-
-
Save xbb/4fd651c2493ad9284dbcb827dc8886d6 to your computer and use it in GitHub Desktop.
Use this as an example on how to start the virtual console without the need of Java Web Start or accessing it from the web interface. | |
You can use the user and password that you use for the web interface. | |
You need an old JRE... I used 1.7.0_80 from the Server JRE package, also I have tested successfully 1.7.0_79 with MacOS. | |
You don't need to install it, just extract it or copy the files in "jre" folder. | |
Open the viewer.jnlp file that you get by launching the virtual console from the web interface with a text editor. | |
Note the urls to the jar files. Download the main jar file avctKVM.jar and the libs for your operating system and architecture. | |
Extract the dlls (.so Linux, .jnilib MacOS) from the jar libs. | |
If you don't see the MacOS libs in the file make sure you download it from MacOS. | |
Edit the bat/sh file according to your needs. | |
The file structure should look like this: | |
start-virtual-console.bat (.sh if Linux/MacOS) | |
avctKVM.jar | |
jre/<jre home here> | |
lib/avctKVMIO.dll (.so if Linux, .jnilib if MacOS) | |
lib/avmWinLib.dll (.so if Linux, .jnilib if MacOS) |
@echo off | |
set /P drachost="Host: " | |
set /p dracuser="Username: " | |
set "psCommand=powershell -Command "$pword = read-host 'Enter Password' -AsSecureString ; ^ | |
$BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pword); ^ | |
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)"" | |
for /f "usebackq delims=" %%p in (`%psCommand%`) do set dracpwd=%%p | |
.\jre\bin\java -cp avctKVM.jar -Djava.library.path=.\lib com.avocent.idrac.kvm.Main ip=%drachost% kmport=5900 vport=5900 user=%dracuser% passwd=%dracpwd% apcp=1 version=2 vmprivilege=true "helpurl=https://%drachost%:443/help/contents.html" |
#!/bin/bash | |
echo -n 'Host: ' | |
read drachost | |
echo -n 'Username: ' | |
read dracuser | |
echo -n 'Password: ' | |
read -s dracpwd | |
echo | |
./jre/bin/java -cp avctKVM.jar -Djava.library.path=./lib com.avocent.idrac.kvm.Main ip=$drachost kmport=5900 vport=5900 user=$dracuser passwd=$dracpwd apcp=1 version=2 vmprivilege=true "helpurl=https://$drachost:443/help/contents.html" |
thanks for this, followed the instructions and worked perfectly on win10 64 latest.
Thank you! Works like a charm.
Here is my batch file for windows 10 (64-bit, but easily changed for 32-bit)... it automatically downloads the jar files and unzips the .dll files if they don't exist so it can use the native dll libraries:
Also, keep in mind if you still have to update the java settings to allow the older TLS to work:
Java location .\jre\lib\security\java.security
Remove SSLv3 and 3DES_EDE_CBC from jdk.tls.disabledAlgorithms, should end up like so:
jdk.tls.disabledAlgorithms=RC4, MD5withRSA, DH keySize < 1024,
EC keySize < 224, DES40_CBC, RC4_40@echo off set /P drachost="Host: " set /p dracuser="Username: " set "psCommand=powershell -Command "$pword = read-host 'Enter Password' -AsSecureString ; ^ $BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pword); ^ [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)"" for /f "usebackq delims=" %%p in (`%psCommand%`) do set dracpwd=%%p IF NOT EXIST "avctKVM.jar" ( ECHO Grabbing avctKVM.jar from host... powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; $WebClient = New-Object System.Net.WebClient ; $WebClient.DownloadFile('https://%drachost%/software/avctKVM.jar','.\avctKVM.jar')" ) IF NOT EXIST "lib" ( ECHO Creating lib directory mkdir "lib" ) IF NOT EXIST ".\lib\avmWinLib.dll" ( IF NOT EXIST ".\lib\avctVMWin64.zip" ( IF NOT EXIST ".\lib\avctVMWin64.jar" ( ECHO Grabbing avctKVMWin64.jar from host... powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; $WebClient = New-Object System.Net.WebClient ; $WebClient.DownloadFile('https://%drachost%/software/avctVMWin64.jar','.\lib\avctVMWin64.jar')" ) ECHO Renaming avctVMWin64.jar to avctVMWin64.zip rename ".\lib\avctVMWin64.jar" avctVMWin64.zip ) ECHO Unzipping avctKVMWin64.zip powershell Expand-Archive ".\lib\avctVMWin64.zip" -DestinationPath ".\lib" rmdir ".\lib\META-INF" /s /q erase ".\lib\avctVMWin64.zip" /q ) IF NOT EXIST ".\lib\avctKVMIO.dll" ( IF NOT EXIST ".\lib\avctKVMIOWin64.zip" ( IF NOT EXIST ".\lib\avctKVMIOWin64.jar" ( ECHO Grabbing avctKVMIOWin64.jar from host... powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; $WebClient = New-Object System.Net.WebClient ; $WebClient.DownloadFile('https://%drachost%/software/avctKVMIOWin64.jar','.\lib\avctKVMIOWin64.jar')" ) ECHO Renaming avctKVMIOWin64.jar to avctKVMIOWin64.zip rename ".\lib\avctKVMIOWin64.jar" avctKVMIOWin64.zip ) ECHO Unzipping avctKVMIOWin64.zip powershell Expand-Archive ".\lib\avctKVMIOWin64.zip" -DestinationPath ".\lib" rmdir ".\lib\META-INF" /s /q erase ".\lib\avctKVMIOWin64.zip" /q ) java -cp avctKVM.jar -Djava.library.path=.\lib com.avocent.idrac.kvm.Main ip=%drachost% kmport=5900 vport=5900 user=%dracuser% passwd=%dracpwd% apcp=1 version=2 vmprivilege=true "helpurl=https://%drachost%:443/help/contents.html"
