Skip to main content
Start a Conversation

Unsolved

T

tkutil

1 Rookie

 • 

88 Posts

26

February 6th, 2025 14:42

Firmware Updates + Secure Boot + TPM Enabled

Im trying to update firmware on our ESXi hosts via OMIVV. The install acts like its working but im assuming the firmware is not being applied because a rescan of the firmware shows they still need an update. I also tried via OME and iDrac upload/install. Im starting to think its because of Secure Boot being enabled, TPM enabled, and also Lockdown mode enabled in VMware. Odd thing is this never happened before. Is there a procedure to follow when installing firmware with Secure Boot, TPM and Lockdown mode turned on?

DELL-Charles R

Moderator

 • 

4.1K Posts

February 6th, 2025 19:40

Hello,

 

Has anything changed since the last time it worked properly?

 

Is Collect System Inventory On Restart (CSIOR) enabled in the system BIOS?

 

If you give the DRAC a reboot; does it report correctly?

 

Does it give you any information about the update status in the LifeCycle Log and the iDRAC System Event Log?
 

 

If you have a maintenance window you may try a flea power drain:

drain flea power (shut down, disconnect power cables and Network cables, hold in power button 20 seconds with cords removed).

After flea power drain, system has to set for 3 minutes for DRAC to reset without any power plugged in,

Then plug in NIC and power but wait 2 minutes before power on to give DRAC time to initialize.

Check firmware reporting.

 

 

What model server are you working with?

tkutil

1 Rookie

 • 

88 Posts

February 6th, 2025 22:16

This is what I can tell you so far. Turns out our network admin made some "changes" to the vlan/firewall connection for the iDRAC network. Now that they have fixed the iDRAC vlan I can use OME to update firmware on all of the servers they I tested except for my vmware esxi hosts. Here is the details from an attempted BIOS fw update from OME to an idrac on an esxi host 

Running
Verifying if the device Service Tag is valid.
The device Service Tag is valid.
Starting communication with the device.
Performing the requested operation
Delete Job Queue has been attempted
Performing iDRAC Reset
iDRAC reset is complete.
Checking LC Service State
Checking Remote Services availability
Remote LC Services are ready.
Reset-iDRAC and/or Clear Job Completed
Update allowed in target, System Lockdown status = DISABLED
Checking Remote LC Services availability
Remote LC Services are ready now
Attempting to initiate/stage payload instance: DCIM:INSTALLED#741__BIOS.Setup.1-1
Initiated Status check for Job ID : JID_389012648878
Job state for JID_389012648878 is DOWNLOADING
Job state for JID_389012648878 is FAILED
Mount of remote share failed.
Initiating host reboot action as one or more payload(s) marked as reboot required.
Task Failed. Completed With Errors.

DELL-Young E

Moderator

 • 

4.6K Posts

February 7th, 2025 05:39

Hello, can you confirm if "If you give the DRAC a reboot; does it report correctly?" this was performed? I think you can try directly from idrac instead of via OME.

Respectfully,

View More

View All

No Events found!

Top