Manualshelf

Setup Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
48495051525354555657
Troubleshoot issues while setting up SEKM on iDRAC
52 Enable OpenManage Secure Enterprise Key Manager (SEKM) on Dell EMC PowerEdge Servers
5 Troubleshoot issues while setting up SEKM on iDRAC
This section addresses some of the common issues encountered when using SEKM.
5.1 I installed the SEKM license, but I cannot enable the SEKM on
iDRAC?
Make sure you update the iDRAC firmware after you install the SEKM license. This is required even if you
had a SEKM supported iDRAC firmware version prior to installing the SEKM license.
5.2 I set up the KMS information and uploaded SEKM SSL certificates,
but I am still unable to enable SEKM on iDRAC?
There are many possible reasons why iDRAC is unable to enable SEKM. Check the SEKM enable job Config
Results for information about the job failure. Also, check the Lifecycle Controller logs for possible reasons for
failure to enable SEKM. Also, check the following SEKM settings:
Ensure that the:
o Primary and Redundant KMS IP addresses are correct
o Primary and Secondary KMIP port numbers are correct.
o KMS CA certificate is the same as the one used to sign the KMS Server certificate.
o CA used to sign the iDRAC CSR is in the Trusted CA list on the KMS server.
o SSL Timeout value is large enough to allow iDRAC to be able to establish the SSL connection to
the KMS.
o User name of the iDRAC account on the KMS is entered in the correct field—It should match the
value chosen in the “Username field in the Client Certificate” authentication property on the KMS.
If the “Require Client Certificate to contain Source IP” option is enabled on the KMS then ensure that the
iDRAC CSR contains the IP address in the Common Name field.
5.3 I am unable to switch PERC to SEKM mode?
Make sure the PERC firmware has been upgraded to a version that supports SEKM.
Make sure the SEKM status on iDRAC is Enabled. You can use the “racadm sekm getstatus
command to see the current SEKM status.
5.4 I set up SEKM on iDRAC and PERC and rebooted the host, but
PERC shows the Encryption Mode as SEKM Failed?
The primary reason for this is that the PERC could not get the key from the iDRAC. In this case the iDRAC
SEKM status will change to Failed. Therefore, refer to the troubleshooting tips mentioned earlier and make
sure iDRAC can communicate to the KMS.