I tried what lxi did and I keep getting a connection error. I did set the java (which is version 7u80 x64) with the listed exceptions.
The last part is slightly different because if I used it as is, it kept saying path not found, even when I included the full path. The only difference is the last part is
C:\idrac\jre\bin\java -cp avctKVM.jar -Djava.library.path=.\lib com.avocent.idrac.kvm.Main ip=%drachost% kmport=5900 vport=5900 user=%dracuser% passwd=%dracpwd% apcp=1 reconnect=2 version=2 vmprivilege=true "helpurl=https://%drachost%:443/help/contents.html"
As described, I set the java security to
jdk.tls.disabledAlgorithms=RC4, MD5withRSA, DH keySize < 1024, EC keySize < 224, DES40_CBC, RC4_40
The error I get is the following (I omitted the login parts)
`KVM/VM Client Version: 5.04.04 (Build 488)
replace numpad
** Max Size: W = 1366 H = 728
** Window Pref Size: W = 1040 H = 823
** Max Size: W = 1366 H = 728
** Window Pref Size: W = 1040 H = 823
ProtocolAPCP.receieveSessionSetup : v1.2 APCP = true
APCP Version = 260
Supported protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
Enabled protocols: [SSLv3, TLSv1]
Supported ciphers: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_
AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128
CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC
SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SH
A, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_EC
DSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AE
S_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_C
BC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_
ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RS
A_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIAT
ION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_C
BC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, S
SL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES
CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EX
PORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPO
RT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL
SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH
_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_an
on_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB
5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, T
LS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Enabled ciphers: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AE
S_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_C
BC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SH
A256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDS
A_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_
128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC
SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EC
DH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA
WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATIO
N_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC
_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL
_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_C
BC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPO
RT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT
_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SH
A256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_N
ULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon
WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5
WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS
_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Exception in server handshake
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359
)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343
)
at com.avocent.d.a.a.a(Unknown Source)
at com.avocent.d.a.a.a(Unknown Source)
at com.avocent.d.a.a.c(Unknown Source)
at com.avocent.d.d.b.a(Unknown Source)
at com.avocent.a.b.w.g(Unknown Source)
at com.avocent.a.b.w.a(Unknown Source)
at com.avocent.app.c.l.m(Unknown Source)
at com.avocent.app.c.l.e(Unknown Source)
at com.avocent.idrac.kvm.a.e(Unknown Source)
at com.avocent.idrac.kvm.Main.a(Unknown Source)
at com.avocent.idrac.kvm.Main.main(Unknown Source)
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359
)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343
)
at com.avocent.d.a.a.a(Unknown Source)
at com.avocent.d.a.a.a(Unknown Source)
at com.avocent.d.a.a.c(Unknown Source)
at com.avocent.d.d.b.a(Unknown Source)
at com.avocent.a.b.w.g(Unknown Source)
at com.avocent.a.b.w.a(Unknown Source)
at com.avocent.app.c.l.m(Unknown Source)
at com.avocent.app.c.l.e(Unknown Source)
at com.avocent.idrac.kvm.a.e(Unknown Source)
at com.avocent.idrac.kvm.Main.a(Unknown Source)
at com.avocent.idrac.kvm.Main.main(Unknown Source)
CoreSessionListener : connection failed
in CoreSessionListner : fireOnSessionStateChanged
KVM session state SESSION_FAILED
KVM session state SESSION_CLOSING
calling clenaup from CloseViewerClient`
This is on Server 2012 R2 and I'm trying to connecto to an iDrac enterprise on a Dell 720.
