How do I get a Dell BIOS update to install through the Security/Patching mechanism?
I have a Dell Latitude E6440 laptop that has a brand-new scripted Windows 10.1709 Enterprise x64 image on it, with all my desired apps.
Now I want to upgrade the BIOS on the laptop from A05 to A21. I know I can do this manually, since it's a one-off, but I really want to know how to do these things more automagically, using the K1000 SMA.
My SMA is version 8.0.318; agent on the laptop is 8.0.152. I've created a Smart Label named "Latittude E6440 - tss-loaner" which is applied to all Latitude E6440s named "tss-loaner-10", which is the name of my laptop, and Force Inventory'd the machine so that it now has that label.
I look in Security/Dell Updates/Catalog and search for "E6440", and find five updates, one of which is the A21 BIOS update. That's the one I want to apply. It currently says "Not Downloaded", and has a "1" in the Upgradable column (which I suspect is there because I'm close to convincing the system to install it on the one laptop in my SmartLabel).
When I look at Security/Dell Updates/Schedules, I have a schedule named "Test BIOS Install", set to run every day at 0:40, doing a "Detect and Deploy", with "All Devices" set to "No". When I drill down into that schedule's Detail, in the "Configure" section it has "Detect and Deploy" as the Action, "All Devices" is not checked, "Device Labels" is set to "Latitude E6440 - tss-loaner-10", "Devices" is empty, "Operating Systems" is set to "Microsoft Windows (All)". In the "Deploy" section it has "All Updates" checked, applying "Upgrades Only", max deploy attempts = 3. The "Notify" section is left along, all grayed out (no "Options", 15 mins "Timeout", "Timeout Action"="Cancel","Snooze"=5). The "Reboot" section is "Prompt User", "Auto reboot if no one logged in", Timeout=5, Reboot now, 5 prompts. If I click the "Show All" link at the bottom of this Detail page, it shows "TSS-LOANER-10" with its IP address, saying Status is "scheduled" and today's date, recent time.
If I then do a "Run Now", I don't notice anything obvious happening (other than the "Confirm - You have not limited update deployment to any update labels. Are you sure you want to deploy all updates?" message, and then a return to the Details page on "Yes").
I can then do a "Force Inventory" on the "tss-loaner-10" laptop. Once that inventory has completed, I can look in the Inventory/Devices/Device Detail for the laptop, in the "Dell Updates" section, and see that the "Test BIOS Install" is scheduled, and is the schedule for Dell Driver inventories and Dell Updates.
But I never see any activity toward installing the BIOS update. I've even tried restarting the laptop after all this; no change. The "Dell system Inventory Report" says Device Inventory Status "Completed Successfully", and still shows the BIOS as being at version A05. The "Dell Update Catalog Comparison Report" shows the A21 BIOS patch as "Urgent", with a yellow up-pointing arrow next to it that has a hover-over hint of "Upgrade not downloaded".
How do I get the system to download and install the BIOS patch?
Thanks!
/Kent
Now I want to upgrade the BIOS on the laptop from A05 to A21. I know I can do this manually, since it's a one-off, but I really want to know how to do these things more automagically, using the K1000 SMA.
My SMA is version 8.0.318; agent on the laptop is 8.0.152. I've created a Smart Label named "Latittude E6440 - tss-loaner" which is applied to all Latitude E6440s named "tss-loaner-10", which is the name of my laptop, and Force Inventory'd the machine so that it now has that label.
I look in Security/Dell Updates/Catalog and search for "E6440", and find five updates, one of which is the A21 BIOS update. That's the one I want to apply. It currently says "Not Downloaded", and has a "1" in the Upgradable column (which I suspect is there because I'm close to convincing the system to install it on the one laptop in my SmartLabel).
