This post was written by Murali Somarouthu of the Enterprise Remote Management Firmware team
In response to customer feedback, Dell has provided an extra level of certificate security checking in the iDRAC7 when using virtual console . This feature is new in iDRAC7 firmware and some customers might encounter an error when trying to launch the iDRAC7 (firmware versions v1.06.06 and below) virtual console through the Java plug in. This blog addresses issues around virtual console launch failures and possible solutions for the new security feature as well as configuration setup issues.
This blog contains two sections, one for security related launch issues and another for general issues.
Section 1: Certificate related issues
The information below provides the steps necessary to check and correct the certificate location that will allow customers to take full advantage of the added security check Dell has in place.To launch Virtual Console successfully (though Java plug in) it is necessary to have a user home directory configured properly on both windows or Linux management clients.
If you are not able to launch virtual console because of a non-default user home, please use the following instructions:
On Windows Client
Check if the user home is non-default (default is c:\Users\<NAME> on Windows).
Run the following commands
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v "Desktop"
You should see output like:
Desktop REG_SZ C:\temp\MyHome\Desktop
Now run
echo %USERPROFILE%\Desktop
If the outputs are not the same, then your user home is non-default. In that case, run the following command to copy certificates to non-default home certificate store.
copy %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\Security\trusted.* <NON_DEFAULT_HOME>\ AppData\LocalLow\Sun\Java\Deployment\Security\*
Now you should be able to launch virtual console.
On Linux Client
On some linux installations due to Java OpenSDK (based on IcedTea), the certificate store will be different. If there is no trusted.certs file under ~/.java/deployment/security and if there are ~/.icedtea/security/trusted.* files, then run the following commands.
Also, the default home directory on Linux is /home/<user_name>. Sometimes this would be an NFS mount or remote file system and user home doesn’t have the permission to create ~/.java/deployment/security. Change/obtain permissions to the folder and create it using the command ‘mkdir –p ~/.java/deployment/security’.
Section 2: Other possible problems
Possible problem 1: Proxy setup in Browser will not allow virtual console connection
Solution:
Launch Java Network panel, by selecting Start -> Control Panel -> Java (On Windows) or run “javaws –viewer” from command line (On Linux), this will launch control panel.
In the ‘General’ tab select Network Settings, (see screen shot below) , check to see if “Direct Connection” has been checked. If not, set it to ‘Direct Connection’ and re-launch the console.
Possible problem 2: Zombie virtual console process issue
First check if there is a zombie virtual console ‘java’ process running, if it is, then that needs to be terminated.
Run the following commands to view virtual console processes and terminate it, then and you should be able to launch virtual console successfully.
On Windows Client:
wmic process get Caption,Commandline,Processid | find “viewer.jnlp” and this would give the processID as the last column and they can use
taskkill /PID <PID>
In the following screen shot (9380 is the PID)
On Linux Client:
ps | grep viewer.jnlp
Use kill -9 <PID> to kill the process.
Possible Problem 3: Old archived libraries present in the cache
Clear java cache by selecting ‘View’ under Temporary internet files section under ‘General’ tab in Java Control Panel
Select to remove the following
Thanks for reading this blog and we hope these solutions help you use the iDRAC7 on your Dell PowerEdge servers more effectively.
To post a comment login or create an account