iLO Java Remote Console: Upcoming JRE 1.7u51 (18459 Views)
Reply
Occasional Visitor
Liam_Gretton
Posts: 1
Registered: ‎10-28-2013
Message 1 of 20 (18,459 Views)

iLO Java Remote Console: Upcoming JRE 1.7u51

There's a forthcoming JRE release 1.7u51 in Jan 2014 which will prevent the Java Remote Console from working.

 

Currently 1.7u45 reports the following but allows the application to work:

 

This application will be blocked in a future Java security update because the JAR file manifest does not contain the Permissions attribute.

 

Oracle has posted more information about this on their blog.

 

We're running a mixture of iLO versions, the most recent being iLO 4 1.22.

 

I've tried and failed to navigate HP's dreadful site to see if there's a newer version. Is anyone aware of a more recent version of iLO that will address this problem?

Honored Contributor
Oscar A. Perez
Posts: 644
Registered: ‎11-01-2005
Message 2 of 20 (18,383 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

[ Edited ]

We're aware of the problem and we will be adding the "Permissions" and "Codebase" attributes to the JAR file manifest for iLO2, iLO3 and iLO4 Java Remote Console Apps.

 

However, after adding the required attributes, we are still seeing these same warnings. Clicking on the details, we see that Java now complains about iLO not being a trusted website.  To solve this issue, users will have to import into each iLO a trusted SSL certificate signed by their own Certification Authority and then begin logging into iLO using only iLO DNS name instead of the iLO IP address.

 

In addition, users might need to import into the Java Keystore on each client the certificate of the Certification Authority that issued those iLO SSL certiticates or Java will not trust the iLO's new imported certificates.

 

Occasional Contributor
GrantStreet
Posts: 4
Registered: ‎12-09-2013
Message 3 of 20 (17,633 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

So How do we do this at scale? we have over 1200 blades across 41 chassis's.

We have our own CA and it's root cert is in all our browsers, java etc.

Occasional Advisor
iLOdude
Posts: 5
Registered: ‎01-23-2013
Message 4 of 20 (17,568 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

Based on the testing I've done with Java 7u60 beta, the remote console will work if your iLOs don't have a signed SSL cert. Also, Java update 51 will provide an exception site list. See below

https://blogs.oracle.com/java-platform-group/entry/upcoming_exception_site_list_in
Honored Contributor
Oscar A. Perez
Posts: 644
Registered: ‎11-01-2005
Message 5 of 20 (17,453 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

Java 7u51 was released today and I can say that even with the fix for the manifest file we did for iLO2 v2.23, iLO3 v1.65 and iLO4 v1.32 and adding a trusted SSL certificate to each iLO, users could still experience issues opening the remote console and the virtual media applets.

 

 

The best solution so far is adding all your iLOs to the Java exception site list.

 

Occasional Visitor
mattlok-101
Posts: 1
Registered: ‎01-27-2014
Message 6 of 20 (16,790 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

Hi Everyone,

 

Just to let everyone know that updating iLO 2  to latest firmware 2.23 for BL460c G6 and BL465 G5 did not solve the problem for the Java 7u51.

 

Also adding the acception list to java's security does not work either for 7u51.

 

Tested on Windows 7, Windows 8, Windows 8.1 - IE 10, IE11, Firefox 26.

 

Any help is appreciated since iLO's java remote session will not work on any of the blades. 

Honored Contributor
Oscar A. Perez
Posts: 644
Registered: ‎11-01-2005
Message 7 of 20 (16,706 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

Do you have the debug output from the java console?

 

Visitor
_visitor_
Posts: 4
Registered: ‎01-30-2014
Message 8 of 20 (16,648 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

Like mattlok-101, upgrading to version 2.23 on my DL 385 G5, didn't fix the issue. 

 

When I try to view the Remote Console with IE 11 on Windows 7,  I receive a message that says - Error: Click for details.   The information from the Java console is listed below.