When I look at Security/Dell Updates/Schedules, I have a schedule named "Test BIOS Install", set to run every day at 0:40, doing a "Detect and Deploy", with "All Devices" set to "No". When I drill down into that schedule's Detail, in the "Configure" section it has "Detect and Deploy" as the Action, "All Devices" is not checked, "Device Labels" is set to "Latitude E6440 - tss-loaner-10", "Devices" is empty, "Operating Systems" is set to "Microsoft Windows (All)". In the "Deploy" section it has "All Updates" checked, applying "Upgrades Only", max deploy attempts = 3. The "Notify" section is left along, all grayed out (no "Options", 15 mins "Timeout", "Timeout Action"="Cancel","Snooze"=5). The "Reboot" section is "Prompt User", "Auto reboot if no one logged in", Timeout=5, Reboot now, 5 prompts. If I click the "Show All" link at the bottom of this Detail page, it shows "TSS-LOANER-10" with its IP address, saying Status is "scheduled" and today's date, recent time.
If I then do a "Run Now", I don't notice anything obvious happening (other than the "Confirm - You have not limited update deployment to any update labels. Are you sure you want to deploy all updates?" message, and then a return to the Details page on "Yes").
I can then do a "Force Inventory" on the "tss-loaner-10" laptop. Once that inventory has completed, I can look in the Inventory/Devices/Device Detail for the laptop, in the "Dell Updates" section, and see that the "Test BIOS Install" is scheduled, and is the schedule for Dell Driver inventories and Dell Updates.
But I never see any activity toward installing the BIOS update. I've even tried restarting the laptop after all this; no change. The "Dell system Inventory Report" says Device Inventory Status "Completed Successfully", and still shows the BIOS as being at version A05. The "Dell Update Catalog Comparison Report" shows the A21 BIOS patch as "Urgent", with a yellow up-pointing arrow next to it that has a hover-over hint of "Upgrade not downloaded".
How do I get the system to download and install the BIOS patch?
Thanks!
/Kent
7 Comments
[ + ] Show comments
Answers (1)
Answer Summary:
Please log in to answer
Posted by:
kentwest
6 years ago
Top Answer
As mentioned in my original post, in my "Dell Update Schedules", in my "Test BIOS Install" detect & deploy schedule, I was trying to deploy "All Updates" (and this, after detecting all updates in the same schedule).
Turns out that's a bad idea, because it takes so long to detect and deploy all the updates, that the detect and download part of the process never finished before the process times out.
The correct method is to go into the "Dell Update Catalog", and build a "Smart Label" that has only a subset of updates, say, anything that mentions "BIOS", or anything released in the past 2 years, etc. Then change the schedule so that instead of deploying all patches, deploy only to this patch Smart Label.
Also, separate the detect from the deploy, creating two schedules, perhaps detect on Monday, and deploy on Tuesday, or detect at 8am, and deploy at noon, etc.
Turns out that's a bad idea, because it takes so long to detect and deploy all the updates, that the detect and download part of the process never finished before the process times out.
The correct method is to go into the "Dell Update Catalog", and build a "Smart Label" that has only a subset of updates, say, anything that mentions "BIOS", or anything released in the past 2 years, etc. Then change the schedule so that instead of deploying all patches, deploy only to this patch Smart Label.
Also, separate the detect from the deploy, creating two schedules, perhaps detect on Monday, and deploy on Tuesday, or detect at 8am, and deploy at noon, etc.
Also there are times where a BIOS will have upgrade PATH, check in support.dell.com and see if that A21 BIOS version has any minimum version required - Channeler 6 years ago
I find no indication of a minimum BIOS version to install this upgrade.
Thanks for the suggestions, though! - kentwest 6 years ago
1 - Does BIOS need to be updated in stages. Not just jump to the latest version.
2 - Does the BIOS have a Admin password on it? KACE does not have the support in Dell Updates for configuring the BIOS Password.
If you do have a password or need to do stages, I would suggest writing scripts to do this. It would be easy to create Smart labels for model and current BIOS version to apply for the BIOS update.
Also, Like Channeler mentioned, if you do use Bitlocker, you will want to add a line in the script for pausing Bitlocker so it doesn't require the password upon booting after BIOS has updated. - DaveMT 6 years ago
As I've tinkered, I've also turned on Patching as well, and there's no hint that KACE is pushing out those patches.
If I go onto the laptop itself into the Windows "Check for Updates", there's a truckload of updates to install (all MS-related, no BIOS patch), and the screen has a "Install now" button and a paragraph containing the last line of "Select this button to get going".
So apparently Windows itself is checking for updates, and downloading them, but not installing them without the user's go-ahead. But I can find no clue that KACE is triggering any update activity. - kentwest 6 years ago
Concerning the BIOS update, I just found this thread, which seems to indicate this is not just a problem for me: http://www.itninja.com/question/kace-k1000-dell-update-not-doing-bios - kentwest 6 years ago
In Security > Dell Updates > Dell Update Subscription, do you have it set to download those updates? If not, KACE knows that the computer needs the BIOS, but has nothing to push to it.
Another option, one which I have used, is to install the BIOS with a script. Here's an example of my command for that:
Launch “C:\Windows\System32\cmd.exe” with params “/c $(KACE_DEPENDENCY_DIR)\Latitude_E5x70_Precision_3510_1.18.6.exe /s /f /r”. - ondrar 6 years ago
In the Security > Dell Updates > Update Subscription screen, I don't see any place to specify what updates get downloaded, other than "All files" or "Files detected as missing". Currently, "Files detected as missing" is what is selected. The last download attempt was 25 minutes after midnight this morning/last night (schedule is every night at that time), and the "Update files" field says "59". - kentwest 6 years ago
Now that I look again today, a day or two later (Inventory > Devices > Device Detail > Dell Update Catalog Comparison Report), I see that the "Catalog Version" column no longer says "Not Downloaded", but has a yellow up-pointing triangle with a Bang within it, that the hover-over hint says "Failed".
So, I'm beginning to think that the way this whole process works is to run a schedule against third-party Lumension and/or Dell to learn the catalog of available patches, then run a patch detect schedule against the particular device (my laptop) to see what patches are missing/needed, then run another schedule against Lumension/Dell to download the required patches, then run another schedule against the device to deploy the patch.
And that in my case, I was expecting things to happen more quickly than the schedules specify, and now that the download of the patch has failed. - kentwest 6 years ago
Take a look at your Dell Update Subscription schedule again. I have mine download every day at 7:00 AM, so if a new driver is detected during the day, I would have to wait until after 7:00 AM the next day to be able to use it. If you want to get that quicker, set the time to sometime in the near future, and KACE will begin that download.
As for why it failed to download, I'm not sure, because I haven't had that happen, but if you set the Dell Update Subscription schedule ahead, you can have KACE try again. - ondrar 6 years ago
I do notice in Inventory / Devices / Device Detail for the laptop, in /Security / Dell Update Catalog Comparison Report, the version of an Intel HD Graphics driver is listed in the "Device Version" column as the same version as what's in the "Catalog Version" column, and yet it has an orange/yellow flag instead of a green checkmark, and the "Criticality" column says "Recommended".
Another driver with a down-pointing arrow (not a green checkmark, and not an orange/yellow flag) has a "Device version" of .6098 as opposed to the "Catalog Version" of .6070.
Seems to me that in both of these cases, what is in the "Catalog Version" is older or the same as what's already on the laptop (if I'm understanding this screen correctly). So why are these two updates even listed as "Recommended"? Does KACE want to downgrade/keep-reinstalling these two drivers? - kentwest 6 years ago
The Comparison Report sees that A05 is on the machine, and A17 is Urgent, but it also has a yellow bang-triangle that hover-says "Failed". Failed what? Installation? Downloading? other?
When I look at the Dell Update Catalog package for the A17 upgrade, it says "Downloaded".
This machine has been sitting like this for _days_, and I see no indication whatsoever that a BIOS update ever tries to install. I've got my Detect & Deploy schedule running against this machine every hour (this is just a test schedule/PC, so I've set it very frequent to see if I can detect some movement on the process).
It's very frustrating that the K1 simply does not work for me as advertised. - kentwest 6 years ago