The method works for me with an iDRAC7 on a T320. The only thing I had to change to make it work with iDRAC7 are the arguments passed to java.exe, which should be the ones listed in the lines in the .jnlp.
My command line for iDRAC7 is below. In particular, if I omit reconnect=2, the console stays in "Reconnecting..." state, then times out.bin\java -cp avctKVM.jar -Djava.library.path=.\lib com.avocent.idrac.kvm.Main ip=%drachost% vm=1 title=idrac-%2C+PowerEdge+T320%2C+User%3A+root user=%dracuser% passwd=%dracpwd% kmport=5900 vport=5900 apcp=1 reconnect=2 chat=1 F1=1 custom=0 scaling=15 minwinheight=100 minwinwidth=100 videoborder=0 version=2 "helpurl=https://%drachost%:443/help/contents.html"
@jelewis666 : did you put on your java command line all the arguments found in your viewer.jnlp, in the form of key=value? Because your command line seems to lack some arguments I had found in my viewer.jnlp. I remember that omitting some arguments, lead to weird results. HTH, Lux.
Awesome. For the umpteenth time I was jumping through the JavaWS hoops and just couldn't get any of the usual tricks to work. I set the files up in a folder as you described, parameterised the commandline in Remote Desktop Manager and for first time ever now have secure one click access to all my iDracs alongside everything else and using the same credential store. Awesome. Just awesome. Thanks.
I had to enable SSLv3 in java, I always got the error "connection failed"
Comment out "jdk.tls.disabledAlgorithms=SSLv3 in /lib/security/java.securityThis fixed it for me. too with latest java. Nice to have it in its own folder as a "portable"
Same here.
Added wget to WIndows and added to script-
echo "Grabbing jar file from host."
wget.exe -N --no-check-certificate "https://%drachost%/software/avctKVM.jar"
And still didn't work:
Then saw that about SSL3..
Glad I kept reading down this comment thread before I gave up!
Worked perfectly! (Linux)
Used JRE 1.7 extracted from tar.
I was able to connect doing this (iDRAC 6 Enterprise):
- Downloaded this file from Oracle website: server-jre-7u80-windows-x64.tar.gz (https://www.oracle.com/java/technologies/javase/javase7-archive-downloads.html#license-lightbox)
- Created a folder on my drive (C:\idrac)
- Expanded the tar file and copied all content from this directory: .\server-jre-7u80-windows-x64.tar\jdk1.7.0_80\jre\ to C:\idrac\
Here's how my directory ended:
Then I'm using this PowerShell script:
Set-Location -Path C:\idrac
$ServerHost = Read-Host "Type the name of the host that you want to connect to"
$HostPassword = Read-Host "Type the password of the host that you want to connect to"Write-Host "`nDownloading files..."
wget.exe -N --no-check-certificate "https://$ServerHost/software/avctKVM.jar" -q
wget.exe -N --no-check-certificate "https://$ServerHost/software/avctVMWin64.jar" -P lib -q
wget.exe -N --no-check-certificate "https://$ServerHost/software/avctKVMIOWin64.jar" -P lib -qWrite-Host "`nExpanding files to initiate connection..."
