SOLVED (partially) Can't vKVM on Gigabyte Server board

objecttothis

New Member
Mar 26, 2022
2
0
1
I'm running a Gigabyte GA-6LISL mITX server board with TrueNAS Core and I am banging my head up against the wall trying to vKVM in. When I attempt to launch the Java KVM client from the web console I get a generic "Connection Failed" error.

1648334601500.png

After doing some research I figured I would give Supermicro IPMIView a try. I installed 2.19.0 build 210401 (latest) and it successfully establishes a connection, but there's no KVM tab!

1648334879129.png

Ideas?
 

oneplane

Active Member
Jul 23, 2021
238
114
43
Old Java KVM clients usually are made with ancient Java versions, programmed by people following business guidelines instead of technical quality.

Usually, unless you run Java 1.6 or Java 1.8 (from Oracle, not any other JVM), in some shady unprotected mode, the KVM software doesn't run. I keep an old Ubuntu 12 VM around for that, but an old XP VM with a shadow disk (read-only) works too.
 

oneplane

Active Member
Jul 23, 2021
238
114
43
OK, IPMIview still doesn't work but I found a solution for the vKVM in the WebUI. @hannan at Supermicro IPMIView KVM Console does not work at all had me comment out the line containing "jdk.tls.disabledAlgorithms=SSLv3" in \lib\security\java.security and I can now launch vKVM.

Pretty ridiculous that IPMIs are not kept up to date.
Yep, it is ridiculous indeed. Sadly all the chips and firmwares involved are encumbered with NDAs to the point that it becomes impossible to make a (rather simple) technical fix.

The SSLv3 protocol (and TLS 1.0 and 1.1) should really never be used anymore, but the IPMI client (and often the server as well) is then using a library that has a hardcoded requirement to only use one of those protocol versions and it will break any time it isn't available. Some Java versions have it as a configuration option, some don't even have the protocol available at all. At some point Java Web Start got deleted too so most JNLP-based applications will simply not even open anymore as there is no program to read them.

Meanwhile, if they just used noVNC as an in-browser VNC client they could just use whatever the browser selects, which gets updated all the time and keeps working much longer than any static implementation.