UPDATED: Removing Dell Data Protection | Access but "your USH firmware is out of date"

-
UPDATE: I was recently unable to get past this screen with 23.7.303.0 firmware and A29 driver, but was able to with DDPA 2.3.3, the 23.7.405.0 firmware (installed before the updated driver) and 2.3.415.120 driver (even though the driver popped an "upgrade firmware" notice on completion)

We use OPAL self encrypting drives on our laptops which used to be managed by DDPA, a Wave product that Dell rebadged. There is a security vulnerability in DDPA which Dell and Wave have decided they won't fix, since the current product is Dell Data Protection | Security Tools (DDPST). Unfortunately, there is no direct upgrade path, so it's necessary to run a reset within DDPA, uninstall, install DDPST and re-encrypt.

I've come across a couple of instances where opening DDPA to run a reset results in a message indicating that the USH firmware is out of date, and the user should go to dell.com to get a newer version. As best I can tell, this is because of poor version detection within DDPA - the firmware is up to date as is the ControlVault driver, it's just that DDPA can't contemplate versions with those revisions. I haven't been able to find a Dell or Wave article on point.

Here's the routine which has gotten me out of this and into DDPST. There are quite a few restarts involved.
  1. Uninstall any separate instance of ControlVault Host Components in Programs and Features screen (restart)
  2. Downgrade the ControlVault firmware to 23.7.303.0 (restart)
  3. Log in as the DDPA admin Windows user (fortunately no longer a thing in DDPST). 
  4. Run DDPA - should let you in now. Run a Reset - will require Windows account password, DDPA password and, if set, BIOS password (restart)
  5. Uninstall DDPA - mandatory before installing DDPST. This may error out at the ControlVault driver uninstall. (Restart)
  6. Install ControlVault Host Components, then uninstall DDPA again. It should go cleanly this time. (Restart)
  7. Install DDPST, then the latest ControlVault Host Components, then the latest USH firmware.

Comments

Post a Comment

Popular posts from this blog

What is the virtue of a proportional response?

-
A question posed by Martin Sheen in his TV role as the President of the United States . Israel answered that question, correctly long ago - there is no virtue in meeting an attack on your territory with anything other than overwhelming, punitive force sufficent to dissuade future attacks. While I would oppose many Israeli security policies, in which Islamic state would you have seen the courts override the executive on humanitarian grounds, such as with their decision on the Concrete Curtain? The pullout from Gaza was widely predicted never to happen because Israel wouldn't stand up to its extremists - yet the landgrab settlements there have been removed. The proportional response from Hamas was to kidnap soldiers from the Israeli side of the fence. The proportional response from Hezbollah was to continue firing missiles into northern Israel - the fact that their missiles can reach Israeli soil at all being because (a) Israel complied with the negotiated settlement and pulled o
Read more

"Your request could not be completed. Please try again in a few minutes."

-
When setting automatic replies (Out of Office) via Exchange 2013 OWA on behalf of another user, the message in the title can be displayed when saving the text. If you look at the System Event Log on the Exchange Server, you may see the following event ID 4: Current user: '" (domain)/(OU)/(OU)/(administrator) " on behalf of " (domain)/(OU)/(OU)/(User) "' Request for URL ( long URL follows ) failed with the following error: Microsoft.Exchange.Management.ControlPanel.RegionalSettingsNotConfiguredException: We couldn't process the request because the user ' (domain)/(OU)/(OU)/(User) ' hasn't signed in to Outlook Web App and selected a language and a time zone. Ask the user to do this, or, if you are a member of the built-in Organization Management or Help Desk role group, you can use Window PowerShell to select a language and time zone for them. Cancel the Automatic Replies dialog and switch to Settings, which will display a Time Zone selecti
Read more

Remote Desktop Connection Manager - a boon for admins

-
I subscribe to a bunch of Microsoft blogs and one of them revealed a gem in the past month.  RDCMan, a tool which allows an admin to group together remote desktops, preset their username/password combos and connect to those groups with a right-click option, has been invaluable in my work lately which involves quickly jumping from server to server or from servers to a group of workstations.  The gorgeous thing about it is not merely a gallery of thumbnails of the connected sessions, but the ability to interact with the thumbnails with sufficiently accurate mouse clicks.  Heartily recommended. Here's the original post: Introducing Remote Desktop Connection Manager 2.2 (You had me at EHLO - the Microsoft Exchange Team blog)
Read more