Install TPM Module after RMA of SNS3700 Chassis

Available Languages

Download Options

  • PDF     (411.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (465.0 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (421.9 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:December 2, 2025
Document ID:225194

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the process to install the TPM module on SNS3700 servers that got a replacement of the chassis. 

    Considerations

    The Trusted Platform Module (TPM) is a hardware component that improves the security of the server by storing encryption keys. 

    Nevertheless, the server can run the Identity Services Engine (ISE) without its presence. 

    caution-icon

    Caution: If you have ISE application installed and runs on a server without a TPM, you need to execute the process documented here to install the module and make it usable by the system.

    • This server supports TPMversion 2.0 (UCSX-TPM-002C) as defined by the Trusted Computing Group (TCG). TheTPMis also SPI-based.

    • TPM cannot be replaced. Meaning, if the module is already installed, it cannot be removed and replaced since it is installed with a tamper proof screw. 
    • If the TPM is missing in the motherboad, then a module can be installed. 

    • If a server with aTPMis returned, the replacement server must be ordered with a newTPM.

    • If TPM2.0 becomes unresponsive, reboot the server.

    Problem

    SNS 3700 series or higher, shipped from Cisco Manufacturing, have a TPM included. 

    However, SNS 3700 series chassis replacements, shipped from Cisco Service Depots, do not have such device included. 

    The next process must be executed to install the TPM and enable both hardware and software to leverage the benefits of the module. 

    Image 1. Location of the TPM Module in the SNS 3700 Series ApplianceImage 1. Location of the TPM Module in the SNS 3700 Series Appliance

    Solution

    Execute the next steps in the given order to install the module, initialize it, and leverage the security features provided by it. 

    Install the TPM Hardware and enable it in the BIOS

    Use this article to complete Steps 1: Cisco UCS C220 M6 Server Installation and Service Guide - Maintaining the Server

    The process is finished once you have completed the steps in the Enabling the TPM in the BIOS chapter.

    Enable the module in CIMC

    Log in to CIMC

    Click on the menu icon > Compute > Configure BIOS > Security > Change the "Trusted Platform Module State" to Enabled

    Click on "Save"

    BIOS

    Image 2. Enabling TPM in CIMC

    Power Cycle the server and Reset CIMC

    At the top of CIMC interface click on "Host Power"

    Select "Power Cycle" 

    Wait 5 minutes

    At the top of the CIMC interface click on "CIMC Reboot"

    Wait for the CIMC to come back

    Validate that CIMC detect the module as equipped and activated

    Once the CIMC is back click on the menu icon and go to: Chassis > Inventory > TPM

    The TPM must be detected and the next information must be displayed

    Presence: Equipped

    Enabled Status: Enabled

    Active Status: Activated

    TPM

    Image 3. TPM dectected, enabled and activated from CIMC perspective

    Re-install ISE application

    To complete Step 5, navigate to the next link and access the installation guide for the ISE version you need to install on the server:

    Install and Upgrade Guides - Install Cisco ISE

    Once in the installation guide, navigate to the Install Cisco ISE section. 

    Verification

    Once this step is completed, you must have ISE installed and running. 

    Get into the CLI of the node and use the next command to generate a show tech file

    ISE/user#show tech-support file <filename> 

    You can then copy the file to a repo using the "copy" command or you can download the file by accesing the GUI and going to: 

    Administration > System > Maintenance > Local Disk Management 

    Once you have the file, open it with a text editor and validate that the next output shows the TPM as present.

    *****************************************
    Displaying ISE Profile ...
    *****************************************
    Profile : sns3755
    TPM: Module Present

    Revision History

    Revision Publish Date Comments
    2.0
    02-Dec-2025
    Recertification
    1.0
    09-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Glen Juarez Olguin
      Customer Delivery Engineering Technical Leader

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products