the latest firmware and any bios updates straight from Dell's support pages, including BIOS and iDRAC.

Watlingj · Answer

@SirLouie75​  Thank you a ton for documenting your struggle. I would not have had the patience to trial & error this like you did & this is literally the only documentation for this process i was able to find online.

dvshmkr · Answer

@SirLouie75​  Helped me too! I know have remote access.  Thanks

Systems Management General

iDrac 1.52 on old R510 > ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Was this post helpful?