Yes GDC will not renew the certificate unless on the latest software. I still think it is wrong that one must effectively rent the certificate

Yeah, the need for perpetual support contracts has now been wrapped in neat constructions like "Software Support" packages...

Every upgrade comes with a risk of breaking something that has previously worked. If you don't feel sufficiently competent to do the upgrade yourself, maybe GDC can do it for you, remotely? While this will not be free, you can at least offset the risk of potentially breaking your machines to them rather than entirely on yourself.

These are the servers with the PCI card / HD-SDI media blocks in them?

In early 2020 I did five of them that were about a decade old, had been on a shelf for most of that time, and had certificates that were about to expire. My boss had an interested buyer if they could have the media block batteries replaced, all the software and firmware updated to the current versions, and the certificates renewed, successfully.

I did four of them successfully, but lost the fifth. The battery swapouts (using the temporary 2 x AAA battery holder) were successful in all of them. However, after doing the media block firmware update in one of them, I got "audio driver initialization error" (or words to that effect), and the thing was playing silent movies. GDC confirmed that the media block was pooped.

So if that experience is typical, you have an 80% chance that the update will be successful.

Incidentally, of the four good ones, the secure clocks had all drifted by between one and three hours - I had to set those servers up with a Teamviewer PC hooked to them, so that GDC could remote in and reset the clocks. They won't give you a patch and let you do it yourself, like Dolby and Barco will.

I agree with Gord on the certs. GDC also has the best support for Cinemas The 2001A is one one of the better servers out there, and highly reliable.

Of the various GDC updates I've done, I think two have bricked on the update...not necessarily for the certificate...100% of the certificate updates have been successful for me. As for the software, you don't have to be on the latest but you have to be on build 300, I believe for the certificate update to work. GDC also has special (lower) pricing for that software update when packaged with the certificate and it is reasonable, in my opinion.

Like Leo, all of my battery updates on the SX2001A have been successful but BOY do they need to put the temp battery pins so close to the battery hold such that they are touching and you can pop off the temp batteries while opening the cover to the normal ones? Sheesh! But still, all have been uneventful. I often will do the BIOS battery while I'm in there too. Only one mishap...battery flipped up and over and landed on the holder perfectly (now reverse polarity)...had to reset some BIOS parameters but that server runs fine to this day too.

The SX2001 has had a mixed reliability. I'd say it is less so than the DSS line (definitely less so for us). The Mediablock is its weak link. Make sure it gets plenty of air flow. Their original fans were just recirculating, the later ones have a plenum to get the heat out but it still draws air from within the chassis. Keep the foam filters as clean as possible and don't choke it.

That makes me feel a bit better about it. We've had the servers for about ten years (according to the owner) and they've been solid the whole time. We don't have any spares sitting around so if it does go tits up our installer is going to have to make an overnight drive, which nobody wants. Ours have drifted as well but the worst one is only off by 22 minutes so it's not horrible.

I'm guessing that the secure clocks in those media blocks are like the ones in Dolby cat745s: when running on external power, they don't drift very much; but when running on the battery (i.e. when the projector is powered down), they drift a lot. Those used servers that I refurbished had, I was told, been sitting unpowered on a shelf for around eight of the ten years since they were manufactured. One that has been in regular use for most of that time will have drifted a lot less.

If the machine is running, the secure clock can always be synced with the system clock with small adjustments. If the system clock is synced to NTP, then that clock is highly accurate. Once the machine is powered down, this sync will not be possible. In order to save power, those internal clocks will run on low frequency updates, if the quartz being used is off, the drift can be pretty considerable over longer times.

As for the secure clock, since they are on 7.8...that is the BIOS clock for the GDC, believe it or not. This is why, when doing the update to DCI compliant, one of the steps is to ensure that the time is as accurate as possible so that when the secure clock is transferred to the mediablock, that it is transferring the time as accurately as possible too. Then, the BIOS clock is just the show clock and it will be synced with the secure clock at each show start when it checks for licenses.

I'd say the worst part of this for you will be the transition to DCI compliance. There is an instruction sheet for it and you should familiarize yourself with it before proceeding. Also note, you'll need another Ethernet cable and port on your switch (and IP address in the same range as the "Management" port for the "Loop Back." GDC may also recommend stepping through various versions on your way to 8.01 build 300 (or build 304. I would ensure that you check with them on their recommend path. Heck they may say you can do it all in 1-step but being as far back as you are, they may want things stepped through. And absolutely ensure that the batteries for the mediablock get replaced (but you do need the special temporary battery/holder to do this.

