This post was written by Murali Somarouthu of the Enterprise Remote Management Firmware team
In response to customer feedback, Dell has provided an extra level of certificate security checking in the iDRAC7 when using virtual console . This feature is new in iDRAC7 firmware and some customers might encounter an error when trying to launch the iDRAC7 (firmware versions v1.06.06 and below) virtual console through the Java plug in. This blog addresses issues around virtual console launch failures and possible solutions for the new security feature as well as configuration setup issues.
This blog contains two sections, one for security related launch issues and another for general issues.
Section 1: Certificate related issues
The information below provides the steps necessary to check and correct the certificate location that will allow customers to take full advantage of the added security check Dell has in place.To launch Virtual Console successfully (though Java plug in) it is necessary to have a user home directory configured properly on both windows or Linux management clients.
If you are not able to launch virtual console because of a non-default user home, please use the following instructions:
On Windows Client
Check if the user home is non-default (default is c:\Users\<NAME> on Windows).
Run the following commands
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v "Desktop"
You should see output like:
Desktop REG_SZ C:\temp\MyHome\Desktop
If the outputs are not the same, then your user home is non-default. In that case, run the following command to copy certificates to non-default home certificate store.
copy %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\Security\trusted.* <NON_DEFAULT_HOME>\ AppData\LocalLow\Sun\Java\Deployment\Security\*
Now you should be able to launch virtual console.
On Linux Client
On some linux installations due to Java OpenSDK (based on IcedTea), the certificate store will be different. If there is no trusted.certs file under ~/.java/deployment/security and if there are ~/.icedtea/security/trusted.* files, then run the following commands.
Also, the default home directory on Linux is /home/<user_name>. Sometimes this would be an NFS mount or remote file system and user home doesn’t have the permission to create ~/.java/deployment/security. Change/obtain permissions to the folder and create it using the command ‘mkdir –p ~/.java/deployment/security’.
Section 2: Other possible problems
Possible problem 1: Proxy setup in Browser will not allow virtual console connection
Launch Java Network panel, by selecting Start -> Control Panel -> Java (On Windows) or run “javaws –viewer” from command line (On Linux), this will launch control panel.
In the ‘General’ tab select Network Settings, (see screen shot below) , check to see if “Direct Connection” has been checked. If not, set it to ‘Direct Connection’ and re-launch the console.
Possible problem 2: Zombie virtual console process issue
First check if there is a zombie virtual console ‘java’ process running, if it is, then that needs to be terminated.
Run the following commands to view virtual console processes and terminate it, then and you should be able to launch virtual console successfully.
On Windows Client:
wmic process get Caption,Commandline,Processid | find “viewer.jnlp” and this would give the processID as the last column and they can use
taskkill /PID <PID>
In the following screen shot (9380 is the PID)
On Linux Client:
ps | grep viewer.jnlp
Use kill -9 <PID> to kill the process.
Possible Problem 3: Old archived libraries present in the cache
Clear java cache by selecting ‘View’ under Temporary internet files section under ‘General’ tab in Java Control Panel
Select to remove the following
Thanks for reading this blog and we hope these solutions help you use the iDRAC7 on your Dell PowerEdge servers more effectively.
My user home is at default (ie c:\Users\myusername), but my desktop is moved to D: at
Am I in the first case which is certificate related issue?
It turned out that I'm concerned by the section 1 even though my "user home" folder is at default location whereas "desktop" is not. (Note: there seems to be a confusion between "user home" and "desktop" which are two different things)
The workaround (copying trusted certificates) did work for me, but I have to say that this part is badly programmed.
1. The Java program should not interfere in the certificate management which is supposed to be done by JRE layer. When I'm looking in the Java console (inside Control Panel), it shows the certificates without this tweak. This shows that JRE runtime is able to manage correctly the certificates.
2. The programmers should not use "desktop" as the reference point to determine if "user home" is non-default or not and to determine where the certs are. There are at least two better candidates in Win7: