Skip to main content
Start a Conversation

Solved!

Go to Solution

FedericoCoppola97

1 Rookie

 • 

56 Posts

12418

October 3rd, 2020 05:00

iDRAC 6 I cant' renew SSL certificate

Hi,
I have a Dell PowerEdge 610 server.

I have just connected it to my LAN and I can't connect to it using Web Interface due to there is a certificate issue. I connected using SSH with success. From CLI I have gotten these informations:

 

 

/admin1-> racadm getsysinfo

RAC Information:
RAC Date/Time = 10/03/2020 14:39:08
Firmware Version = 1.30
Firmware Build = 24
Last Firmware Update = 01/23/2010 06:47:46
Hardware Version = 0.01
MAC Address = 00:22:19:68:a5:01

Common settings:
Register DNS RAC Name = 1
DNS RAC Name = iDRAC
Current DNS Domain = company.local
Domain Name from DHCP = 0
IPv4 settings:
Enabled = 1
Current IP Address = 172.29.100.92
Current IP Gateway = 172.29.100.1
Current IP Netmask = 255.255.255.0
DHCP Enabled = 0
Current DNS Server 1 = 172.29.40.11
Current DNS Server 2 = 172.29.40.12
DNS Servers from DHCP = 0
IPv6 settings:
Enabled = 0
Current IP Address 1 = ::
Current IP Gateway = ::
Autoconfig = 1
Link Local IP Address = ::
Current IP Address 2 = ::
Current IP Address 3 = ::
Current IP Address 4 = ::
Current IP Address 5 = ::
Current IP Address 6 = ::
Current IP Address 7 = ::
Current IP Address 8 = ::
Current IP Address 9 = ::
Current IP Address 10 = ::
Current IP Address 11 = ::
Current IP Address 12 = ::
Current IP Address 13 = ::
Current IP Address 14 = ::
Current IP Address 15 = ::
DNS Servers from DHCPv6 = 0
Current DNS Server 1 = ::
Current DNS Server 2 = ::

System Information:
System Model = PowerEdge R610
System BIOS Version = 3.0.0
Service Tag =
Host Name =
OS Name =
Power Status = OFF

Embedded NIC MAC Addresses:
NIC1 Ethernet = 00:22:19:68:a4:f9
iSCSI = 00:22:19:68:a4:fa
NIC2 Ethernet = 00:22:19:68:a4:fb
iSCSI = 00:22:19:68:a4:fc
NIC3 Ethernet = 00:22:19:68:a4:fd
iSCSI = 00:22:19:68:a4:fe
NIC4 Ethernet = 00:22:19:68:a4:ff
iSCSI = 00:22:19:68:a5:00
Watchdog Information:
Recovery Action = None
Present countdown value = 15 seconds
Initial countdown value = 15 seconds

I have tried to renew certificate using this commands without success.
racadm sslresetcfg
racadm racreset soft

How can I solve it? It is really important for me.
Thanks!

FedericoCoppola97

1 Rookie

 • 

56 Posts

November 23rd, 2020 05:00

Hi all,

I have found this way to upgrade iDRAC 6 firmware of PowerEdge R610.

 

1) I have reset iDRAC as you suggested me before

2) I have downloaded Firmware Upgrade executable package for Windows Server 2012 R2 of iDrac 2.92 (I have Win Server 2016 on this PowerEdge at the moment and there is not executable package for Windows Server 2016)

FedericoCoppola97_0-1606138282585.png

3) I runned it without issue and it works!

FedericoCoppola97_1-1606138347323.png

FedericoCoppola97_2-1606138386870.png

 

Now, from iDRAC web page, I can see that firmware is upgraded

FedericoCoppola97_3-1606138582582.png

 

For my experience just the iDRAC executable package with the last release worked without problem on Windows Server 2016, otherwhise software crash.

 

Thanks so much for your suggestions!

Federico

DELL-Shine K

4 Operator

 • 

3K Posts

October 3rd, 2020 06:00

What error are you getting when tried to access iDRAC via GUI. 