 

Firefox 24.2.0 ESR gives me even less information.  I've cleared the cache, etc. from both browsers.  I alo tried adding the IP address of the iLO to the Java exception list, but it doesn't fix the issue either. 

 

 

Java Plug-in 1.7.0_51
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM

load: class com.hp.ilo2.remcons.remcons.class not found.
java.lang.ClassNotFoundException: com.hp.ilo2.remcons.remcons.class
	at sun.applet.AppletClassLoader.findClass(Unknown Source)
	at java.lang.ClassLoader.loadClass(Unknown Source)
	at sun.applet.AppletClassLoader.loadClass(Unknown Source)
	at java.lang.ClassLoader.loadClass(Unknown Source)
	at sun.applet.AppletClassLoader.loadCode(Unknown Source)
	at sun.applet.AppletPanel.createApplet(Unknown Source)
	at sun.plugin.AppletViewer.createApplet(Unknown Source)
	at sun.applet.AppletPanel.runLoader(Unknown Source)
	at sun.applet.AppletPanel.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)

 

Honored Contributor
Oscar A. Perez
Posts: 644
Registered: ‎11-01-2005
Message 9 of 20 (16,637 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

[ Edited ]

Have you tried deleting temporary files in the Java Control Panel?

 

Open Java Control Panel and under General Tab, click on Settings button. It will open the Temporary File Settings window. Click on Delete Files button and select Installed Applicatons and Applets. Click OK.

 

This should force Java to download the new remcons app from iLO next time you click on the Remote Console link.

 

If it still won't work after this, go to the Security tab and try lowering the Security level.  Also click on "Restore Security Prompts".

 

 

 

 

 

 

Visitor
_visitor_
Posts: 4
Registered: ‎01-30-2014
Message 10 of 20 (16,613 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

 

I had the "keep temporary files on my computer" unchecked.  I re-enbled it, opened and closed Java time or two and deleted the temporary files, as well as the Installed Applications and Applets.

 

Retried the Remote Console - still doesn't work.

 

Have you tried deleting temporary files in the Java Control Panel?

 

I re-enabled the Next Generation Java Plugin (had it disabled for another app), and lowered the security from High to Medium.  Also clicked on "Restore Security Prompts".

 

Retried the Remote Console - still doesn't work.

 

If it still won't work after this, go to the Security tab and try lowering the Security level.  Also click on "Restore Security Prompts".

 

I still receive a message that says "Error, Click for details". 

 

When I click on it, up pops up an  "Application Error" dialog box titled "RuntimeException" that lists  "java.lang.reflect.InvocationTargetException".    The dialog has a button "Details" but clicking this just opens the Java Console, in which there are no error messages.

 

 

Honored Contributor
Oscar A. Perez
Posts: 644
Registered: ‎11-01-2005
Message 11 of 20 (16,606 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

[ Edited ]

I do see the "Error, Click for details" with iLOs that are not in my Java exception site list but, If I close it and try again or click on the "Reload" button, Java will open the remote console.

 

You said you tried adding your iLO to the exception site list.   Did you use   https://iLO-IP-Address   format?

Visitor
_visitor_
Posts: 4
Registered: ‎01-30-2014
Message 12 of 20 (16,588 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

Yes I did.

 

You said you tried adding your iLO to the exception site list.   Did you use   https://iLO-IP-Address   format?

 

Clicking the "Reload" button, just takes me back to the same, "Error, Click for details" message.

 

I do see the "Error, Click for details" with iLOs that are not in my Java exception site list but, If I close it and try again or click on the "Reload" button, Java will open the remote console.

 

Taking your "reload" suggestion a little further, I found that if I got the the "Error, Click for details" message, and then closed the window.  And, back at the main iLO window, did a F5 (refresh), and reselected the "Remote Console", I'd get the (expected) server console screen. 

 

And, it worked for me, regardless of whether the IP address was listed as an exception or not.  I was experimenting with 2 servers - one with an exception, the other with one.

 

While it's clumsy, at least I have a working solution now.

 

Thanks for your help.

