Manualshelf

Setup Guide

ManualsBrandsDell ManualsConverged InfrastructureSystems Management Solution Resources
48495051525354555657
Troubleshoot issues while setting up SEKM on iDRAC
55 Enable OpenManage Secure Enterprise Key Manager (SEKM) on Dell EMC PowerEdge Servers
5.13 I am unable to rollback iDRAC firmware what could be the reason
for rollback to be blocked?
Make sure that there are no storage devices that are in SEKM mode. iDRAC will block a rollback to a version
that does not support SEKM if there are any storage devices that are in the SEKM mode. This is to prevent
data lockout since after rollback iDRAC will not be able to provide keys to the storage devices to be unlocked.
5.14 I rebooted the host and key exchange failed because of a network
outage and the PERC is in SEKM failed state. The network outage
has been resolved what do I need to do to put PERC back in
SEKM mode?
Ideally, you do not have do anything because iDRAC will periodically try to connect to the KMS. After the
network is started, iDRAC should be able to connect to the KMS, get the keys and provide them to PERC,
and put it back in the SEKM mode. After five minutes, if the PERC is still in SEKM Failed state then reboot the
host and check if key exchange is successful.
5.15 I would like to change the keys on a PERC—is that possible?
Yes, iDRAC allows a rekey operation, with which, you can rekey all storage devices supported for SEKM or a
specific storage device. These rekey operations are supported by using either iDRAC GUI, RACADM, or
Server Configuration Profile (SCP).
5.16 I did a system erase, but the PERC encryption mode continues to
show as SEKM
This is an expected behaviorsystem erase does not change the encryption mode of the storage controller.
To delete security on the PERC, use any of the supported iDRAC interfaces and switch the PERC encryption
mode to None.
5.17 I cannot switch PERC to SEKM mode when it is in LKM mode
This is an expected behaviorswitching from LKM to SEKM mode is currently not supported.
5.18 I migrated an SED, locked by a PERC in LKM mode, to a PERC in
SEKM mode. The drive is indicated as Locked and Foreign. Why
was it not unlocked?
This is an expected behavior. Because the SED was locked by a PERC in LKM mode, it must be unlocked
manually by providing the LKM passphrase by using any of the IDRAC interfaces. After unlocking, the foreign
configuration on the drive can be imported, and then the drive will be locked by the SEKM key.