Howdy folks so i recently replaced my Single Socket Hypervisors with Dell R710’s pick them up at a good price in a auction on eBay. The Firmware were really out of date on the iDRAC, Lifecycle Controller and BIOS so i updated them I tried to use the iDRAC Virtual Console to update the Firmware on the Server but i was presented with a Application Blocked by Java Security this is familiar as the older Supermicro Motherboards have the same problem. I ended up updating the iDRAC, Lifecycle Controller and BIOS etc by the manual method of Connecting a Monitor, Keyboard and installed Ubuntu Server on a junk drive to apply the updates.
Lets fix this and get the handy Virtual Console working with the latest Java 8.0.2910.10. IDrac Version as of this guide 2.92 (Build 05). Please make sure that you upgrade the iDRAC, note this guide is only for Windows. For Linux, The guide can be found here https://www.violetdragonsnetwork.co.uk/how-to-install-java-web-start-java-se-runtime-in-ubuntu-debian-linux/
I recommend downloading Java from the official download section on the site. https://www.oracle.com/java/technologies/javase-jre8-downloads.html
When you log into the iDRAC via the IP Address or Internal Domain Name and click on Launch in the Virtual Console Preview and download the viewer.jnlp file and open it you will be greeted with the Application Blocked by Java Security box to fix this we need to add the IP Address to the Java Control Panel -> Security -> Exception Site List.
To open the Java Control Panel we need to open Control Panel up in Windows -> Java icon.
You may notice that the Java icon in Control Panel shows Java (32-bit) on your system that is ok just means you have installed the 32bit version of Java.
Now we need to go to Security Section -> Edit Site List and add the IP Address of the iDRAC module, if you plan on using a internal Domain Name then i would recommend adding that as well as the IP.
Once adding the IP of the iDRAC we can now try Opening the Virtual Console but you will notice another box will come up with Connection failed. This is because of disabled Algorithms in java.security.
We need to edit java.security file, Open Notepad up as a Administrator. A box will pop up and ask you if you want to allow this app to make changes Click Yes.
Now to locate java.security file there are two different locations,
Java 32bit the location is Local Disk C: -> Program Files (x86) -> Java -> jre1.8.0_291 -> lib -> java.security
Java 64bit the location is Local Disk C: -> Program Files -> Java -> jre1.8.0_291 -> lib -> java.security
Make sure to change Text Documents to All files or java.security and other files will not be seen. Click on Open you should see the following,
Once open we need to find the following like jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ You can search by going to edit and Find.
Now i don’t recommend deleting jdk.tls.disabledAlgorithms=SSLv3 I would recommend hashing it out instead as you can change it on the fly later on. I would not recommend having this disabled completely. So add a # in front of jdk.tls.disabledAlgorithms=SSLv3. As follows,
Save and quit. Now try and Access the Virtual Console,
You will see that the Virtual Console now works but after disabling some of older Security Algorithms this is a security risk. Here’s what i recommend put the iDRAC in a VLAN segmented from everything else and use either a Virtual Machine with Windows 10 running and only run the VM with Windows 10 when ever you need to use the Console or you can disable it on the fly or have a dedicated management machine that sees no internet connection. Please don’t expose the management interface to the Public. For remote access i extremely recommend to use a VPN.
I hope this guide helps you. Any Questions don’t hesitate to comment below.