Manualshelf

Setup Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Solution Resources
48495051525354555657
Troubleshoot issues while setting up SEKM on iDRAC
54 Enable OpenManage Secure Enterprise Key Manager (SEKM) on Dell EMC PowerEdge Servers
5.8 I moved a SEKM enabled PERC to another server and now my
PERC encryption mode shows as SEKM Failed. How do I enable
SEKM on the PERC?
Follow the steps outlined in I moved a SED from one SEKM enabled PERC to another SEKM enabled PERC
on another server and now my drive shows up as Locked and Foreign. How do I unlock the drive? and restart
the host.
5.9 What key size and algorithm is used to generate the key at the
KMS?
In this release, iDRAC uses the AES-256 to generate keys at the KMS.
5.10 I had to replace my motherboard. How do I now enable SEKM on
the new motherboard?
After a mother board replacement, the Easy Restore feature will restore the SEKM license and all SEKM
attributes to the newly replaced iDRAC. But it will not restore the SEKM certificates as these are iDRAC
specific.
1. Update the iDRAC firmware to a version that supports SEKM. This is irrespective of the version that came
with the new iDRAC.
2. Generate a CSR on the new iDRAC, get it signed by the KMS CA, and then upload it to the new iDRAC.
3. Upload the KMS CA certificate to iDRAC.
4. Enable SEKM on the new iDRAC.
5. Ensure that the job is successfully completed.
5.11 I replaced a SEKM enabled PERC with another PERC and now I
see that the new PERC encryption mode is None. Why is the new
PERC encryption mode not SEKM?
On a Part Replacement, iDRAC will set the encryption mode of the new PERC to SEKM only if the firmware
version on the new PERC is SEKM capable. Make sure that the replacement PERC has a firmware version
that supports SEKM. If not, then perform a firmware update of the PERC to a version that supports SEKM and
then check the PERC encryption mode.
5.12 I replaced a SEKM enabled PERC and now I see that iDRAC has
generated a new key. Why was the key from the original PERC not
used?
Each PERC needs its own key for SEKM so when a PERC is replaced the new PERC will request iDRAC to
create a new key and it will use the old key to unlock the drives and then rekey them with its own new key.
Hence you will see iDRAC creating a new key after PERC part replacement.