Dell PowerEdge 13th Gen Fan Noise

I recently came across the opportunity to assist a client with installing their new Dell PowerEdge R730XD. Quite the beefy server config, 2x10core CPUs, 128GB of RAM, 12x4TB NL-SAS, you know, all the goodies. This machine is slated to replace an aging T610 that has seen better days performance-wise.

I went ahead and put an Intel 10GbE card in the server since all other hosts in the server room including both backup boxes are 10GbE enabled and are connected to our new Netgear 10GbE switch. Keep in mind this was an industry standard PCIe 10GbE card, a particularly good one, the Intel TX540-2. After installing VMware ESXi, and later, Windows Server 2012 R2, users were complaining about the loud “jet sounding” noise coming from the server room. After logging into the Dell iDRAC Enterprise card I immediately noticed that the fans were running around 92% which was roughly 15K RPM or thereabouts. This was regardless of operating system mind you, so I couldn’t even blame Windows OR VMware this time.

After looking around online at various forums I realized that the system was running the fans near max speed/volume due to the presence of a non-certified PCIe card installed into the system. For all intents and purposes, non-certified means you didn’t pay through the nose to acquire the identical hardware from Dell. Essentially, since the Intel card doesn’t carry the Dell specific code/firmware to report back that “all is well over here in PCIe/temperature land”, the system defaults to running the fans in jet engine mode. For posterity’s sake and to clarify, this will happen on pretty much any non-Dell card that is inserted. In researching the issue I found numerous folks that put actively cooled GPUs, old school 4x1Gbps network cards, you name it, high speed fan noise.

Well no big deal, all you have to do is go into the Dell BIOS and modify a setting or two so that the system doesn’t run the fans at full steam when a card inserted right? Wrong! That would be the logical assumption and design choice to make so you know they didn’t make it that easy. Read on below to understand how I finally got this system to quiet down. The info below is compiled from many sources and some of my own figuring out, just though it would be helpful to have it all in one place.

Step 1: Enable IPMI
For this step enter your Dell servers setup/config screen and get to the remote access configuration/iDRAC setup. In the iDRAC setup you need to do all of the standard stuff like assigning an IP and setting user credentials etc, but you MUST also turn set “Enable IPMI over LAN” to yes. This setting is crucial to completing the steps below successfully.

Step 2: Get IPMI tools
Linux users can use their preferred package/distribution method to obtain ipmitool while Windows users will need to grab the Dell OpenManage BMC Utility and get it installed.

Next, open up and command prompt and navigate to the directory the BMC utility installed to, on my system this was: C:\Program Files (x86)\Dell\SysMgt\bmc\

From there go you will see several files, the program that we are using here is ipmitool.exe. Go ahead and run ipmitools.exe without any switches/arguments just to make sure its installed and working.

Step 3:
The third and final step is essentially ‘the fix’. This is where you can check the status, and then disable or enable the systems cooling response to third party cards that are installed on the PCIe bus. This part was a little frustrating at first because I was working in the right direction and was just about there but the commands weren’t being sent or interpreted the way the should have been.

You must use the lanplus option instead of lan but it is important to note that lanplus does NOT work unless you’ve enabled the “Enable IPMI over LAN” setting that I mentioned back in step 1. The non-intuitive part about that was that although I was running the right command aside from lan vs lanplus, I really didn’t get any clear feedback as to why the command wouldn’t “take”.

Anyhow, here is the base command which you need to acquaint yourself with:

ipmitool -I lanplus -H ipaddress -U root -P password raw

Obviously you will need to substitute your own iDRAC ip, user, and password. After that, just tack on one of the three commands below.

Disable Third-Party PCIe Card Default Cooling Response:
ipmitool -I lanplus -H ipaddress -U root -P password raw 0x30 0xce 0x00 0x16 0x05 0x00 0x00 0x00 0x05 0x00 0x01 0x00 0x00

Enable Third-Party PCIe Card Default Cooling Response:
ipmitool -I lanplus -H ipaddress -U root -P password raw 0x30 0xce 0x00 0x16 0x05 0x00 0x00 0x00 0x05 0x00 0x00 0x00 0x00

To check the current third party PCIe card default cooling setting:
ipmitool -I lanplus -H ipaddress -U root -P password raw 0x30 0xce 0x01 0x16 0x05 0x00 0x00 0x00

This response means disabed:
16 05 00 00 00 05 00 01 00 00

This response means enabled:
16 05 00 00 00 05 00 00 00 00

After disabling the third party cooling response my system went from the previously mentioned 15K RPM mark down to a user verified sane noise level/speed of around 6K RPM.

A key takeaway and disappointment for me is that in this day and age of widespread standards and simplicity, things are becoming increasingly proprietary and complex.


Sonicwall GVPN w/ Simple Client Provisioning

In this post I am going to cover one of the ways that you can configure your Sonicwall device so that it provides secure client access to your internal network using the Sonicwall Global VPN client. There are several different ways that you can connect clients using the Global VPN client, but in this example I will cover one of the easiest and fastest ways to get the job done. For this example I will be using a Sonicwall TZ170 running standard OS. The steps will be nearly identical on other Sonicwalls running the standard OS. This configuration should also work just fine on devices running the enhanced OS provided that you aren’t running some off-the-wall configuration.

Step 1: Firewall configuration

Using your favorite browser login to your Sonicwall by going to https://x.x.x.x (<- Your IP here.) Go to the Users menu item and choose Local Users. Click on add and enter in the desired username and password for this user. Put a check mark in the “Access from VPN client with XAUTH” box and click OK.

Next we need to open the VPN menu item. By default there will be a VPN policy named GroupVPN. Make sure that this policy has the Enable box checked and then click on the edit button under Configure. The first two tabs require zero configuration for this how-to. Select the third tab which is named Advanced and make sure that “Require Authentication of VPN Clients via XAUTH” under Client Authentication is selected. On the client tab look for the setting “Cache XAUTH User Name and Password on Client” and change it to Always. Under Client Initial Provisioning make sure to place a checkmark next to “Use Default Key for Simple Client Provisioning” and click OK.

The final item to complete in this step is to send the GVPN policy to the client. Back on the main VPN page under Configure, click on the Export/Save button (Floppy disk icon). Accept all defaults on the pop-up window and click Yes. Once again, accept any defaults presented and enter a password so that the exported VPN policy is encrypted, this is important for several obvious reasons. Click on Submit and save the file. Now you can send the exported VPN policy to any user that needs it.

Step 2: Client Configuration

Using your MySonicwall account or original Sonicwall media install the Global VPN client on the desired PC and accept all defaults. Open the Global VPN client and press cancel when presented with the connection wizard. Go to the File menu and choose Import Connection. Click on the …Browse box and navigate to the exported GVPN policy. Now enter in that password that we used to encrypt the file earlier and click OK. You should now see the imported policy in the list of connections. Right click on the connection select Enable. Enter in the username and password that we created in step1 under Local Users. Put a checkmark in the “Remember my username and password” box and click OK. After a few moments of provisioning and passing encryption information, you should see the status as connected. Your client is now connected to your internal LAN securely via VPN.

Now you can create additional users as needed and send them the exported GVPN policy.

NOTE: I highly recommend sending the exported GVPN policy and encryption password separately. I generally accomplish this by emailing the policy and then sending a text message of the encryption password to the intended user and/or give it to the user verbally.