 

Visitor
_visitor_
Posts: 4
Registered: ‎01-30-2014
Message 13 of 20 (16,524 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

I did some additional testing this morning.  I was able to raise the Java Security level back to High.  And, I removed the IP addresses from the exception list.

 

My workaround of having to try to access the Remote Console, close the window, refresh, retry Remote Console still works. 

 

The solution works with either IE 11 or Firefox 24.2.0 ESR.

Occasional Contributor
KidCargo
Posts: 3
Registered: ‎03-03-2014
Message 14 of 20 (15,591 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

I'm running into this on the Lo100s running fw 4.25.  I added the site to the exception site list and still can't get the applet to load.  I get the "Missing required Permissions manifest attribute in main jar:  http://<my ip>/M2.jar"

Occasional Visitor
wcndave
Posts: 1
Registered: ‎11-11-2014
Message 15 of 20 (4,453 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

This is still an issue, I cannot access any remote consoles across my 4 blade chassis.

 

I am using Java 8-25

 

I get the "error, click for details" message, and no amount of reloading seems to help.

 

Is there an iLO patch we need to apply?

 

Thanks

Occasional Visitor
drvladson
Posts: 1
Registered: ‎11-12-2014
Message 16 of 20 (4,338 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

We have the same problem (even with 1.7u51, and 1.8u25. x86 and x64, with IE, Firefox and Chrome).

So what can we do?! HP?!

 

Honored Contributor
Oscar A. Perez
Posts: 644
Registered: ‎11-01-2005
Message 17 of 20 (4,289 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

[ Edited ]

If you have your iLOs with a trusted SSL certificate, your browsers trust iLO webserver, you have imported the Root CA cert into the Java Keystore and you still have problems opening the Java iLO Remote Console then, call Oracle and ask them to get their act together.  

 

We have added all the required permissions into the JAR Manifest file and yet, JRE keeps blocking the Remote Console app.

 

 

Occasional Visitor
purpleSHEEP
Posts: 2
Registered: a month ago
Message 18 of 20 (2,613 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

I was just having the same problem.  I went into Administration > Settings > Security > SSL and changed the SSL Key length to 2048 and customized the CSR to change the Common Name (CN) to the IP address as that was how I was referencing the ILO.  When I tried to use the remote console it asked me to confirm the usage of the Remote Console class.

 

This is the first time I've been able to post something like this after years of getting out of trouble from other peoples posts so I really help this returns a favour or two.

Occasional Visitor
ulicky
Posts: 1
Registered: 4 weeks ago
Message 19 of 20 (2,191 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

Same problem on iLO100. :( Is it any chance, that this manifest will be added to iLO100? Thanks

Occasional Visitor
Jon_Miller
Posts: 1
Registered: 2 weeks ago
Message 20 of 20 (1,243 Views)

Re: iLO Java Remote Console: Upcoming JRE 1.7u51

Not sure if others have resolved their problem but I worked through my issue recently.

 

1. Installed Java JSE v8u5 on my Fedora 20 64bit Linux station.

 

2. Used 'alternatives' to update the default Java over openjdk (including link to libjavaplugin.so.x86_64)

 

alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/latest/jre/lib/amd64/libnpjp2.so 200000

 

3. Ensured Firefox had a link to the plugin

 

sudo ln -sf /usr/java/latest/jre/lib/amd64/libnpjp2.so /usr/lib64/firefox/plugins/libnpjp2.so

 

4. Restarted Firefox

     a. Go to your Addons and ensure the proper Java plugin is enabled

 

5. Finally need to add exceptions for Java security for the applet to run.

     - You can do this by running ControlPanel (/usr/java/latest/bin/ControlPanel)

        and adding exceptions in the Security tab for your iLO address.

        E.g. I was hitting my iLO via IP address, so the exception looked like "https://10.39.8.13"

 

     - Also, I noticed that by adding this exception, it was fortunately just saved into a plain text file located at:

       ~/.java/deployment/security/exception.sites

 

     - I intend to create a simple script that ensures my exception is there and then opens a tab in firefox to the iLO address.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.