I encountered the Unable to Verify Update Package signature issue while trying to upgrade the Dell PowerEdge R430 Server IDRAC. We can encounter this error when attempting to update an iDRAC when jumping up too many versions.
|Start Time:||Not Applicable|
|Expiration Time:||Not Applicable|
|Message:||RED007: Unable to verify Update Package signature.|
Summary: iDRAC update fails with the following error RED007: Unable to verify Update Package signature. Due to a change to the digital signature, Workaround must be used to complete the update. This is most probably due to the existing iDRAC setup lacking required information about newer security (certificate) information for the much newer update installer.
A confirmed fix is to apply earlier updates to/for the iDRAC in a more step-wise manner: For instance, if the card is listed at version 2.2x.(etc), apply the update to 126.96.36.199 then 2.5x, etc. up to the latest update. It is often possible to skip one version, but as always, proceed with due care & caution.
Dell IDRAC Older versions
|188.8.131.52, A00||11 May 2021||Recommended|
|184.108.40.206, A00||20 Jan. 2021||Recommended|
|220.127.116.11, A00||26 Jun. 2020||Recommended|
|18.104.22.168, A00||31 Oct. 2019||Recommended|
|22.214.171.124, A00||03 May 2019||Urgent|
|126.96.36.199, A00||11 Feb. 2019||Recommended|
|188.8.131.52, A00||05 Dec. 2018||Recommended|
|184.108.40.206, A00||25 Jun. 2018||Recommended|
|220.127.116.11, A00||02 Mar. 2018||Recommended|
|18.104.22.168, A00||26 Sep. 2017||Recommended|
|22.214.171.124, A00||14 Nov. 2016||Optional|
|126.96.36.199, A00||12 Oct. 2016||Recommended|
|188.8.131.52, A00||10 Feb. 2016||Recommended|
|184.108.40.206, A00||09 Nov. 2015||Urgent|
|220.127.116.11, A00||24 Aug. 2015||Recommended|
|18.104.22.168, A00||25 Jun. 2015||Recommended|
|22.214.171.124, A00||17 Mar. 2015||Recommended|
How to Fix Unable to Verify Update Package signature
Resolution: The iDRAC7 and iDRAC8 Dell Update Packages (DUP) no longer carry SHA-1 digital signatures. This DUP change was introduced in iDRAC firmware 126.96.36.199 and later. iDRAC7 and iDRAC8 version 188.8.131.52 or later added support to verify the SHA256 signatures. iDRAC must be running one of the following versions to support SHA-256 DUP payloads through Out of Band updates.
In this case, I’m going to upgrade from the 184.108.40.206 version to the final 220.127.116.11, A00 version in a step-wise manner.
- Go the the Dell Product Support page and search IDRAC update by your Service Tag of your Server and download the IDRAC and Lifecycle controller update.
- Login to your IDRAC through web interface using IDRAC IP address.
- Expand IDRAC Settings.
- Click Update and Rollback.
- On the Update table, select the download IDRAC and Lifesycle Controller udpate then click Upload.
- Once the package successfully uploaded, tick the checkbox of uploaded file and click Install.
- Note: I’ve updated the IDRAC and Lifecycle Controller on a Dell R430 Server with three step-wise manner from 2015 to 2021 versions.
7. Check the Job Queue to see the results. If you find a failed result, try with a lower version.
The final result should be successful. Refresh the page and log in to IDRAC again.
iDRAC7, IDRAC8 Lifecycle Controllers, PowerEdge FC430, PowerEdge FC630, PowerEdge FC830, PowerEdge FM120x4 (for PE FX2/FX2s), PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge R220, PowerEdge R230, PowerEdge R320, PowerEdge R330, PowerEdge R420, PowerEdge R420xr, PowerEdge R430, PowerEdge R520, PowerEdge R530, PowerEdge R530xd, PowerEdge R620, PowerEdge R720, PowerEdge R720xd, PowerEdge R730, PowerEdge R730xd, PowerEdge R820, PowerEdge R830, PowerEdge R920, PowerEdge R930, PowerEdge T130, PowerEdge T320, PowerEdge T330, PowerEdge T420, PowerEdge T430, PowerEdge T620, PowerEdge T630.