iDRAC6 Virtual Console (Connection Failed)

I have Java8 Update 181.  The workaround is to modify C:\Program Files (x86)\Java\jre1.8.0_181\lib\security\java.security file

Comment out

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \

replace with
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, \ 

reboot and it should work.

---

@Hoffman316 wrote:

I have Java8 Update 181.  The workaround is to modify C:\Program Files (x86)\Java\jre1.8.0_181\lib\security\java.security file

Comment out

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \

replace with
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, \ 

reboot and it should work.

---

This works for me also. Thank the heavens! Finally, something that works!!!!

Thank you Thank you Thank you!

Like many others in the thread, we encountered this issue with some older R710's using the latest iDRAC firmware available at the time, v 2.85 (looks like 2.91 has been released). Modifying the various Java settings didn't seem to work, and port 5900 was confirmed open to the iDRAC VLAN.

The only solution was to go back to 64 bit Java v7u79. Far from optimal from a security perspective, but it's sandboxed within a VM and only enabled when server access is required.

Very frustrating.

Gave it a try and just worked fine! - - -

To solve this problem just update your JAVA to the latest version and comment the line "jdk.tls.disabledAlgorithms=SSLv3" activating SSLv3.

Thx for help, guys!

James Harper, This worked perfect, it is the RC4 causing these issues! Thank You!

---

@James Harper wrote:

Hi,

I've found that RC4 is the issue here not SSLv3, commenting out the whole line enables all the algorithms, hence why it has worked for some.

I found simply removing RC4 from the list was adequate, this is on an R610 with iDRAC 2.91 and Java 8 Update 181.

James

---

That was so extremely helpful. In the end I can again get to my servers (in case I need to do so)

Seb

Eventually solution for Windows 7 64bit OS  is:

1. install firefox 32bit 52esr version (it can be done with any current firefox x64 version).

2. install java jre-7u79-windows-i586 (if you have younger it must be uninstalled first)

So iDRAC 6 virtual console just works.

I've check Firefox 60.8.0esr version (after update 52esr) and it also works

Hello!

We have more than a dozen R430 servers in a distributed Geo infrastructure, and we have the same problem with some of them.

We tried any version of JRE, browsers, OS, console type: Native, Java, HTML5; Video encryption disabled, Java security changes, cold restarting of servers, etc.
All ports were open on FW.
BIOS and firmware have the latest version, updates were installed directly from iDRAC: 2.9.1 and 2.63.60.61.

Does not work! This is some mystic

But today I took the following steps and voila! -)

1. Changed the port to 4900

2. Turned off the Virtaul Console

3. Enabled the virtual console

4. And got a connection from my admin statioin through 2 firewalls

Maybe this post will help someone.

Regards!

changing to port 4900 saved me.  without this post i would have never guessed.  I tried EVERYTHING!

Thank you OP!!

I'll just chime in on this thread with my 2c, since I have wasted a bunch of time on this recently.

I'm running Ubuntu 18.10, which includes "IcedTea" instead of Java. It's a good alternative, for the majority of things, but not old iDRACs/virtual consoles.

It gives the identical connection failed issue, which reviewing the console will show it's due to the jar file being treated as "SIGNED_NOT_OK", because the crypto methods have been blacklisted, and it requires modifying the security file, as identical for Java, as reported multiple times earlier in this thread, to re-enable SSLv3, MD5, RC4. There are 3 places in the security file this needs to be modified (possibly not all of them, or to re-enable all of those cryptos, but doing that works..).

Anyway, once you get this working, you will be able to connect, and everything, including virtual media, works, except the keyboard..

Maybe getting a connection where you don't need to be able to type will be sufficient for some people, as you can still use the keyboard macros (eg ctrl+alt+del) in case you just need to see the console, or be able to reboot a system, or perhaps you are using Windows and you can turn on the onscreen keyboard and click on the letters to type (I am not sure if mouse support works either though).

I tried multiple ways to fix this, so I could type, apparently it is to do with the way keyboards/scancodes are handled in linux now, and I found a "hack" which claims to fix this (though targeted at keys like arrows and SysRq), which didn't work.

In the end I had to use a "real" version of Java, vs IcedTea, and I found this bundled in a copy of the Arduino IDE I had downloaded, as they include it. I just specified the full path to the javaws binary. This is an easier way than trying to shoehorn an install of Java into a deb/pkg managed install, since Java is no longer in the package repositories.

Also, to save having to log in to the iDRAC, and download the .jnlp file and then manually launch it each time you want to connect, you can edit the .jnlp file and replace the numbers that are in the username and password values, with your proper iDRAC login credentials. That way you can just use javaws from your real Java directory to just launch this .jnlp file whenever you need to connect.

How can I obtain the license my server has Idrac Express.

Could you help and show the step to obtain the license?

Thanks in advance

You need to buy hardware for the unit to be Enterprise
See the comment:

https://gist.github.com/xbb/4fd651c2493ad9284dbcb827dc8886d6#gistcomment-2895517

Thank you for sharing this.