Is "racadm sslresetcfg" command was successful or does it gave any error message. You can also run racadm sslcertview -t 1 command and check certificate details (validity and all) on iDRAC

I also observed that you have very old iDRAC FW and there is a high chance default certificate on iDRAC is expired with that FW. You can either update to latest FW or upload a custom certificate to iDRAC is that is the case

As you have very old iDRAC FW and BIOS on the system it is not recommended to update to latest iDRAC FW and BIOS directly. You need to update FW in-between before reaching to latest FW.

DELL-Erman O

Moderator

 • 

2.8K Posts

October 4th, 2020 23:00

Hi,
I totally agree with Shine. And please, answer questions on previous post. Also, it could be related to old iDRAC FW when start to update FW please don't forget incremental update to latest version. 

 

Let us know if this helps.

 

FedericoCoppola97

1 Rookie

 • 

56 Posts

October 6th, 2020 21:00

Hi @DELL-Shine K ,

I have failed connection using browser from my laptop to iDrac due to there was a firewall in the middle that check SSL certificate and it did not permit connection due to HTTPS certificate was expired.

I have bypassed this firewall block and fortunately I have upgraded iDrac firmware just to the next firmware version (not to the last firmware version). After that I connected to iDrac using SSH and I used "racadm sslresetcfg" command.

Before firmware upgrade I got error that command wasn't available. (It did not exist in my opinion).

I would upgrade to next firmware version but it failed from browser (upgrade failed during installation).

What do you suggest to do in this case?

Thanks

Federico

 

 

DELL-Shine K

4 Operator

 • 

3K Posts

October 6th, 2020 22:00

After checking documentation I realized sslresetcfg command support is added 1.70 firmware version. So you need to either run racresetcfg (This command will change all setting to default including network configuration) command to reset the certificate or need to update to 1.70 firmware to run sslresetcfg command. 

What error are you getting while try to update iDRAC firmware. Can you try iDRAC firmware update after resetting iDRAC firmware

DELL-Erman O

Moderator

 • 

2.8K Posts

October 7th, 2020 06:00

Hi, Can you try again by soft resetting iDRAC? Resetting the iDRAC will not restart your server, you will be disconnect from your iDRAC for a short time and then you will be able to access it again as login.

 

- Via GUI

  1. In the lower right corner of the overview screen, the Quick Launch Tasks are shown.
  2. Click Reset iDRAC Figure 2 ).
  3. Confirm the action.
  4. The iDRAC will not be reachable for few minutes, while the system performance is not affected.

 

-The command for resetting the iDRAC is:

racadm racreset for a soft reset (no saved settings are changed) 

 

-Via I-button


I-button on PowerEdge T620 server

FedericoCoppola97

1 Rookie

 • 

56 Posts

October 7th, 2020 06:00

Dear @DELL-Shine K ,

As I described before, I have found the way to access to web page of iDrac and upgrade firmware just to
iDRAC6 1.95  from iDRAC6 1.30 with success.

After this upgrade I have generate a new SSL certificate using sslresetcfg  command.

The issue now is that I can't upgrade from iDRAC6 1.95  to next release iDRAC6 1.96.

 

Upgrade failed, I have tried two times. I have attached photo about this issue.
There is not a specific error, just a generic error.

idrac_1.PNGidrac_2.PNG

 

What can I do?
Thanks for your help!
Federico

DELL-Shine K

4 Operator

 • 

3K Posts

October 7th, 2020 06:00

Can you check Logs on iDRAC and see any details on update failure. Some time this kind of failure happens if we have corrupted image. So you can try downloading the image again and try.  You can also try other version like 1.97 or 1.98

If update still failing through GUI, then you can try updating iDRAC using racadm. You can find more details on this on below user guide on page 40. I recommend you to try with TFTP option for which racadm command can be executed using SSH

https://downloads.dell.com/manuals/all-products/esuprt_electronics/esuprt_software/esuprt_remote_ent_sys_mgmt/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_user%27s%20guide_en-us.pdf 

FedericoCoppola97

1 Rookie

 • 

56 Posts

October 7th, 2020 15:00

Hi @Dell-ErmanO 
Ok I will try to reset iDrac and later I will try to upgrade again firmware using TFTP if necessary (as @DELL-Shine K  suggested)

I will keep you update.

Thanks for your help

Federico

aryway

4 Posts

January 6th, 2021 20:00

Was this post helpful?

View All

No Events found!

Top