The technical rep I talked to at GDC said it would be multiple updates, but they didn't mention anything about replacing the mediablock batteries. Is that temporary holder included with whatever 'update kit' they send? I'm trying to get all our ducks in a row as we only have 2.5 weeks to get this done. Also, I assume by 'media block' you're referring to the module in the projector itself?

Also our servers are not connected to the internet, so no remote updating.

The media block is a card inside the server that handles the decryption of encrypted DCPs, based on the decryption key in the KDM, and then re-encryption in order to send that image data to another secure card in the projector. It is so called because it blocks the media (i.e. the DCP) from being decrypted and played in ways that aren't authorized.

The media block also contains a "secure clock," the object of which is to ensure that you can't work around a KDM to play the DCP at times it doesn't allow, simply by changing the insecure BIOS clock in the computer (a means of knowing the time that all PCs and servers have built in, and which can be changed just like the clock on your wall). That clock can only be changed by six minutes in any one year, per DCI rules. This six-minute "budget" is to allow for clock drift. Ideally, this should be done automatically, by synchronizing the server to a NTP (network time protocol) server at regular intervals. The server will then adjust the media block's secure clock as needed to correct for drift, without you needing to worry about it.

If a DCP server is never set up to synchronize to an NTP server, the secure clock will drift "out of budget" over time, hence those servers I refurbished that had been sitting unpowered for eight years had media blocks with secure clocks that had drifted by hours. If that happens, some manufacturers will give you a special KDM that enables you to reset it (one time) to the correct time on the next NTP sync, even if that does require an out-of-budget adjustment. GDC, however, won't - they insist on accessing the affected server remotely, online, and making the adjustment manually themselves.

More info on secure clocks and NTP attached.

Jon, no, they don't include the temporary battery holder/batteries with the certificate upgrade. They are two completely different things. But, since you say your servers are so old, those batteries on your mediablock are going to be getting hold and low too. If they EVER drop too low, that server will effectively be dead. Hence, this is a good time to get those replaced, even if you have to pay someone to come out and do it (it will be FAR cheaper than buying new servers). I don't know if GDC has the temporary battery holder for sale anymore, either. I believe I heard a rumor that they would "loan" one. The batteries are special AAA LITHIUM (Energizer "Ultimate Lithium", they'll boast about 20-year shelf life too). I suspect that if you change them, that you'll never have to do it again as they do seem to make it 7-10 years in the server.

They still had the temporary battery holders for sale when I did those five servers last spring.

There is a risk involved in swapping out the batteries, which Jon should be aware of. It's a Catch-22: if those batteries die, the media block, and hence the whole server, is dead. The battery maintains a secure encryption certificate, which has to be stored in volatile memory (i.e. data will disappear if it loses power), again, per DCI rules. There is a procedure for replacing the battery: it varies between manufacturers. In the media blocks we're writing about, this is to connect a temporary battery pack to the media block, which maintains that memory while the permanent ones are swapped out.

However, sometimes this procedure fails and the certificate is lost, no matter how carefully you do it. If that happens, the media block has to be returned to the manufacturer to have a new certificate uploaded into it. Again, per DCI rules, this cannot be done in the field. Last spring, GDC did still offer a recertification service for these media blocks (I checked), but even if they still do now, the cost will be significant (though again, nowhere near that of another server). Any tech Jon hires to replace those batteries will likely stipulate that the attempt takes place at the customer's risk.

The bottom line is that if you don't replace the batteries, then sooner or later they will die, and so will your server/media block. But if you try, the risk exists of bricking it in the process. There is no easy answer. The good news is that the risk with that particular media block is lower than with some others (the Dolby cat745 being the notoriously risky one, and the subject of another live thread right now).

Thanks for the advice everyone.

After strategerizing^tm with the owner, we've decided that it makes more sense for us to invest in more modern servers (likely Dolby IMS3000s) rather than dink around with ten year old used ones and risk going offline for two weeks if they fail. We're expanding by two screens in the next few years anyway.