Rename-Item .\lib\avctVMWin64.jar avctVMWin64.zip
Rename-Item .\lib\avctKVMIOWin64.jar avctKVMIOWin64.zip
Expand-Archive .\lib\avctVMWin64.zip -DestinationPath .\lib
Remove-Item .\lib\META-INF -Recurse -Confirm:$False
Expand-Archive .\lib\avctKVMIOWin64.zip -DestinationPath .\lib
Remove-Item .\lib\META-INF -Recurse -Confirm:$False
Remove-Item .\lib*.zipStart-Process -FilePath .\bin\java -ArgumentList "-cp avctKVM.jar -Djava.library.path=.\lib com.avocent.idrac.kvm.Main ip=$ServerHost kmport=5900 vport=5900 user=root passwd=$HostPassword apcp=1 verison=2 vmprivilege=true 'helpurl=https://$($ServerHost):443/help/contents.html'"
Remove-Item .\lib*.dll
Remove-Item .\avctKVM.jar
It worked without modifying my PC java.security file.
The only problems until now is that I didn't find a way to pass the password using PowerShell in a secure way (I have tried the -AsSecureString), so for now the password is in plain text... =/
And I have tried to use this code to download the files:
Invoke-WebRequest https://$ServerHost/software/avctKVM.jar -OutFile .\avctKVM.jar
But sometimes worked, sometimes don't, I think that I need to initiate the connection first...
Meanwhile I'm using wget as other users commented previously.
Anyway, thanks a lot for your time to help a lot of people!!!
@vandreytrindade: generally, for these old servers, I find it convenient to use an old Java version. I downloaded a portable old java from here https://sourceforge.net/projects/portableapps/files/Java%20Portable/ and I unpack it only when I have to use it. If I remember well, I found jPortable_8_Update_40_Rev_2.paf.exe to behave well with iDRAC 6 and 7.
@vandreytrindade: generally, for these old servers, I find it convenient to use an old Java version. I downloaded a portable old java from here https://sourceforge.net/projects/portableapps/files/Java%20Portable/ and I unpack it only when I have to use it. If I remember well, I found jPortable_8_Update_40_Rev_2.paf.exe to behave well with iDRAC 6 and 7.
Thanks!
I can't use your script as there is no WinZip.
Why are you using WinZip. Windows has ZIP built in, powershell, or even the fully free 7-zip. No one needs to be using WinZip anymore in 2020 or 2021, they will sue you for using it in business without paying.
I can't use your script as there is no WinZip.
Why are you using WinZip. Windows has ZIP built in, powershell, or even the fully free 7-zip. No one needs to be using WinZip anymore in 2020 or 2021, they will sue you for using it in business without paying.
the script uses a specific version of powershell to expand the file, and tyler56895 didn't meet this requirement.
in any event they managed to work around the problem manually the next day and posted to confirm they are all now ok.
Hello everyone, I have the remote console working on a dell R710 with the enterprise idrac. Thanks to MathieuW here: https://www.dell.com/community/Systems-Management-General/iDRAC6-Virtual-Console-Connection-Failed/td-p/5144021/page/2
I am running the latest java version as of 10/01/2018. Version 8 Update 181 (build 1.8.0_181-b13)
Go to here or wherever you installed java. C:\Program Files\Java\jre1.8.0_181\lib\security\java.security
Comment out this line in java.security with a # jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, and add the IP address (https://IPhere) and (https://IPhere:443) to the security tab of the java control pannel.
I don't know what security implications this has but it works.
This worked for me
Thank you!
Hello everyone, I have the remote console working on a dell R710 with the enterprise idrac. Thanks to MathieuW here: https://www.dell.com/community/Systems-Management-General/iDRAC6-Virtual-Console-Connection-Failed/td-p/5144021/page/2 I am running the latest java version as of 10/01/2018. Version 8 Update 181 (build 1.8.0_181-b13) Go to here or wherever you installed java. C:\Program Files\Java\jre1.8.0_181\lib\security\java.security Comment out this line in java.security with a # jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, and add the IP address (https://IPhere) and (https://IPhere:443) to the security tab of the java control pannel. I don't know what security implications this has but it works.
This worked for me
Thank you!
And for me as well!
@lx1 thank that worked for iDrac 7.
Hi,
For those concerned about changing global java security settings, they can be overridden on the command line like so:
java -Djava.security.properties=idrac.java.security -cp avctKVM.jar com.avocent.idrac.kvm.Main ip=$IP kmport=$port vport=$port user=$user passwd=$pass apcp=1 version=2 vmprivilege=true "helpurl=https://$IP:443/help/contents.html"
The -D switch uses a file which needs to be created idrac.java.security
e.g.
`#idrac.java.security
#Custom java.security overrides for DELL IDRAC Virtual Console
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, anon, NULL, include jdk.disabled.namedCurves`
If done correctly this will override this one setting for this one time JVM instance instead of changing global settings, this is much preferred.
Notice also there is only one algorithm which prevents the console from running (at least on my system, java version 14) and that the specific culprit seems to be 3DES_EDE_CBC which is the only flag which needs to be missing from the original list for the JVM to run.
Other operating systems and java versions might need different attention but I hope this helps.
Here's my short little function, to either install the requirements or open the iDRAC session. It assumes, that there's a installed version of 7zip.
function Connect-iDRACRemoteConsole {
<#
.SYNOPSIS
Install and launch a Dell iDRAC Remote console using java.
.DESCRIPTION
This function will prepare the necessary files as well as launch (when told to) a Dell iDRAC Remote Console window.
.PARAMETER ProgramFolder
Program folder, where files are stored. Will default to: $env:LOCALAPPDATA\Dell iDRAC
.PARAMETER ServerHost
Either the FQDN or IP address of a iDRAC system.
.PARAMETER Credential
PowerShell credential object, allowing for passing of somewhere else stored credentials.
.PARAMETER Install
Using this switch, the function will then download the necessary files, unzip them and remove a few unnecessary files.
.INPUTS
[None]
.OUTPUTS
[None]
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory = $false, ParameterSetName = 'Connect')]
[Parameter(Mandatory = $false, ParameterSetName = 'Install')]
[string] $ProgramFolder = '{0}\Dell iDRAC' -f $env:LOCALAPPDATA,
[Parameter(Mandatory = $true, ParameterSetName = 'Connect')]
[Parameter(Mandatory = $true, ParameterSetName = 'Install')]
[string] $ServerHost,
[Parameter(Mandatory = $true, ParameterSetName = 'Connect')]
[pscredential] $Credential,
[Parameter(Mandatory = $true, ParameterSetName = 'Install')]
[switch] $Install
)
begin {
$ErrorActionPreference = 'Stop'
$InformationPreference = 'Continue'
$libdir = '{0}\clientlib' -f $ProgramFolder
if ($PSCmdlet.ParameterSetName -ne 'install') {
try {
Set-Location -Path $ProgramFolder
}
catch {
$_.Exception.Message | Write-Warning
throw ('Unable to change directory to {0}' -f $ProgramFolder)
}
}
elseif ($PSCmdlet.ParameterSetName -eq 'install') {
$7zipPath = "$env:ProgramFiles\7-Zip\7z.exe"
if (-not (Test-Path -Path $7zipPath -PathType Leaf)) {
throw ('7zip file {0} not found' -f $7zipPath)
}
Set-Alias 7zip $7zipPath
$tempdir = '{0}\temp' -f $ProgramFolder
}
}
process {
if ($PSCmdlet.ParameterSetName -eq 'install') {
# try and create the program folder.
try {
if (-not (Get-Item -Path $ProgramFolder -ErrorAction 'SilentlyContinue')) {
New-Item -ItemType 'Directory' -Path $ProgramFolder
}
if (-not (Get-Item -Path $libdir -ErrorAction 'SilentlyContinue')) {
New-Item -ItemType 'Directory' -Path $libdir
}
if (-not (Get-Item -Path $tempdir -ErrorAction 'SilentlyContinue')) {
New-Item -ItemType 'Directory' -Path $tempdir
}
}
catch {
$_.Exception.Message | Write-Warning
throw ('Unable to create program directory {0}' -f $ProgramFolder)
}
# Start the download into the program folder.
$FileUrls = @(
[PSCustomObject]@{
Uri = 'https://master.dl.sourceforge.net/project/portableapps/Java%20Portable/jPortable64_8_Update_40_Rev_2.paf.exe?viasf=1'
FileName = 'jPortable64_8_Update_40_Rev_2.paf.exe'
UnzipDir = '\'
UnzipParams = ''
SkipCertificateCheck = $false
SkipUnzip = $false
HashAlgorithm = 'SHA256'
Hash = 'A4AAC39FC458C3D4E551C08B8896DD1CE3C373C910B0005F4C40485907791E05'
RemoveDirs = @('$PLUGINSDIR', 'App', 'Other')
RemoveFiles = @('release')
},
[PSCustomObject]@{
Uri = 'https://{0}/software/avctKVM.jar' -f $ServerHost
FileName = 'avctKVM.jar'
CopyDir = 'clientlib'
SkipUnzip = $true
SkipCertificateCheck = $true
},
[PSCustomObject]@{
Uri = 'https://{0}/software/avctVMWin64.jar' -f $ServerHost
FileName = 'avctVMWin64.jar'
UnzipDir = 'clientlib'
UnzipParams = ''
SkipUnzip = $false
SkipCertificateCheck = $true
RemoveDirs = @('META-INF')
},
[PSCustomObject]@{
Uri = 'https://{0}/software/avctKVMIOWin64.jar' -f $ServerHost
FileName = 'avctKVMIOWin64.jar'
UnzipDir = 'clientlib'
UnzipParams = ''
SkipUnzip = $false
SkipCertificateCheck = $true
RemoveDirs = @('META-INF')
}
)
# Loop through the file list and download them.
foreach ($uri in $FileUrls) {
$OutFile = '{0}\{1}' -f $tempdir, $uri.FileName
$WebRequestArgs = @{
Uri = $uri.uri
OutFile = $OutFile
UserAgent = [Microsoft.PowerShell.Commands.PSUserAgent]::FireFox
}
try {
if ($uri.SkipCertificateCheck -eq $true) {
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
<# $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols#>
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
}
$res = Invoke-WebRequest @WebRequestArgs
}
catch {
$_.Exception.Message | Write-Warning
throw ('Unable to download {0} to {1}' -f $uri.uri, $OutFile)
}
# The download finished, now we can make sure, that if HashAlgorithm and Hash have been given to verify them.
if (-not [string]::IsNullOrWhiteSpace($uri.HashAlgorithm) -and -not [string]::IsNullOrWhiteSpace($uri.Hash)) {
# Get a comparsion hash value of the file we've just downloaded.
try {
$hash = Get-FileHash -Algorithm $uri.HashAlgorithm -Path $OutFile
# Now check if the computed hash is the same as the one we got from the file list.
if ($hash.Hash -eq $uri.Hash) {
Write-Verbose ('Hash values of download {0} matches stored hash value' -f $uri.FileName)
}
else {
Write-Warning -Message ('Hash values of download {0} do not match. Deleting' -f $uri.FileName)
Remove-Item -Confirm:$false -Path $OutFile
}
}
catch {
$_.Exception.Message | Write-Warning
throw ('Failure during hash verification of file {0}' -f $uri.FileName)
}
}
# Since we've gotten this far, we need to extract the files using 7z.
try {
if ($uri.SkipUnzip -eq $false) {
$null = 7zip x -y $uri.UnzipParams ('-o"{0}\{1}"' -f $ProgramFolder, $uri.UnzipDir) "$OutFile"
}
elseif ($uri.SkipUnzip -eq $true -and -not [string]::IsNullOrEmpty($uri.CopyDir)) {
$Destination = '{0}\{1}\{2}' -f $ProgramFolder, $uri.CopyDir, $uri.FileName
Copy-Item -Path $OutFile -Destination $Destination -Confirm:$false
}
# Check if the current file has RemoveDirs set. If so, loop through them and do as requested.
if ($uri.RemoveDirs -is [System.Array] -and $uri.RemoveDirs.Count -eq 0) {
Write-Verbose -Message 'No files to delete after extraction.'
}
elseif ($uri.RemoveDirs -is [System.Array] -and $uri.RemoveDirs.Count -ge 1) {
foreach ($dir in $uri.RemoveDirs) {
# Now we need to construct the absolute path.
$RemovalPath = '{0}\{1}\{2}' -f $ProgramFolder, $uri.UnzipDir, $dir
if (Get-Item -Path $RemovalPath -ErrorAction 'SilentlyContinue') {
Remove-Item -Path $RemovalPath -Recurse -Confirm:$false
}
}
}
else {
Write-Warning -Message ('Invalid RemoveDirs variable for file {0}' -f $uri.uri)
}
}
catch {
$_.Exception.Message | Write-Warning
throw ('Unable to extract {0} to {1}' -f $OutFile, $uri.UnzipDir)
}
# Now remove the download file.
try {
Remove-Item -Path $OutFile -Confirm:$false
}
catch {
$_.Exception.Message | Write-Warning
throw ('Unable to remove {0}' -f $OutFile)
}
# Clear the content, so it'll not spill into the next loop.
$OutFile, $WebRequestArgs, $FileName = $null
}
# Create the java security override.
$Content = 'jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, anon, NULL, include jdk.disabled.namedCurves'
$Content | Out-File -FilePath ('{0}\{1}' -f $ProgramFolder, 'idrac.java.security')
}
elseif ($PSCmdlet.ParameterSetName -eq 'Connect') {
# Make sure, there is the necessary set of tools.
$files = @('bin\java.exe', 'clientlib\avctKVM.jar', 'clientlib\avctKVMIO.dll', 'clientlib\avmWinLib.dll')
foreach ($folder in $folders) {
try {
Get-Item -Path ('{0}\{1}' -f $ProgramFolder, $folder)
}
catch {
$_.Exception.Message | Write-Warning
throw ('Unable to locate {0}\{1}' -f $ProgramFolder, $folder)
}
}
# Check file requisites.
foreach ($file in $files) {
try {
Get-Item -Path ('{0}\{1}' -f $ProgramFolder, $file)
}
catch {
$_.Exception.Message | Write-Warning
throw ('Unable to locate {0}\{1}' -f $ProgramFolder, $file)
}
}
# Do connection stuff here.
try {
$ProcessArgs = @(
'"-Djava.security.properties=idrac.java.security"',
('-cp "{0}\avctKVM.jar" "-Djava.library.path={0}"' -f $libdir),
'com.avocent.idrac.kvm.Main',
('ip="{0}" user="{1}" passwd="{2}"' -f $ServerHost, $Credential.UserName, $Credential.GetNetworkCredential().Password),
'apcp=1 version=2 vmprivilege=true kmport=5900 vport=5900',
('"helpurl=https://{0}:443/help/contents.html"' -f $ServerHost)
)
$proc = Start-Process -FilePath ('"{0}\{1}"' -f $ProgramFolder, 'bin\java.exe') -PassThru -Wait -ArgumentList $ProcessArgs
return $proc
}
catch {
$_.Exception.Message | Write-Warning
throw ('Unable to start iDRAC Remote console.')
}
}
}
end {}
}
This is great work! I think that we are at the level where an actual GitHub project is warranted?
For me this worked almost exactly as documented. The only issues I had are probably the result of my specific version of macos (Big Sur 11.5.2):
- the Java package that worked for me is
jre-7u80-macosx-x64.tar.gz
(the server JRE package's Java executable is not compatible with Mac) - macos considers the author of this version of Java to be "untrusted" and will not open it:
- the Open Anyway button in Privacy and Security settings no longer works;
- What does work is:
- Before running the idrac script, run
sudo spctl --master-disable
- Now when you run the idrac script, a security dialog will appear with a warning message; it has an Open button that really does allow you to run the script, and it only bothers you the first time you run it.
- Before running the idrac script, run
Once I got through these issues, it now works. Many thanks for the efforts that went into this!
Does anyone have success getting the "Virtual Media" to work for iDrac6? I can connect and get keyboard input and video, but when I tap "Virtual Media -> Launch Virtual Media", I get an error about "The Virtual Media native library cannot be loaded". If someone has it working, can they share the exact version of JRE they have?
Does anyone have success getting the "Virtual Media" to work for iDrac6? I can connect and get keyboard input and video, but when I tap "Virtual Media -> Launch Virtual Media", I get an error about "The Virtual Media native library cannot be loaded". If someone has it working, can they share the exact version of JRE they have?
This may occur when library file avctKVMIO.dll isn't found or loaded properly e.g. attempting to use 32-bit library with 64-bit JRE. I just tested using both jre-8u212-windows-i586 and jre-8u212-windows-x64 on Windows 10 (pulling down 32-bit and 64-bit library files respectfully), and clicking Virtual Media -> Launch Virtual Media within an iDRAC6 session opens without error for me.
I've been working on a script based on https://gist.github.com/xbb/4fd651c2493ad9284dbcb827dc8886d6?permalink_comment_id=3428052#gistcomment-3428052 that supports both 32-bit and 64-bit Java and tries to detect the iDRAC's version to know which arguments to pass to avctKVM.jar. It's a mess right now and not fully tested, but once it's somewhat cleaned up I will post it here.
I got it to work:
- Installed JRE 7 from Oracle
- Viewed the viewer.jnlp file to get the right .jar files
- Downloaded files manually, renamed to .zip, and extracted them into the proper folder. (avctKVM.jar goes in same folder as console.bat, other .dlls go into /lib folder)
- Edited the console.bat to include IP and username instead of prompting me each time.
The tricky part was trying various platform .jar files till I found one that worked. As @greecemunky said, it was just a matter of finding the right one.
On mac osx big sur, i couldnt manage to make it work with all the instructions properly done and java.security file patched. I downloaded and used jre1.7 as mentioned before. I commented disabledAlgorithms and left it empty, neither way worked as well. I can use the same script to connect on windows using jre1.6.
I still get the following error. Did anybody manage to solve it in big sur+ ?
07/24/2022 11:24:38:487: User login response: 3
java.net.SocketException: Broken pipe
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:113)
at java.net.SocketOutputStream.write(SocketOutputStream.java:159)
at sun.security.ssl.OutputRecord.writeBuffer(OutputRecord.java:377)
at sun.security.ssl.OutputRecord.write(OutputRecord.java:363)
at sun.security.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:837)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:808)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at com.avocent.kvm.c.d.g.b(Unknown Source)
at com.avocent.kvm.c.d.i.run(Unknown Source)
And here is the command:
sudo spctl --master-disable
./jre1.7-mac/Contents/Home/bin/java -cp avctKVM.jar -Djava.library.path=./lib com.avocent.idrac.kvm.Main ip="10.0.0.100" kmport=5900 vport=5900 user=*** passwd="****" apcp=1 version=2 reconnect=2 vmprivilege=true "helpurl=https://10.0.0.100:443/help/contents.html"
Hi
I'm not on macos but could this be just working directory ambiguity with the lib directory,, i.e.
sudo spctl --master-disable
cd ./jre1.7-mac/Contents/Home
./bin/java -cp avctKVM.jar -Djava.library.path=./lib com.avocent.idrac.kvm.Main ip="10.0.0.100" kmport=5900 vport=5900 user=*** passwd="****" apcp=1 version=2 reconnect=2 vmprivilege=true "helpurl=https://10.0.0.100:443/help/contents.html"
Alternativey fully qualified lib path
sudo spctl --master-disable
./jre1.7-mac/Contents/Home/bin/java -cp avctKVM.jar -Djava.library.path=./jre1.7-mac/Contents/Home/lib com.avocent.idrac.kvm.Main ip="10.0.0.100" kmport=5900 vport=5900 user=*** passwd="****" apcp=1 version=2 reconnect=2 vmprivilege=true "helpurl=https://10.0.0.100:443/help/contents.html"
Apologies if already checked this is correct directory
@jimfrench I havent tried this yet but i ll check if it works. Though, I don't think this would be the cause because it works until tls connection phase. Thanks for the advice anyway.
@ardabeyazoglu Yes I should have explained my reasoning, it could have been using libraries from the wrong java version, but you might be correct in that it probably wouldn't get that far if so, it would error out sooner than during the connection. Hope someone else can step in good luck.
I tried many different combinations, java versions, etc., and finally discovered that iDRAC 6 is compatible with IE v8 on Win 7 SP1. I downloaded Win 7 SP1 and installed it on a virtual machine. It installs its ActiveX to IE 8 on the first run. Then I put the website on trusted sites. and voila!
:)
@j0mbie Thank you so much for writing that all out. Worked like a charm.