QRadar: Services do not start after a Dell firmware update

Troubleshooting

Problem

The administrator received firmware update from Dell and after updating firmware QRadar would no longer start as expected.

Symptom

When this error occurs, the logs in /var/log/qradar.error display the following error:

Oct 23 11:00:09 QRADAR4 hostcontext[19681]: Caused by: org.xml.sax. SAXParseException: The value of attribute "hardwareSerial" associated with an element type "HostCapabilities" must not contain the '<' character.

When this issue occurs, the /opt/qradar/conf/capabilities/hostcapabilities.xml file displays: hardwareSerial="<BAD INDEX>"

Cause

This issue is caused by installing the wrong BIOS firmware. As an appliance QRadar must use the OEM Bios firmware and not "regular" Dell Bios firmware updates. If a regular Dell Bios was installed, the installation of the correct OEM Bios can resolve the issue.

Environment

QRadar 7.x

Diagnosing The Problem

Diagnosis

To diagnose this issue, the administrator can type the following command: cat /opt/qradar/conf/capabilities/hostcapabilities.xml
If the file lists the following parameter, then the BIOS must be repaired:hardwareSerial="<BAD INDEX>"

Resolving The Problem

To repair the Dell BIOS use the following steps:

Download the correct Dell OEM BIOS package, and create bootable BIOS update media by running the .exe file from the Dell OEM BIOS package.

OEM R710 BIOS 6.3.0: http://ftp.dell.com/FOLDER00798012M/1/8104-060300-BDP.exe
OEM R610 BIOS 6.3.0: http://ftp.dell.com/FOLDER00798148M/1/8105-060300-BDP.exe
OEM R510 BIOS 1.11.0: http://ftp.dell.com/FOLDER00798105M/1/8113-011100-BDP.exe

Boot the appliance from the BIOS update media.
The BIOS update package will try, but will fail to install due the current BIOS version installed.
Press any key to exit to the DOS prompt
Use the DIR command to locate the appropriate BIOS update executable. For example: C011100.EXE
Run the update command with the /forcetype /forceit switches. For example: C:\> c011100.exe /forcetype /forceit

The BIOS update should now proceed and update the BIOS. Follow the instructions, and when complete, reboot, and remove the media.

------

Where do I find more information?
If you have additional questions or some of this content is not clear, you can see the QRadar forum or contact customer support for assistance:

Online QRadar Customer Forums
Submit and manage your support tickets online 24x7 using IBM Service Request
QRadar Downloads - IBM Fix Central

Related Information

Dell OEM R710 BIOS 6.3.0

Dell OEM R610 BIOS 6.3.0

OEM R510 BIOS 1.11.0

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Hardware","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: Services do not start after a Dell firmware update

Troubleshooting

Problem

Symptom

Cause

Environment

Diagnosing The Problem

Resolving The Problem

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?