Skip to content

Instantly share code, notes, and snippets.

@xbb
Last active October 1, 2024 23:06
Show Gist options
  • Save xbb/4fd651c2493ad9284dbcb827dc8886d6 to your computer and use it in GitHub Desktop.
Save xbb/4fd651c2493ad9284dbcb827dc8886d6 to your computer and use it in GitHub Desktop.
IDRAC6 Virtual Console Launcher
Use this as an example on how to start the virtual console without the need of Java Web Start or accessing it from the web interface.
You can use the user and password that you use for the web interface.
You need an old JRE... I used 1.7.0_80 from the Server JRE package, also I have tested successfully 1.7.0_79 with MacOS.
You don't need to install it, just extract it or copy the files in "jre" folder.
Open the viewer.jnlp file that you get by launching the virtual console from the web interface with a text editor.
Note the urls to the jar files. Download the main jar file avctKVM.jar and the libs for your operating system and architecture.
Extract the dlls (.so Linux, .jnilib MacOS) from the jar libs.
If you don't see the MacOS libs in the file make sure you download it from MacOS.
Edit the bat/sh file according to your needs.
The file structure should look like this:
start-virtual-console.bat (.sh if Linux/MacOS)
avctKVM.jar
jre/<jre home here>
lib/avctKVMIO.dll (.so if Linux, .jnilib if MacOS)
lib/avmWinLib.dll (.so if Linux, .jnilib if MacOS)
@echo off
set /P drachost="Host: "
set /p dracuser="Username: "
set "psCommand=powershell -Command "$pword = read-host 'Enter Password' -AsSecureString ; ^
$BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pword); ^
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)""
for /f "usebackq delims=" %%p in (`%psCommand%`) do set dracpwd=%%p
.\jre\bin\java -cp avctKVM.jar -Djava.library.path=.\lib com.avocent.idrac.kvm.Main ip=%drachost% kmport=5900 vport=5900 user=%dracuser% passwd=%dracpwd% apcp=1 version=2 vmprivilege=true "helpurl=https://%drachost%:443/help/contents.html"
#!/bin/bash
echo -n 'Host: '
read drachost
echo -n 'Username: '
read dracuser
echo -n 'Password: '
read -s dracpwd
echo
./jre/bin/java -cp avctKVM.jar -Djava.library.path=./lib com.avocent.idrac.kvm.Main ip=$drachost kmport=5900 vport=5900 user=$dracuser passwd=$dracpwd apcp=1 version=2 vmprivilege=true "helpurl=https://$drachost:443/help/contents.html"
@lx1
Copy link

lx1 commented Oct 23, 2021

@vandreytrindade: generally, for these old servers, I find it convenient to use an old Java version. I downloaded a portable old java from here https://sourceforge.net/projects/portableapps/files/Java%20Portable/ and I unpack it only when I have to use it. If I remember well, I found jPortable_8_Update_40_Rev_2.paf.exe to behave well with iDRAC 6 and 7.

@vandreytrindade
Copy link

@vandreytrindade: generally, for these old servers, I find it convenient to use an old Java version. I downloaded a portable old java from here https://sourceforge.net/projects/portableapps/files/Java%20Portable/ and I unpack it only when I have to use it. If I remember well, I found jPortable_8_Update_40_Rev_2.paf.exe to behave well with iDRAC 6 and 7.

Thanks!

@ready4droid
Copy link

ready4droid commented Oct 25, 2021 via email

@29039
Copy link

29039 commented Oct 25, 2021

I can't use your script as there is no WinZip.

@tyler56895

Why are you using WinZip. Windows has ZIP built in, powershell, or even the fully free 7-zip. No one needs to be using WinZip anymore in 2020 or 2021, they will sue you for using it in business without paying.

@wizdude
Copy link

wizdude commented Oct 25, 2021

I can't use your script as there is no WinZip.

@tyler56895

Why are you using WinZip. Windows has ZIP built in, powershell, or even the fully free 7-zip. No one needs to be using WinZip anymore in 2020 or 2021, they will sue you for using it in business without paying.

the script uses a specific version of powershell to expand the file, and tyler56895 didn't meet this requirement.

in any event they managed to work around the problem manually the next day and posted to confirm they are all now ok.

@assadniang
Copy link

Hello everyone, I have the remote console working on a dell R710 with the enterprise idrac. Thanks to MathieuW here: https://www.dell.com/community/Systems-Management-General/iDRAC6-Virtual-Console-Connection-Failed/td-p/5144021/page/2

I am running the latest java version as of 10/01/2018. Version 8 Update 181 (build 1.8.0_181-b13)

Go to here or wherever you installed java. C:\Program Files\Java\jre1.8.0_181\lib\security\java.security

Comment out this line in java.security with a # jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, and add the IP address (https://IPhere) and (https://IPhere:443) to the security tab of the java control pannel.

I don't know what security implications this has but it works.

This worked for me
Thank you!

@kbhuinfo
Copy link

Hello everyone, I have the remote console working on a dell R710 with the enterprise idrac. Thanks to MathieuW here: https://www.dell.com/community/Systems-Management-General/iDRAC6-Virtual-Console-Connection-Failed/td-p/5144021/page/2

I am running the latest java version as of 10/01/2018. Version 8 Update 181 (build 1.8.0_181-b13)

Go to here or wherever you installed java. C:\Program Files\Java\jre1.8.0_181\lib\security\java.security

Comment out this line in java.security with a # jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, and add the IP address (https://IPhere) and (https://IPhere:443) to the security tab of the java control pannel.

I don't know what security implications this has but it works.

This worked for me
Thank you!

And for me as well!

@Manit-Chanthavong
Copy link

@lx1 thank that worked for iDrac 7.

@jimfrench
Copy link

jimfrench commented Dec 24, 2021

Hi,
For those concerned about changing global java security settings, they can be overridden on the command line like so:
java -Djava.security.properties=idrac.java.security -cp avctKVM.jar com.avocent.idrac.kvm.Main ip=$IP kmport=$port vport=$port user=$user passwd=$pass apcp=1 version=2 vmprivilege=true "helpurl=https://$IP:443/help/contents.html"

The -D switch uses a file which needs to be created idrac.java.security
e.g.

`#idrac.java.security
#Custom java.security overrides for DELL IDRAC Virtual Console

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, anon, NULL, include jdk.disabled.namedCurves`

If done correctly this will override this one setting for this one time JVM instance instead of changing global settings, this is much preferred.

Notice also there is only one algorithm which prevents the console from running (at least on my system, java version 14) and that the specific culprit seems to be 3DES_EDE_CBC which is the only flag which needs to be missing from the original list for the JVM to run.

Other operating systems and java versions might need different attention but I hope this helps.

@pinguinfuss
Copy link

pinguinfuss commented Jan 22, 2022

Here's my short little function, to either install the requirements or open the iDRAC session. It assumes, that there's a installed version of 7zip.

function Connect-iDRACRemoteConsole {
    <#
        .SYNOPSIS
            Install and launch a Dell iDRAC Remote console using java.

        .DESCRIPTION
            This function will prepare the necessary files as well as launch (when told to) a Dell iDRAC Remote Console window.

        .PARAMETER ProgramFolder
            Program folder, where files are stored. Will default to: $env:LOCALAPPDATA\Dell iDRAC

        .PARAMETER ServerHost
            Either the FQDN or IP address of a iDRAC system.

        .PARAMETER Credential
            PowerShell credential object, allowing for passing of somewhere else stored credentials.

        .PARAMETER Install
            Using this switch, the function will then download the necessary files, unzip them and remove a few unnecessary files.

        .INPUTS
            [None]

        .OUTPUTS
            [None]

    #>

    [CmdletBinding()]

    Param(
        [Parameter(Mandatory = $false, ParameterSetName = 'Connect')]
        [Parameter(Mandatory = $false, ParameterSetName = 'Install')]
        [string] $ProgramFolder = '{0}\Dell iDRAC' -f $env:LOCALAPPDATA,

        [Parameter(Mandatory = $true, ParameterSetName = 'Connect')]
        [Parameter(Mandatory = $true, ParameterSetName = 'Install')]
        [string] $ServerHost,

        [Parameter(Mandatory = $true, ParameterSetName = 'Connect')]
        [pscredential] $Credential,

        [Parameter(Mandatory = $true, ParameterSetName = 'Install')]
        [switch] $Install
    )

    begin {
        $ErrorActionPreference = 'Stop'
        $InformationPreference = 'Continue'
        $libdir = '{0}\clientlib' -f $ProgramFolder

        if ($PSCmdlet.ParameterSetName -ne 'install') {
            try {
                Set-Location -Path $ProgramFolder
            }
            catch {
                $_.Exception.Message | Write-Warning
                throw ('Unable to change directory to {0}' -f $ProgramFolder)
            }
        }
        elseif ($PSCmdlet.ParameterSetName -eq 'install') {
            $7zipPath = "$env:ProgramFiles\7-Zip\7z.exe"

            if (-not (Test-Path -Path $7zipPath -PathType Leaf)) {
                throw ('7zip file {0} not found' -f $7zipPath)
            }

            Set-Alias 7zip $7zipPath
            $tempdir = '{0}\temp' -f $ProgramFolder
        }
    }

    process {
        if ($PSCmdlet.ParameterSetName -eq 'install') {
            # try and create the program folder.
            try {
                if (-not (Get-Item -Path $ProgramFolder -ErrorAction 'SilentlyContinue')) {
                    New-Item -ItemType 'Directory' -Path $ProgramFolder
                }
                if (-not (Get-Item -Path $libdir -ErrorAction 'SilentlyContinue')) {
                    New-Item -ItemType 'Directory' -Path $libdir
                }

                if (-not (Get-Item -Path $tempdir -ErrorAction 'SilentlyContinue')) {
                    New-Item -ItemType 'Directory' -Path $tempdir
                }
            }
            catch {
                $_.Exception.Message | Write-Warning
                throw ('Unable to create program directory {0}' -f $ProgramFolder)
            }

            # Start the download into the program folder.
            $FileUrls = @(
               [PSCustomObject]@{
                    Uri = 'https://master.dl.sourceforge.net/project/portableapps/Java%20Portable/jPortable64_8_Update_40_Rev_2.paf.exe?viasf=1'
                    FileName = 'jPortable64_8_Update_40_Rev_2.paf.exe'
                    UnzipDir = '\'
                    UnzipParams = ''
                    SkipCertificateCheck = $false
                    SkipUnzip = $false
                    HashAlgorithm = 'SHA256'
                    Hash = 'A4AAC39FC458C3D4E551C08B8896DD1CE3C373C910B0005F4C40485907791E05'
                    RemoveDirs = @('$PLUGINSDIR', 'App', 'Other')
                    RemoveFiles = @('release')
                },
                [PSCustomObject]@{
                    Uri = 'https://{0}/software/avctKVM.jar' -f $ServerHost
                    FileName = 'avctKVM.jar'
                    CopyDir = 'clientlib'
                    SkipUnzip = $true
                    SkipCertificateCheck = $true
                    
                },
                [PSCustomObject]@{
                    Uri = 'https://{0}/software/avctVMWin64.jar' -f $ServerHost
                    FileName = 'avctVMWin64.jar'
                    UnzipDir = 'clientlib'
                    UnzipParams = ''
                    SkipUnzip = $false
                    SkipCertificateCheck = $true
                    RemoveDirs = @('META-INF')
                },
                [PSCustomObject]@{
                    Uri = 'https://{0}/software/avctKVMIOWin64.jar' -f $ServerHost
                    FileName = 'avctKVMIOWin64.jar'
                    UnzipDir = 'clientlib'
                    UnzipParams = ''
                    SkipUnzip = $false
                    SkipCertificateCheck = $true
                    RemoveDirs = @('META-INF')
                }

            )

            # Loop through the file list and download them.
            foreach ($uri in $FileUrls) {
                $OutFile = '{0}\{1}' -f $tempdir, $uri.FileName
                $WebRequestArgs = @{
                    Uri = $uri.uri
                    OutFile = $OutFile
                    UserAgent = [Microsoft.PowerShell.Commands.PSUserAgent]::FireFox
                }
                try {
                    if ($uri.SkipCertificateCheck -eq $true) {
                        add-type @"
                            using System.Net;
                            using System.Security.Cryptography.X509Certificates;
                            public class TrustAllCertsPolicy : ICertificatePolicy {
                                public bool CheckValidationResult(
                                    ServicePoint srvPoint, X509Certificate certificate,
                                    WebRequest request, int certificateProblem) {
                                    return true;
                                }
                            }
"@
<#                        $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
                        [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols#>
                        [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
                    }

                    $res = Invoke-WebRequest @WebRequestArgs
                }
                catch {
                    $_.Exception.Message | Write-Warning
                    throw ('Unable to download {0} to {1}' -f $uri.uri, $OutFile)
                }

                # The download finished, now we can make sure, that if HashAlgorithm and Hash have been given to verify them.
                if (-not [string]::IsNullOrWhiteSpace($uri.HashAlgorithm) -and -not [string]::IsNullOrWhiteSpace($uri.Hash)) {
                    # Get a comparsion hash value of the file we've just downloaded.
                    try {
                        $hash = Get-FileHash -Algorithm $uri.HashAlgorithm -Path $OutFile

                        # Now check if the computed hash is the same as the one we got from the file list.
                        if ($hash.Hash -eq $uri.Hash) {
                            Write-Verbose ('Hash values of download {0} matches stored hash value' -f $uri.FileName)
                        }
                        else {
                            Write-Warning -Message ('Hash values of download {0} do not match. Deleting' -f $uri.FileName)
                            Remove-Item -Confirm:$false -Path $OutFile
                        }
                    }
                    catch {
                        $_.Exception.Message | Write-Warning
                        throw ('Failure during hash verification of file {0}' -f $uri.FileName)
                    }
                }

                # Since we've gotten this far, we need to extract the files using 7z.
                try {
                    if ($uri.SkipUnzip -eq $false) {
                        $null = 7zip x -y $uri.UnzipParams ('-o"{0}\{1}"' -f $ProgramFolder, $uri.UnzipDir) "$OutFile"
                    }
                    elseif ($uri.SkipUnzip -eq $true -and -not [string]::IsNullOrEmpty($uri.CopyDir)) {
                        $Destination = '{0}\{1}\{2}' -f $ProgramFolder, $uri.CopyDir, $uri.FileName
                        Copy-Item -Path $OutFile -Destination $Destination -Confirm:$false
                    }

                    # Check if the current file has RemoveDirs set. If so, loop through them and do as requested.
                    if ($uri.RemoveDirs -is [System.Array] -and $uri.RemoveDirs.Count -eq 0) {
                        Write-Verbose -Message 'No files to delete after extraction.'
                    }
                    elseif ($uri.RemoveDirs -is [System.Array] -and $uri.RemoveDirs.Count -ge 1) {
                        foreach ($dir in $uri.RemoveDirs) {
                            # Now we need to construct the absolute path.
                            $RemovalPath = '{0}\{1}\{2}' -f $ProgramFolder, $uri.UnzipDir, $dir
                            
                            if (Get-Item -Path $RemovalPath -ErrorAction 'SilentlyContinue') {
                                Remove-Item -Path $RemovalPath -Recurse -Confirm:$false
                            }
                        }
                    }
                    else {
                        Write-Warning -Message ('Invalid RemoveDirs variable for file {0}' -f $uri.uri)
                    }
                }
                catch {
                    $_.Exception.Message | Write-Warning
                    throw ('Unable to extract {0} to {1}' -f $OutFile, $uri.UnzipDir)
                }

                # Now remove the download file.
                try {
                    Remove-Item -Path $OutFile -Confirm:$false
                }
                catch {
                    $_.Exception.Message | Write-Warning
                    throw ('Unable to remove {0}' -f $OutFile)
                }


                # Clear the content, so it'll not spill into the next loop.
                $OutFile, $WebRequestArgs, $FileName = $null
            }

            # Create the java security override.
            $Content = 'jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, anon, NULL, include jdk.disabled.namedCurves'
            $Content | Out-File -FilePath ('{0}\{1}' -f $ProgramFolder, 'idrac.java.security')
        }
        elseif ($PSCmdlet.ParameterSetName -eq 'Connect') {
            # Make sure, there is the necessary set of tools.
            $files = @('bin\java.exe', 'clientlib\avctKVM.jar', 'clientlib\avctKVMIO.dll', 'clientlib\avmWinLib.dll')

            foreach ($folder in $folders) {
                try {
                    Get-Item -Path ('{0}\{1}' -f $ProgramFolder, $folder)
                }
                catch {
                    $_.Exception.Message | Write-Warning
                    throw ('Unable to locate {0}\{1}' -f $ProgramFolder, $folder)
                }
            }

            # Check file requisites.
            foreach ($file in $files) {
                try {
                    Get-Item -Path ('{0}\{1}' -f $ProgramFolder, $file)
                }
                catch {
                    $_.Exception.Message | Write-Warning
                    throw ('Unable to locate {0}\{1}' -f $ProgramFolder, $file)
                }
            }

            # Do connection stuff here.
            try {
                $ProcessArgs = @(
                    '"-Djava.security.properties=idrac.java.security"',
                    ('-cp "{0}\avctKVM.jar" "-Djava.library.path={0}"' -f $libdir),
                    'com.avocent.idrac.kvm.Main',
                    ('ip="{0}" user="{1}" passwd="{2}"' -f $ServerHost, $Credential.UserName, $Credential.GetNetworkCredential().Password),
                    'apcp=1 version=2 vmprivilege=true kmport=5900 vport=5900',
                    ('"helpurl=https://{0}:443/help/contents.html"' -f $ServerHost)
                )
                $proc = Start-Process -FilePath ('"{0}\{1}"' -f $ProgramFolder, 'bin\java.exe') -PassThru -Wait -ArgumentList $ProcessArgs
                return $proc
            }
            catch {
                $_.Exception.Message | Write-Warning
                throw ('Unable to start iDRAC Remote console.')
            }
        }
    }

    end {}
}

@29039
Copy link

29039 commented Jan 22, 2022

This is great work! I think that we are at the level where an actual GitHub project is warranted?

@pglaser-engineer
Copy link

For me this worked almost exactly as documented. The only issues I had are probably the result of my specific version of macos (Big Sur 11.5.2):

  • the Java package that worked for me is jre-7u80-macosx-x64.tar.gz (the server JRE package's Java executable is not compatible with Mac)
  • macos considers the author of this version of Java to be "untrusted" and will not open it:
    • the Open Anyway button in Privacy and Security settings no longer works;
    • What does work is:
      • Before running the idrac script, run sudo spctl --master-disable
      • Now when you run the idrac script, a security dialog will appear with a warning message; it has an Open button that really does allow you to run the script, and it only bothers you the first time you run it.

Once I got through these issues, it now works. Many thanks for the efforts that went into this!

@cepm-nate
Copy link

Does anyone have success getting the "Virtual Media" to work for iDrac6? I can connect and get keyboard input and video, but when I tap "Virtual Media -> Launch Virtual Media", I get an error about "The Virtual Media native library cannot be loaded". If someone has it working, can they share the exact version of JRE they have?

@greecemunky
Copy link

Does anyone have success getting the "Virtual Media" to work for iDrac6? I can connect and get keyboard input and video, but when I tap "Virtual Media -> Launch Virtual Media", I get an error about "The Virtual Media native library cannot be loaded". If someone has it working, can they share the exact version of JRE they have?

This may occur when library file avctKVMIO.dll isn't found or loaded properly e.g. attempting to use 32-bit library with 64-bit JRE. I just tested using both jre-8u212-windows-i586 and jre-8u212-windows-x64 on Windows 10 (pulling down 32-bit and 64-bit library files respectfully), and clicking Virtual Media -> Launch Virtual Media within an iDRAC6 session opens without error for me.

I've been working on a script based on https://gist.github.com/xbb/4fd651c2493ad9284dbcb827dc8886d6?permalink_comment_id=3428052#gistcomment-3428052 that supports both 32-bit and 64-bit Java and tries to detect the iDRAC's version to know which arguments to pass to avctKVM.jar. It's a mess right now and not fully tested, but once it's somewhat cleaned up I will post it here.

@cepm-nate
Copy link

I got it to work:

  • Installed JRE 7 from Oracle
  • Viewed the viewer.jnlp file to get the right .jar files
  • Downloaded files manually, renamed to .zip, and extracted them into the proper folder. (avctKVM.jar goes in same folder as console.bat, other .dlls go into /lib folder)
  • Edited the console.bat to include IP and username instead of prompting me each time.

The tricky part was trying various platform .jar files till I found one that worked. As @greecemunky said, it was just a matter of finding the right one.

@ardabeyazoglu
Copy link

On mac osx big sur, i couldnt manage to make it work with all the instructions properly done and java.security file patched. I downloaded and used jre1.7 as mentioned before. I commented disabledAlgorithms and left it empty, neither way worked as well. I can use the same script to connect on windows using jre1.6.

I still get the following error. Did anybody manage to solve it in big sur+ ?

07/24/2022 11:24:38:487:  User login response: 3
java.net.SocketException: Broken pipe
	at java.net.SocketOutputStream.socketWrite0(Native Method)
	at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:113)
	at java.net.SocketOutputStream.write(SocketOutputStream.java:159)
	at sun.security.ssl.OutputRecord.writeBuffer(OutputRecord.java:377)
	at sun.security.ssl.OutputRecord.write(OutputRecord.java:363)
	at sun.security.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:837)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:808)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
	at java.io.DataOutputStream.flush(DataOutputStream.java:123)
	at com.avocent.kvm.c.d.g.b(Unknown Source)
	at com.avocent.kvm.c.d.i.run(Unknown Source)

And here is the command:

sudo spctl --master-disable

./jre1.7-mac/Contents/Home/bin/java -cp avctKVM.jar -Djava.library.path=./lib com.avocent.idrac.kvm.Main ip="10.0.0.100" kmport=5900 vport=5900 user=*** passwd="****" apcp=1 version=2 reconnect=2 vmprivilege=true "helpurl=https://10.0.0.100:443/help/contents.html"

@jimfrench
Copy link

jimfrench commented Jul 24, 2022

Hi
I'm not on macos but could this be just working directory ambiguity with the lib directory,, i.e.

sudo spctl --master-disable
cd ./jre1.7-mac/Contents/Home

./bin/java -cp avctKVM.jar -Djava.library.path=./lib com.avocent.idrac.kvm.Main ip="10.0.0.100" kmport=5900 vport=5900 user=*** passwd="****" apcp=1 version=2 reconnect=2 vmprivilege=true "helpurl=https://10.0.0.100:443/help/contents.html"

Alternativey fully qualified lib path

sudo spctl --master-disable

./jre1.7-mac/Contents/Home/bin/java -cp avctKVM.jar -Djava.library.path=./jre1.7-mac/Contents/Home/lib com.avocent.idrac.kvm.Main ip="10.0.0.100" kmport=5900 vport=5900 user=*** passwd="****" apcp=1 version=2 reconnect=2 vmprivilege=true "helpurl=https://10.0.0.100:443/help/contents.html"

Apologies if already checked this is correct directory

@ardabeyazoglu
Copy link

@jimfrench I havent tried this yet but i ll check if it works. Though, I don't think this would be the cause because it works until tls connection phase. Thanks for the advice anyway.

@jimfrench
Copy link

@ardabeyazoglu Yes I should have explained my reasoning, it could have been using libraries from the wrong java version, but you might be correct in that it probably wouldn't get that far if so, it would error out sooner than during the connection. Hope someone else can step in good luck.

@alatas
Copy link

alatas commented Sep 19, 2022

I tried many different combinations, java versions, etc., and finally discovered that iDRAC 6 is compatible with IE v8 on Win 7 SP1. I downloaded Win 7 SP1 and installed it on a virtual machine. It installs its ActiveX to IE 8 on the first run. Then I put the website on trusted sites. and voila!

@jimfrench
Copy link

:)

@brad82
Copy link

brad82 commented Nov 18, 2022

For those non java-savvy of us that are reading this and stumped on the Virtual Media/Keyboard capture errors above, you're missing a step;

After downloading avctKVMIOMac64.jar & avctVMMac64.jar from the iDRAC service, unzip them and move to the lib folder. Jar files are just glorified Zips, the real lib treasure is inside

unzip -d avctKVMIOMac64 avctKVMIOMac64.jar
unzip -d avctVMMac64 avctVMMac64.jar
mkdir lib
cp avctKVMIOMac64/libavctKVMIO.jnilib ./lib/
cp avctVMMac64/libavmMac.jnilib ./lib/

Thanks to https://github.com/DaveCorder/ikvm-osx for the java-for-dummies explanation.

@jamesjguthrie
Copy link

Works for me allowing me to connect to the virtual console on my R710. Glad I no longer need to dig out a VGA monitor. Thank you!

@f3rr311
Copy link

f3rr311 commented Jan 27, 2023

I am getting java/lang/NoClassDefFoundError: java/lang/Object anyone else?

@f3rr311
Copy link

f3rr311 commented Jan 28, 2023

Does anyone have this running with the separate Java version so I do not need to modify my Java Config? Ifso can you please share the working files as the things in this thread do not seem to work properly at the time im posting this or if anyone is willing to help me diagnose the issue that is more familiar with Java that would be amazing.

I have 20 Servers we have running IDRAC6 and would like to be able to use the feature but DO NOT want to run a unsecured install of Java if we can start a portable version for this.

@jimfrench
Copy link

jimfrench commented Jan 29, 2023

Does anyone have this running with the separate Java version so I do not need to modify my Java Config? Ifso can you please share the working files as the things in this thread do not seem to work properly at the time im posting this or if anyone is willing to help me diagnose the issue that is more familiar with Java that would be amazing.

I have 20 Servers we have running IDRAC6 and would like to be able to use the feature but DO NOT want to run a unsecured install of Java if we can start a portable version for this.

Hi, I'm currently using a docker container version which is maintained, and seems to work very well without having to change any java versions manually - it is a "portable version" but dockerised

https://hub.docker.com/r/domistyle/idrac6/

@cliffmathew
Copy link

I was able to connect doing this (iDRAC 6 Enterprise):

Here's how my directory ended:

Directory.png

Then I'm using this PowerShell script:

Set-Location -Path C:\idrac
$ServerHost = Read-Host "Type the name of the host that you want to connect to"
$HostPassword = Read-Host "Type the password of the host that you want to connect to"
Write-Host "nDownloading files..." wget.exe -N --no-check-certificate "https://$ServerHost/software/avctKVM.jar" -q wget.exe -N --no-check-certificate "https://$ServerHost/software/avctVMWin64.jar" -P lib -q wget.exe -N --no-check-certificate "https://$ServerHost/software/avctKVMIOWin64.jar" -P lib -q Write-Host "nExpanding files to initiate connection..."
Rename-Item .\lib\avctVMWin64.jar avctVMWin64.zip
Rename-Item .\lib\avctKVMIOWin64.jar avctKVMIOWin64.zip
Expand-Archive .\lib\avctVMWin64.zip -DestinationPath .\lib
Remove-Item .\lib\META-INF -Recurse -Confirm:$False
Expand-Archive .\lib\avctKVMIOWin64.zip -DestinationPath .\lib
Remove-Item .\lib\META-INF -Recurse -Confirm:$False
Remove-Item .\lib*.zip
Start-Process -FilePath .\bin\java -ArgumentList "-cp avctKVM.jar -Djava.library.path=.\lib com.avocent.idrac.kvm.Main ip=$ServerHost kmport=5900 vport=5900 user=root passwd=$HostPassword apcp=1 verison=2 vmprivilege=true 'helpurl=https://$($ServerHost):443/help/contents.html'"
Remove-Item .\lib*.dll
Remove-Item .\avctKVM.jar

It worked without modifying my PC java.security file.

The only problems until now is that I didn't find a way to pass the password using PowerShell in a secure way (I have tried the -AsSecureString), so for now the password is in plain text... =/ And I have tried to use this code to download the files:

Invoke-WebRequest https://$ServerHost/software/avctKVM.jar -OutFile .\avctKVM.jar

But sometimes worked, sometimes don't, I think that I need to initiate the connection first... Meanwhile I'm using wget as other users commented previously.

Anyway, thanks a lot for your time to help a lot of people!!!

JAN 29 2023 / WINDOWS 10: Took your script and made changes to get it to work on my PC.
Steps:

  • Downloaded the same JRE you mentioned first from Oracle website
  • Created C:\IDRAC and expanded as you suggested
  • Created C:\IDRAC\idrac.ps1 file using notepad with the following contents. Notice that I exit before the last 2 remove commands. It works now, I don't have time to spruce it up. WARNING: in my script, Credentials are exposed in the script -- so NOT A SECURE implementation. You can use the prompt based commands from the original poster.

==================
Set-Location -Path C:\idrac
$ServerHost = "192.168.1.92"
$HostPassword = "calvin"

$username = "root"
$password = ConvertTo-SecureString "calvin" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password)

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Ssl3
[Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

Write-Host "`nDownloading files..."
Invoke-WebRequest -Credential $psCred -Uri "https://$ServerHost/software/avctKVM.jar" -outfile "avctKVM.jar"
Invoke-WebRequest -Credential $psCred -Uri "https://$ServerHost/software/avctVMWin64.jar" -outfile "lib\avctVMWin64.jar"
Invoke-WebRequest -Credential $psCred -Uri "https://$ServerHost/software/avctKVMIOWin64.jar" -outfile "lib\avctKVMIOWin64.jar"

Write-Host "`nExpanding files to initiate connection..."
Move-Item -Force .\lib\avctVMWin64.jar avctVMWin64.zip
Move-Item -Force .\lib\avctKVMIOWin64.jar avctKVMIOWin64.zip
Expand-Archive -Force .\lib\avctVMWin64.zip -DestinationPath .\lib
Remove-Item -Force .\lib\META-INF -Recurse -Confirm:$False
Expand-Archive -Force .\lib\avctKVMIOWin64.zip -DestinationPath .\lib
Remove-Item -Force .\lib\META-INF -Recurse -Confirm:$False
Remove-Item -Force .\lib*.zip

&Start-Process -FilePath .\bin\java -ArgumentList "-cp avctKVM.jar -Djava.library.path=.\lib com.avocent.idrac.kvm.Main ip=$ServerHost kmport=5900 vport=5900 user=root passwd=$HostPassword apcp=1 verison=2 vmprivilege=true 'helpurl=https://$($ServerHost):443/help/contents.html'"
exit
Remove-Item .\lib*.dll
Remove-Item .\avctKVM.jar

@ElanHasson
Copy link

This is by far the easiest: https://github.com/DomiStyle/docker-idrac6

@NoahDar
Copy link

NoahDar commented Apr 28, 2023

For those non java-savvy of us that are reading this and stumped on the Virtual Media/Keyboard capture errors above, you're missing a step;

After downloading avctKVMIOMac64.jar & avctVMMac64.jar from the iDRAC service, unzip them and move to the lib folder. Jar files are just glorified Zips, the real lib treasure is inside

unzip -d avctKVMIOMac64 avctKVMIOMac64.jar
unzip -d avctVMMac64 avctVMMac64.jar
mkdir lib
cp avctKVMIOMac64/libavctKVMIO.jnilib ./lib/
cp avctVMMac64/libavmMac.jnilib ./lib/

Thanks to https://github.com/DaveCorder/ikvm-osx for the java-for-dummies explanation.

Thank you for this!! I was able to do the same for my Linux running Debian 11.

I unzipped the two files:

avctKVMIOLinux64.jar
avctVMLinux64.jar

Then I copied the two extracted files over to jdk1.7.0_80_x64/lib folder:

libavctKVMIO.so
libavmlinux.so

Boom it worked!

@thirdwheel
Copy link

thirdwheel commented Dec 13, 2023

Has anyone had any luck doing this with iDRAC 8? Even after downloading the relevant libraries and removing all disabled algorithms, I'm not having any luck. Output below:

KVM/VM Client Version: 5.04.04 (Build 488)
Dec 13, 2023 12:20:43 PM java.util.prefs.WindowsPreferences <init>
WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs at root 0x80000002. Windows RegCreateKeyEx(...) returned error code 5.
replace numpad
** Max Size: W = 1920 H = 1032
** Window Pref Size: W = 1040 H = 823
** Max Size: W = 1920 H = 1032
** Window Pref Size: W = 1040 H = 823
ProtocolAPCP.receieveSessionSetup : v1.2 APCP = true
APCP Version = 260

Supported protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]

Enabled protocols: [SSLv3, TLSv1]

Supported ciphers: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Enabled ciphers: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

Exception in server handshake
java.net.SocketException: Connection reset
        at java.net.SocketInputStream.read(SocketInputStream.java:196)
        at java.net.SocketInputStream.read(SocketInputStream.java:122)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
        at sun.security.ssl.InputRecord.read(InputRecord.java:480)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
        at com.avocent.d.a.a.a(Unknown Source)
        at com.avocent.d.a.a.a(Unknown Source)
        at com.avocent.d.a.a.c(Unknown Source)
        at com.avocent.d.d.b.a(Unknown Source)
        at com.avocent.a.b.w.g(Unknown Source)
        at com.avocent.a.b.w.a(Unknown Source)
        at com.avocent.app.c.l.m(Unknown Source)
        at com.avocent.app.c.l.e(Unknown Source)
        at com.avocent.idrac.kvm.a.e(Unknown Source)
        at com.avocent.idrac.kvm.Main.a(Unknown Source)
        at com.avocent.idrac.kvm.Main.main(Unknown Source)
java.net.SocketException: Connection reset
        at java.net.SocketInputStream.read(SocketInputStream.java:196)
        at java.net.SocketInputStream.read(SocketInputStream.java:122)
        at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
        at sun.security.ssl.InputRecord.read(InputRecord.java:480)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
        at com.avocent.d.a.a.a(Unknown Source)
        at com.avocent.d.a.a.a(Unknown Source)
        at com.avocent.d.a.a.c(Unknown Source)
        at com.avocent.d.d.b.a(Unknown Source)
        at com.avocent.a.b.w.g(Unknown Source)
        at com.avocent.a.b.w.a(Unknown Source)
        at com.avocent.app.c.l.m(Unknown Source)
        at com.avocent.app.c.l.e(Unknown Source)
        at com.avocent.idrac.kvm.a.e(Unknown Source)
        at com.avocent.idrac.kvm.Main.a(Unknown Source)
        at com.avocent.idrac.kvm.Main.main(Unknown Source)
CoreSessionListener : connection failed
in CoreSessionListner : fireOnSessionStateChanged
 KVM session state SESSION_FAILED
 KVM session state SESSION_CLOSING
calling clenaup from CloseViewerClient

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment