Fix Unable to Verify Update Package signature. IDRAC ISSUE

I encountered the Unable to Verify Update Package signature issue while trying to upgrade the Dell PowerEdge R430 Server IDRAC. We can encounter this error when attempting to update an iDRAC when jumping up too many versions.

Start Time:	Not Applicable
Expiration Time:	Not Applicable
Message:	RED007: Unable to verify Update Package signature.

Summary: iDRAC update fails with the following error RED007: Unable to verify Update Package signature. Due to a change to the digital signature, Workaround must be used to complete the update. This is most probably due to the existing iDRAC setup lacking the required information about newer security (certificate) information for the much newer update installer.

A confirmed fix is to apply earlier updates to/for the iDRAC in a more step-wise manner: For instance, if the card is listed as version 2.2x.(etc), apply the update to 2.40.40.40 then 2.5x, etc. up to the latest update. It is often possible to skip one version, but as always, proceed with due care & caution.

Dell IDRAC Older versions

VERSION	RELEASE DATE	IMPORTANCE
2.80.80.80, A00	11 May 2021	Recommended
2.75.100.75, A00	20 Jan. 2021	Recommended
2.75.75.75, A00	26 Jun. 2020	Recommended
2.70.70.70, A00	31 Oct. 2019	Recommended
2.63.60.61, A00	03 May 2019	Urgent
2.62.60.60, A00	11 Feb. 2019	Recommended
2.61.60.60, A00	05 Dec. 2018	Recommended
2.60.60.60, A00	25 Jun. 2018	Recommended
2.52.52.52, A00	02 Mar. 2018	Recommended
2.50.50.50, A00	26 Sep. 2017	Recommended
2.41.40.40, A00	14 Nov. 2016	Optional
2.40.40.40, A00	12 Oct. 2016	Recommended
2.30.30.30, A00	10 Feb. 2016	Recommended
2.21.21.21, A00	09 Nov. 2015	Urgent
2.20.20.20, A00	24 Aug. 2015	Recommended
2.15.10.10, A00	25 Jun. 2015	Recommended
2.10.10.10, A00	17 Mar. 2015	Recommended

How to Fix Unable to Verify Update Package signature

Resolution: The iDRAC7 and iDRAC8 Dell Update Packages (DUP) no longer carry SHA-1 digital signatures. This DUP change was introduced in iDRAC firmware 2.61.60.60 and later. iDRAC7 and iDRAC8 version 2.40.40.40 or later added support to verify the SHA256 signatures. iDRAC must be running one of the following versions to support SHA-256 DUP payloads through Out of Band updates.

In this case, I’m going to upgrade from the 2.21.21.21 version to the final 2.80.80.80, A00 version in a step-wise manner.

1. Go to the Dell Product Support page and search IDRAC update by your Service Tag of your Server and download the IDRAC and Lifecycle controller update.
2. Login to your IDRAC through the web interface using the IDRAC IP address.
3. Expand IDRAC Settings.
4. Click Update and Rollback.
5. On the Update table, select the download IDRAC and Lifecycle Controller update then click Upload.
6. Once the package is successfully uploaded, tick the checkbox of the uploaded file and click Install.
   • Note: I’ve updated the IDRAC and Lifecycle Controller on a Dell R430 Server in three step-wise manner from 2015 to 2021 versions.

7. Check the Job Queue to see the results. If you find a failed result, try with a lower version.

The final result should be successful. Refresh the page and log in to IDRAC again.

Affected Product:

iDRAC7, IDRAC8 Lifecycle Controllers, PowerEdge FC430, PowerEdge FC630, PowerEdge FC830, PowerEdge FM120x4 (for PE FX2/FX2s), PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge R220, PowerEdge R230, PowerEdge R320, PowerEdge R330, PowerEdge R420, PowerEdge R420xr, PowerEdge R430, PowerEdge R520, PowerEdge R530, PowerEdge R530xd, PowerEdge R620, PowerEdge R720, PowerEdge R720xd, PowerEdge R730, PowerEdge R730xd, PowerEdge R820, PowerEdge R830, PowerEdge R920, PowerEdge R930, PowerEdge T130, PowerEdge T320, PowerEdge T330, PowerEdge T420, PowerEdge T430, PowerEdge T620, PowerEdge T630.