12-14-2022 08:40 PM
Hi,
Our old ISE C220M - SNS-3595-K9 is migreted to new one and I am trying to use it for labb by installning ESXI on the old ISE. But everytime i am trying to boot by usb, I got a messege "invalid signature detected - check secure policy boot in Setting". When I go to CIMC/Compute/Bios/Configure boot order, I see the UEFI secure boot is not activated.
My question:
can I install Esxi on ISE C220M - SNS-3595 ? if yes, how can I de-activate the signature detected ?
Thank you
Solved! Go to Solution.
12-15-2022 08:57 AM
That appears to be 'CIMC secure boot' enabled and locked to ISE/SNS appliance images.
If the system easily let you boot to an alternate image, that would present a big security vulnerability.
Repurposing the security appliances is not supported.
Kirk...
12-15-2022 08:57 AM
That appears to be 'CIMC secure boot' enabled and locked to ISE/SNS appliance images.
If the system easily let you boot to an alternate image, that would present a big security vulnerability.
Repurposing the security appliances is not supported.
Kirk...
03-22-2024 10:10 AM
I know this is old thread but if you have access to CCO to can flash the bios with regular ucs-c firmware instead of the ise firmware and then you can use the server as a normal bare metal box or you used to. we have a couple old ones that we turned into linux jump servers.
03-25-2024 10:38 AM
How can i get to CCO and flash the bios? There is no way on CIMC to do that.
03-25-2024 01:01 PM - edited 03-25-2024 01:03 PM
Sure there is. So on my 3595 I get the following info logging into the CIMC.
You can see in the bios version that the server type if a C220 M4. If I go to support.cisco.com and login, in the search box at the top i can type in 220 m4 and the first option that pops up is UCS C220 M4 Rack Server then Click downloads option. it should take you to downloads page. If it doesn't take you directly to the 220 page then just put 220 m4 in the search box again and then select UCS C220 M4 Rack Server Software. When the type page pulls up select Server Firmware. There is an ISO that you'll download and the release notes on that page will provide the directions to flash the bios/cimc on the host. This will load the non-ISE appliance firmware for you and that should be all you need to do. You're not technically flashing it in the CIMC but that's how you're going to load the ISO to do it. I've done this and done it remotely. I live 1500 miles from my data centers where my servers are located.
04-29-2024 03:35 PM
I successfully executed the CIMC and BIOS from the HUU.ISO. Then, I upgraded my SNS-3595 to the latest version, 4.1.x. However, I couldn't boot from any software other than ISE. The server displayed a window that said (the boot is secured).
04-18-2024 03:50 AM
You mean to download (ucs-c220m4-huu-4.1.2m.iso) and use it ?
04-29-2024 04:33 AM
Hi Mike, was the normal iso "ucs-c220m4-huu-4.1.2m.iso" working from the UCS C220 M4 Rack Server on the SNS-3595-K9 without failure?
04-30-2024 08:31 AM - edited 04-30-2024 08:32 AM
Looks like at some point cisco modified the UCS firmware to enable secure boot by default and there is no way to remove it. Such a complete waste. My guess is that's why people are literally giving this hardware away now on ebay as it’s basically useless. Glad i had been buying dell gear for my home lab. Guess ill be sticking with that.
04-30-2024 10:04 AM
a part of what you saying is true. On the other hand, UCS server is not locked.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide