- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Re: iLO Java Remote Console: Upcoming JRE 1.7u51
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2015 01:15 PM
01-28-2015 01:15 PM
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
Update:
I figured that I can successfully open the iLO2 Java Remote Console after I disabled TLS 1.1 and TLS 1.2 protocols in the Java Control Panel (iLO2 webserver supports up to TLS 1.0).
So, to me it looks like Java Runtime Environment versions 7 and 8 have a broken TLS implementation.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2015 06:37 AM - last edited on 01-07-2021 03:16 AM by krupamn
01-29-2015 06:37 AM - last edited on 01-07-2021 03:16 AM by krupamn
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
Thanks Oscar A. Perez for pointing that out! Wenn disabling TLS 1.2 and TLS 1.1 in Java setting the Java console in ilo2 is working again. I tried with Java 8 Update 31 (1.8.0_31-b13).
It took me half an hour of searching the web until I found your solution.
Of cause it is needed to close the browser (or kill any running instances of Java) so that the new settings are applied.
I find it a bit strange that TSL 1.0 is working, because here is an Advisory from HP that says: "iLO is configured to enable SSL Version 3 for compatibility and disable TLS (Transport Layer Security) Version 1.0, which also will disable TLS Version 1.1 and TLS Version 1.2 as well."
Unfortunately thre is still no updated firmware available...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-04-2015 03:13 PM - edited 02-04-2015 03:13 PM
02-04-2015 03:13 PM - edited 02-04-2015 03:13 PM
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
@aFriend,
That advisory is about iLO connecting as a "client" to servers that support TLS 1.0
BTW, this client connecting issue has been addressed in the latest iLO2 v2.27, iLO3 v1.82 and iLO4 v2.03
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2015 02:44 AM
04-16-2015 02:44 AM
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
I tried to follow the exact steps but I am unable to start the Java Intergrated Remote Console. JDK1.8.45 and Fedora 21 not working.
@Jon_Miller wrote:Not sure if others have resolved their problem but I worked through my issue recently.
1. Installed Java JSE v8u5 on my Fedora 20 64bit Linux station.
2. Used 'alternatives' to update the default Java over openjdk (including link to libjavaplugin.so.x86_64)
alternatives --install /usr/lib64/mozilla/plugins/libjavaplugin.so libjavaplugin.so.x86_64 /usr/java/latest/jre/lib/amd64/libnpjp2.so 200000
3. Ensured Firefox had a link to the plugin
sudo ln -sf /usr/java/latest/jre/lib/amd64/libnpjp2.so /usr/lib64/firefox/plugins/libnpjp2.so
4. Restarted Firefox
a. Go to your Addons and ensure the proper Java plugin is enabled
5. Finally need to add exceptions for Java security for the applet to run.
- You can do this by running ControlPanel (/usr/java/latest/bin/ControlPanel)
and adding exceptions in the Security tab for your iLO address.
E.g. I was hitting my iLO via IP address, so the exception looked like "https://10.39.8.13"
- Also, I noticed that by adding this exception, it was fortunately just saved into a plain text file located at:
~/.java/deployment/security/exception.sites
- I intend to create a simple script that ensures my exception is there and then opens a tab in firefox to the iLO address.
I there any support from HP for this ? The last time I was able to start ILO console properly on Linux was 5 or 6 years ago on CentOS 5 with JDK1.6 . After that look like HP dropped support entirely for Linux. Very odd all the HP servers I installed in the last 5 years are running Linux.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2015 04:43 AM
04-16-2015 04:43 AM
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
OK,
finally I was able to make it work under Fedora 21 with JDK 1.8.0_45
Very important to follow the above list of stuff but additionally:
- make sure to have the last JDK version (jdk 1.8.0_45 in my case)
- make sure to disable any addblocker/scriptblocker in the browser for your ILO site
- make sure to add the site in the Java Security Exception list under Security in Java Control Panel
- make sure TLS 1.1 and TLS 1.2 are disabled under Advanced Tab in Java Control Panel
- make sure to allow java plugin execution for the ILO site. Stupid Firefox denies by default any execution and you have to click a plugin button (between back button and the address bar) to allow execution.
- open in your firewal/firewalls port 17990 which is the default port for Remote Console Port
- open in your firewal/firewalls port 17988 which is the default port for Virtual Media Port
Hope this help someone.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2015 07:17 AM
05-07-2015 07:17 AM
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
iLO with Java 8 Update 45 and IE11
- add site name to exception site list in Java Control panel under Security
- disable TLS 1.1 and TLS 1.2 under Advanced in Java Control panel
- disable TLS 1.1 and TLS 1.2 in IE11 in Internet options --> Advanced
this workaround help me wonderfull
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2015 06:54 AM - edited 06-24-2015 07:05 AM
05-11-2015 06:54 AM - edited 06-24-2015 07:05 AM
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
@Bluequartz wrote:iLO with Java 8 Update 45 and IE11
- add site name to exception site list in Java Control panel under Security
- disable TLS 1.1 and TLS 1.2 under Advanced in Java Control panel
- disable TLS 1.1 and TLS 1.2 in IE11 in Internet options --> Advanced
this workaround help me wonderfull
Edit: I finally had the time to do an in-depth debugging session and I found the root cause. See below.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2015 07:25 AM - edited 06-24-2015 07:09 AM
06-22-2015 07:25 AM - edited 06-24-2015 07:09 AM
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
Quick update:
I found that the RSA SSL library used by iLO2 wasn't handling the Client Hello properly, when the Client Hello messages sent by SSL clients came in a TLS 1.1 or TLS 1.2 record. Both Java and IE11 send their Client Hello messages in TLS 1.2 records. Chrome on the other hand, always sends Client Hello messages in a TLS 1.0 record for backward compatability.
I'm testing a fix for this issue.
Oscar
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2015 07:17 AM
10-20-2015 07:17 AM
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
Quick update.
iLO2 v2.29 with a fix for this issue has been released.
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-30-2015 05:53 PM
10-30-2015 05:53 PM
Re: iLO Java Remote Console: Upcoming JRE 1.7u51
Hi, any chance, that this fix will be implemented in ilo100 (eg.HP ProLiant DL180 G6 Server). Thanks