iDRAC 6, Windows 10 and modern Java... "Connection failed"

[EpicLPer]

I'm completely stuck here right now... I'm trying to launch the remote management console for iDRAC 6 (old PowerEdge T710 Server) but no matter what I try the client constantly tells me "Connection Failed"...

I've already tried disabling SSLv3 in the java.security file, no luck. Updating the firmware to 2.90 (Build 04), aka. the latest available for my server, didn't help either. Only thing quite old is the BIOS which I have no idea how to update, it's on 6.0.7 tho the latest would be 6.6.0, normally you'd do that via the LifeCycle controller and an update option there but I don't have such an option available for some reason and trying to manually update it just fails every time.

 

Anyways, any ideas still on how to get the iDRAC 6 Remote Console working again? Thanks a ton already!

[Windows7ge]

Well first I would try to isolate what's at fault your client, your network, or the server. Did you try remoting in from a different computer?

 

I had to update the BIOS on an old dell server once. It had no BIOS option to do so so I updated via DOS. Setup a FreeDOS thumb drive using Rufus and download the BIOS from Dell. Save them to the thumb drive and you should be able to update it from there you just have to launch the file. Worked for me.

[EpicLPer]

19 minutes ago, Windows7ge said:

Well first I would try to isolate what's at fault your client, your network, or the server. Did you try remoting in from a different computer?

 

I had to update the BIOS on an old dell server once. It had no BIOS option to do so so I updated via DOS. Setup a FreeDOS thumb drive using Rufus and download the BIOS from Dell. Save them to the thumb drive and you should be able to update it from there you just have to launch the file. Worked for me.

Yeah, managed to update the BIOS via a FreeDOS stick now, still no luck with the remote client tho. I'll try another PC now with the same java.security "hacks", hope this works at least... Having to get out the old VGA monitor and plugging a keyboard physically into the server is kinda annoying.

[Windows7ge]

13 minutes ago, EpicLPer said:

Yeah, managed to update the BIOS via a FreeDOS stick now, still no luck with the remote client tho. I'll try another PC now with the same java.security "hacks", hope this works at least... Having to get out the old VGA monitor and plugging a keyboard physically into the server is kinda annoying.

Java security game me an issue on an ASRock Rack board. The version of Java I was running the security would not let me connect because it did not trust the certificate it was presented even after I added the IP of the server to the exception list. It forced me to roll back the driver and hope an even newer release would fix it.

[Acedia]

Haven't tried it with iDARC yet (we mostly use HP hence I use the iLo .net version) but this worked on a lot of old hp switches with java interfaces:

Use internet explorer

Go to your internet settings and add the IP (or URL if you have it in dns) of the iDARC site to your trusted sites in the security tab

Go to your Java Control Panel > Security > edit the site list and add the IP/URL or the iDARC Interface to your sites both http:// and https:// (at the very end click the + again so an empty row sits on top. Dunno what they f'ed up there)

Restart your internet explorer and try accessing the site

[meun5]

The issue appears to stem from the fact that Java 8u60 (according to https://www.oracle.com/technetwork/java/javase/8all-relnotes-2226344.html#R180_60) disables the RC4 tls cipher algorithm, which is used by iDRAC 6. In addition to adding the site to the Security Exclusion list as per above, we had to modify the java.security file and remove RC4 from the list of disabled algorithms. The security file can be found in $JAVA_HOME/lib/security (For Unix Based OSes) or %JAVA_HOME%\lib\security for Windows. The line is jdk.tls.disabledAlgorithms=... and we just copied the line then removed RC4.

 

This should allow the Java App to connect to the Remote Console.

[Mikensan]

Also had to modify my Java security config to get iDRAC working - though I believe I was able to update the lifecycle / iDRAC firmware to solve this issue on my Dells, but it seems IBM doesn't care about their 10 year old servers enough to fix this issue lol.

 

It might be worth it to have a dedicated VM for legacy work where you can break security for functionality while limiting its access. Though if this is a lab, who cares lol.

[Acedia]

7 hours ago, Mikensan said:

but it seems IBM doesn't care about their 10 year old servers enough to fix this issue lol.

IIRC the life span of Dell servers are 7 years. After that you can't even buy support anymore.

[Electronics Wizardy]

On 4/27/2019 at 5:18 PM, EpicLPer said:

Yeah, managed to update the BIOS via a FreeDOS stick now, still no luck with the remote client tho. I'll try another PC now with the same java.security "hacks", hope this works at least... Having to get out the old VGA monitor and plugging a keyboard physically into the server is kinda annoying.

How often do you need access to the console? normally just install the os and do everything else over rdp/ssh.

 

If you want to change oses, look at a hypervisor.

 

Try running a xp vm with ie, that seems to work the best for me. Or a older version of 7 with ie. There impi solutions on old servers often don't play nice with new browsers.

[Mikensan]

16 hours ago, Acedia said:

IIRC the life span of Dell servers are 7 years. After that you can't even buy support anymore.

Yet they thankfully still patch their equipment. It is possible they continued to sell platforms with the same motherboard just long enough that the patches are still kept up, either way I'm happy.

 

I don't expect dell or IBM or patch 10 year old systems, more of a tongue in cheek comment towards IBM.