Invoke-SecureEraseDeviceREDFISH -

[joekleinsorge]

Secure_Erase_Device param does not work and returns an error stating that the FQDD from Get_Secure_Erase_Devices is not correct.

When using $get_secure_erase_devices = "RAID.Slot.6-1" I get back Disk.Bay.0:Enclosure.Internal.0-1:RAID.Slot.6-1 Disk.Bay.1:Enclosure.Internal.0-1:RAID.Slot.6-1 Disk.Bay.2:Enclosure.Internal.0-1:RAID.Slot.6-1 Disk.Bay.3:Enclosure.Internal.0-1:RAID.Slot.6-1

When trying to erase a disk by setting $secure_erase_device = "Disk.Bay.3:Enclosure.Internal.0-1:RAID.Slot.6-1"

I get back the following error: Invoke-WebRequest : {"error":{"@Message.ExtendedInfo":[{"Message":"Unable to complete the operation because the resource /redfish/v1/Systems/System.Embedded.1/Storage/Disk.Bay.3:Enclosure.Internal.0-1:RAID.Slot.6-1 entered in not found.","MessageArgs":["/redfish/v1/Systems/System.Embedded.1/Storage/Disk.Bay.3:E nclosure.Internal.0-1:RAID.Slot.6-1"],"MessageArgs@odata.count":1,"MessageId":"IDRAC.1.6.SYS403", "RelatedProperties":[],"RelatedProperties@odata.count":0,"Resolution":"Enter the correct resource and retry the operation. For information about valid resource, see the Redfish Users Guide available on the support site.","Severity":"Critical"},{"Message":"The resource at the URI /redfish/v1/Systems/System.Embedded.1/Storage/Disk.Bay.3:Enclosure.Internal.0-1:RAID.Slot.6-1 was not found.","MessageArgs":["/redfish/v1/Systems/System.Embedded.1/Storage/Disk.Bay.3:Enclosur e.Internal.0-1:RAID.Slot.6-1"],"MessageArgs@odata.count":1,"MessageId":"Base.1.2.ResourceMissingA tURI","RelatedProperties":[""],"RelatedProperties@odata.count":1,"Resolution":"Place a valid resource at the URI or correct the URI and resubmit the request.","Severity":"Critical"}],"code":"Base.1.2.GeneralError","message":"A general error has occurred. See ExtendedInfo for more information"}}

The drive in disk bay 3 is a ISE drive and can be wiped using the racadm systemerase overwritepd

[texroemer]

Hi @JoeyKleinsorge

Can you let me know which iDRAC firmware version you have installed? 3.32 is the latest version which i just tested the cmdlet, unable to repro the issue you are seeing.

Example of running the cmdlet on 3.32 iDRAC:

PS C:> Invoke-SecureEraseDeviceREDFISH -idrac_ip 192.168.0.120 -idrac_username root -idrac_password calvin -secure_erase _device "Disk.Bay.0:Enclosure.Internal.0-1:RAID.Mezzanine.1-1"

• PASS, statuscode 202 returned to successfully erase 'Disk.Bay.0:Enclosure.Internal.0-1:RAID.Mezzanine.1-1' device, JID_609507681186 job ID created

• WARNING, secure erase job will run in real time operation, no server reboot needed to apply the changes

• WARNING, job not marked completed, current status is: Job in progress. Precent complete is: 1

• WARNING, job not marked completed, current status is: Job in progress. Precent complete is: 1

• WARNING, job not marked completed, current status is: Job in progress. Precent complete is: 99

• WARNING, job not marked completed, current status is: Job in progress. Precent complete is: 99

• WARNING, job not marked completed, current status is: Job in progress. Precent complete is: 99

• WARNING, job not marked completed, current status is: Job completed successfully. Precent complete is: 100

• PASS, JID_609507681186 job ID marked as completed!

• Detailed final job status results:

@odata.context : /redfish/v1/$metadata#DellJob.DellJob @odata.id : /redfish/v1/Managers/iDRAC.Embedded.1/Jobs/JID_609507681186 @odata.type : #DellJob.v1_0_1.DellJob CompletionTime : 2019-06-19T08:27:28 Description : Job Instance EndTime : TIME_NA Id : JID_609507681186 JobState : Completed JobType : RealTimeNoRebootConfiguration Message : Job completed successfully. MessageArgs : {} MessageId : PR19 Name : Config:RAID:RAID.Mezzanine.1-1 PercentComplete : 100 StartTime : TIME_NOW TargetSettingsURI :

PS C:> racadm -r 192.168.0.120 -u root -p calvin --nocertwarn getversion Bios Version = 2.2.9

iDRAC Version = 3.32.32.32

Lifecycle Controller Version = 3.32.32.32

IDSDM Version = NA

PS C:>

The error you are seeing is the URI is incorrect, its missing "Drives" in the URI path. Are you running the cmdlet from GitHub or are you running your own code?

Failing for:

"/redfish/v1/Systems/System.Embedded.1/Storage/Disk.Bay.3:Enclosure.Internal.0-1:RAID.Slot.6-1"

Should be:

"/redfish/v1/Systems/System.Embedded.1/Storage/Drives/Disk.Bay.3:Enclosure.Internal.0-1:RAID.Slot.6-1"

[joekleinsorge]

Hey @texroemer thank you for the quick response. The server is a R740 with iDRAC Firmware Version 3.30.30.30

I copied the RAW code from GitHub and am running it in PowerShell ISE. I see what you are saying that the error isn't including "Drives" in the URI, that was an issue with ISE trying to get "$secure_erase_device" because of the variable not being null.

After fixing that issue, I am still getting the following error:

{"error":{"@Message.ExtendedInfo":[{"Message":"Unable` to complete the operation because either the Fully Qualified Device Descriptor (FQDD) entered did not match any virtual drive (VD), the physical drives available, or the operation is not supported on the physical drive (s).","Message Args":[],"MessageArgs@odata.count":0,"MessageId":"IDRAC.1.6.STOR009","RelatedProperties":[],"Rela tedProperties@odata.count":0,"Resolution":"Make sure of the following and retry the operation: A physical drive or virtual drive with the FQDD entered exists. 2) The physical drive (s) supports the operation being tried. For more information about supported physical drives, see the iDRAC User's Guide available on the support site.","Severity":"Warning"}],"code":"Base.1.2.GeneralError","message":"A general error has occurred. See ExtendedInfo for more information"}}

The URI for the call is: https://10.101.229.243/redfish/v1/Systems/System.Embedded.1/Storage/Drives/Disk.Bay.3:Enclosure.Internal.0-1:RAID.Slot.6-1/Actions/Drive.SecureErase

[texroemer]

Ok, so now we are passing in the correct URI, just the disk itself in a state which doesn't support the action. Is this disk part of a RAID volume? If yes, secure erase (cyrptographic erase) will not work unless you delete the volume first. Secure erase feature is not completely destructive and will block the operation if the disk is part of a RAID volume.

Coming in iDRAC 4.00 which is scheduled to be released end of this year, we will be adding iDRAC SystemeErase feature (currently supported from RACADM) to Redfish which is a destructive command and will erase drives even if they are part of a RAID volume.

[joekleinsorge]

@texroemer Thank you for that clarification on the command, I didn't see that definition for it and that explains why it failed. I look forward to the release of 4.00.

[texroemer]

@JoeyKleinsorge

No problem and glad to help. This action is DMTF, not OEM extension so this information won't be listed in the schema. I went ahead and updated the cmdlet with help text explaining this information.