iDRAC 6 virtual console does not work with Java 8

Hi,

Could you check in virtual console, if you are able to switch the plug in type to native or HTML5? 

Alternative, have you tried these steps on a previous post: https://dell.to/2ALrh5q

Sorry about the late reply.

No, the virtual console has only 'Native' or 'Java', not HMTL5, and both do the same.

I looked that link, but it was a file association problem with that one, but in my case, Java 8 blocks the certificate, and when it says 'connecting to virtual console' it's then that Java shows something like "due to your security setting, the certificate has been blocked, because it is not from a trusted authority", and the security setting is related to the Java security settings, which in Java 8, they have removed the 'Medium' security setting, and now only have High and Very High.  In Java 7, it was the 'Medium' settings that allowed the certificate, so now, until it's fixed, I had to revert back to Java 7.

One minor suggestion:

"The problem is that Oracle in their (unknown wisdom) decided that self signed certificates are taboo, and must NEVER be used, thus basically forcing people to go out and buy a signed certificate from an accredited authority"

From a security point of view, self-signed certificates really do pose a threat. In a corporate setting, however small, it could pay off to put a little time into building your own CA. That way, you can give out trusted certificates to all your systems "for free". Of course, there's no such thing as free And learning to build a PKI is a whole different kettle of fish!

EDIT: Could have been expired java file download and after changing in console settings from native to java and redownloading jave file it's now working.

It solve my problem partially on R710 2.92 iDRAC firmware. I got the Failed to connect error, removed RC4 from java.security but now am getting "Login failed, possibly due to slow network connection. Please try again later". I'm on a 1GB LAN so a slow connection is not the case. Thanks for the solution anyway. Am looking further to solve the new problem.

Newer versions of Java 8 appear to ignore those security patches.

I am trying to find a version of Java 6 or Java 7 to install on my PC so I can access the Virtual Console on my R610s and R620s

In agreement with RobR, the usalabs solution here is no longer working with Java 8 patch level 321.

I have an iDRAC7 on a Dell PowerEdge T320. Such misery Java is. May it RIP (all versions). 

Old versions of Java available at https://www.oracle.com/java/technologies/javase/javase7-archive-downloads.html You must create an account to download.

I am trying Java 7 patch 80.

Using Control Panel Java applet, modified all settings to the least restrictive possible. Logged off and closed browser window to iDRAC. Downloaded a new viewer.jnlp file. In Windows File Exporer > Properties > Unblock. The C:\Program Files\Java\jre7\lib\security>notepad java.security contents is "#jdk.tls.disabledAlgorithms=SSLv3" (commented out ALL disablement). 

Java prompts to trust the certificate from the iDRAC. I view it, see that it is SHA1withRSA, self-signed.

Error message is "The viewer has terminated. Reason: The network connection has been dropped."

In the Java Console:

Supported protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]

Enabled protocols: [SSLv3, TLSv1]

Still no luck. I'm posting this here now, will continue  to Google for a solution. But I'm stimied. Going to have to get out physical keyboard, mouse, and video display I guess. Cripes, what a nightmare.

I have the most recent version of Java in March, 2022 and the above does almost work.

This works:

Only works in Firefox browser - I gave up on the others but it might still be possible.

Remove TLS1 from the mentioned line - I removed RC4 also, just to be sure. 
Set browser to accept TLS1

Add your idrac domain name INCLUDING HTTPS:// to the java server allowed list
Configured .jnlp to automatically open with Java web launcher (otherwise you get a connection timeout).

I'm now administering my old dell r610

Another option that works on Edge

Install the JNLP fixer from the Chrome webstore

using chcolately, install an old and insecure version of java with command

choco install jre6

Run edge as administrator and download the jnlp file, select KEEP and open it with C:\Program Files (x86)\Java\jre6\bin\javaws.exe

Tested with Edge 107.0.1418.42 64bit on Windows 21H2 64bit and a DELL R510 with iDRAC 6 2.91 (Build 02)

I know it's been a while since I last posted in this section, but recently I had to reformat and re-install windows 11 with java 1.8.0._351 and even if I removed the RC4 protocol setting from the java.security file, java revision 351 still blocks the certificate from iDRAC6, so, I did the unforgivable (DO NOT DO THIS IF IN A CORPORATE ENVIRONMENT!!!!), I renamed the java.security file to just java.sec and then using the current Edge browser, I opened up my server's remote interface and it worked flawlessly, it seems without the java.security file, java does not revert to default settings, but instead just ignores everything.

Being that I only run a small business with 15 computers, I built a machine just for server access, the iDRAC dedicated port only goes to this single machine that I configured purely, for remote access and doesn't have internet at all, and the other 15 computers can't gain access to iDRAC, so by renaming java.security on this one machine, I can successfully access my T710 if I need to do any maintenance or updates.

Oh, and while on the subject of iDRAC, how can the firmware that is iDRAC be edited to include the new java protocols?  Being that Dell is no longer supporting the T710.

@dfsrgtergegrewrg​  thank you sir. i'm working on this for my home lab, and i don't even use java 8 anymore... disabling the whole stupid security file worked. again THANKS!

EDIT: i actually made an account SOLELY to thank you.

For what it's worth, I'm tinkering with an old R710. It had a very outdated idrac firmware on it to start, 1.something. I had to use PaleMoon browser just to connect to it (bypassing the issues with lack of TLS 1.2, etc) so I could update it to the latest firmware.

I encountered the same issue with the remote console and ended up installing Java 7 alongside my Java 8. Unfortunately even when I specifically launch the JNLP with the version 7 "javaws.exe", at some point Java 8 would "take over" and still give me a connection issue. I had to disable Java 8 (in the java control panel applet) to get it to behave.

Just like the above post, I'll only do this on one specific machine (it's a home lab anyway) so I'm fine with the lousy security around all of this, and it's just for tinkering anyway. I'll probably shelve the server at some point when I'm done messing around with it, but for anyone else actually using one of these old things, that's my workaround.

I have some old HP Proliant servers in the same situation (G6 and G7, with ilo2 or ilo3) so this ain't my first rodeo with these ancient BMC workarounds. I just got done with something similar on some old Megarac BMCs as well, and some old SuperMicro IPMI. Lots of old (but still fun) servers that just don't play nice with modern browsers and Java.