SOLVED - Supermicro H8DCL-IF IPMI no longer can connect to Java Console

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

lpallard

Member
Aug 17, 2013
276
11
18
Hello,

I have an older H8DCL-iF mobo that I am trying to connect to the IPMI remote console but Java wont let me connect to it because of security reasons....

I tried fiddling with the "java.security" files on my local machine to no avail.

The error message is:

Caused by: net.sourceforge.jnlp.LaunchException: Fatal: Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.
at net.sourceforge.jnlp.runtime.JNLPClassLoader$SecurityDelegateImpl.getClassLoaderSecurity(JNLPClassLoader.java:2481)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.setSecurity(JNLPClassLoader.java:385)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.initializeResources(JNLPClassLoader.java:806)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.<init>(JNLPClassLoader.java:338)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.createInstance(JNLPClassLoader.java:421)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:495)
at net.sourceforge.jnlp.runtime.JNLPClassLoader.getInstance(JNLPClassLoader.java:468)
at net.sourceforge.jnlp.Launcher.createApplication(Launcher.java:814)

No doubt caused by the fact that the latest IPMI firmware is from 2014 and java security has evolved since then... but nevertheless.... I need to connect to this server which is NOT on the internet anyway so risk=0.

Supermicro NO longers has a product page for that model (this is very strange) and their search tool doesnt list the product page other than the PDF manual..... Also strange...

Short of opening a ticket with them, how do I connect remotely??? This is really stupid............

Any hint appreciated!
 

oneplane

Well-Known Member
Jul 23, 2021
844
484
63
@lpallard The problem is not technically on the SuperMicro end, but your local Java version doesn't allow networked apps for unsigned JAR files. This is a good thing, because otherwise any rando on the internet could serve you malware and there would be nothing you could do about it.

What you need is a combination of an old Java Runtime (probably not available for any new operating system anymore anyway) and an old browser that still allows loading old Java versions (which again, is bad).

An easy way around this used to be getting an old OS in a VM, i.e. an old XP vm, Windows 7 32-bit VM etc. and install an old browser and old Java in there. Same goes for ActiveX based KVM viewers. But instead of a full VM, you can use the docker method as posted by @gregsachs which is much cleaner and as soon as you close the virtual browser and kill the docker container, it also doesn't pose any risk.
 

jdnz

Member
Apr 29, 2021
80
19
8
just logged in and checked - we're using 24.8.1esr - so maybe start with that and then work backwards to earlier esr releases as needed
 

oneplane

Well-Known Member
Jul 23, 2021
844
484
63
just logged in and checked - we're using 24.8.1esr - so maybe start with that and then work backwards to earlier esr releases as needed
Keep in mind that if someone ever accidentally uses it to brows the open web and some site or even an ad on a site decides to pwn you, there is not much you can do about it.
 

jdnz

Member
Apr 29, 2021
80
19
8
Keep in mind that if someone ever accidentally uses it to brows the open web and some site or even an ad on a site decides to pwn you, there is not much you can do about it.
it's installed locally to ONLY the root account, so the risk of this is low
 

lpallard

Member
Aug 17, 2013
276
11
18
Thanks guys for replying. I contacted Supermicro in // to see what they had to say... their reply:

"Yes, H8 Products have reached EOLed and stopped supporting all H8 products. (you might find some of products might still on SMCI web
site for last BIOS, IPMI or driver to download; but unfortunately H8DCL-iF was removed all)

If IPMI remote JAVA console was previously working, what have changed? Can you use other operation system like Window or RHEL Firefox to
connect?"

Anyways, its clear for me: this mobo is OLD and we no longer care. Fair enough. I went ahead and assembled a VM in virtualbox on my desktop and gave it access to the server's IPMIs but not to the internet (for security reasons and also because Linux is getting more and more annoying like windows with auto updates, etc etc etc etc -> Actually went trial and error on this one until I understood that simplest / best option was to install centos 7 straight from he DVD and leave it "as is"...).

From the VM if I launch javaws manually such as "javaws launch.jnpl" it works almost flawlessly.

I tried Supermicro's free utility IPMIView 2.0. Everything seems to be working well except of course the KVM console ;) which throws this error when trying:

Code:
com.supermicro.ipmi.IPMIException: Invalid data field in Request(CCh)

    at com.supermicro.ipmi.IPMICommand.ccode2Exception(IPMICommand.java:35)

    at com.supermicro.ipmi.IPMIOEMPortServiceCommand.getPort(IPMIOEMPortServiceCommand.java:50)

    at IPMIView20.KVMATENPanel.lambda$jButton1_actionPerformed$13(KVMATENPanel.java:485)

    at java.lang.Thread.run(Thread.java:748)
Doesnt really matter. Now I have a VM running 6 yo stuff which works almost well... If things are going south, I may try the Docker solution proposed by @gregsachs. However, I will need to get familiar with Docker a bit more....

Thanks!