asdm

Answered Question
Sep 30th, 2010
User Badges:

Facing trouble with using asdm on asa version 8.0(4)

  asdm version is 6.1(3)

Java installs have been tried , but the asdm launcher hangs off for indefinite time after credentials are keyed.

we have tried to load it with IE option also.

it has to be manually terminated to stop it.


please help with any suggestions over this.



thank you all.

Correct Answer by rmavila about 6 years 9 months ago

Hi ,


There is a bug associated with ASDM version 6.1 in which we cannot access the ASDM after the ASA is up and running for more than 1 yr 0 days. This can be verified from the java logs. The work around is to reload the ASA or a permanant solution is to upgrade the ASDM version.


Hope this helps


Regards,

Rahul

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.8 (5 ratings)
Loading.
mmandeka Thu, 09/30/2010 - 22:00
User Badges:
  • Cisco Employee,

Hi Thomas,


>> Have you tried ASDM access from another PC? Was this working earlier?

>>Java version running?

>> You can try to clear the ASDM cache and then try to access the ASDM


ASDM cache is typically on C:\Documents and Settings\ \.asdm\ cache


>> Also, please collect the java logs. They can be located, by clicking the second icon located at the extreme right bottom corner of the ASDM launcher window, where we put in the ip address, username and password to open ASDM. Once a new window pop ups, press the number "5" for the debug level. Capture the complete output and send that across once we try to access the ASDM.



Regards,

Manisha Mandekar

suthomas1 Thu, 09/30/2010 - 22:46
User Badges:

Hi,


Cache cleared and tried, returns same results.

Java is ver 6 update 21. tried from other pc's , but doesnt budge.

yes, this was working before , but lately no one used it much as there werent any need for checks.


I am unable to locate the java logs. do you mean the small "lock"symbol that comes when you get to login screen on asdm.


thank you.

Namit Agarwal Thu, 09/30/2010 - 22:54
User Badges:
  • Cisco Employee,

Hi Thomas,


Are you able to ssh or telnet to the ASA ? Also does the CPU usage shoot up when you and try login to the ASDM ?



Please remove and re-create the RSA keys. Issue this command in order to remove the RSA key pair from ASA:

ASA(config)#crypto key zeroize rsa

Issue this command in order to generate the new key:

ASA(config)# crypto key generate rsa modulus 1024

Now try accessing the ASDM.


Thanks,


Namit

praprama Thu, 09/30/2010 - 22:56
User Badges:
  • Cisco Employee,

Hi,


You should see a "java" icon in the system tray when tryin to open the ASDM. Alternatively, you should be able to access the java console from control panel as well.


In addition, could you run "debug http 255" on the ASA when accessing it's ASDM? Let's see if we notice something there.


Regards,

Prapanch

suthomas1 Thu, 09/30/2010 - 23:19
User Badges:

Hi Namit,


while it is loading  on asdm, cpu changes from 2% to 8% and returns back to normal real quick in few seconds.
telnet is working with this.
Remains same after using rsa key factors.


Hi Prapanch,


this is the message i get with http.



HTTP: processing GET URL '/root/asdm_banner' from host 192.168.100.24
HTTP: authentication not required
HTTP: processing GET URL '/root/exec/show+version/show+curpriv/perfmon+interval+10/show+asdm+sessions/show+firewall/show+mode/changeto+system/show+admin-context' from host 192.168.100.24
HTTP: authentication required, no authentication information was provided
HTTP: processing GET URL '/root/exec/show+version/show+curpriv/perfmon+interval+10/show+asdm+sessions/show+firewall/show+mode/changeto+system/show+admin-context' from host 192.168.100.24
HTTP: Authentication username = 'root'



Thank you both.

rmavila Fri, 10/01/2010 - 04:37
User Badges:
  • Cisco Employee,

Hi,


Can you tell me for how long is the ASA up and running. It would be really useful if we could get the java logs. On the box where you enter your user credentials (username and password) in ASDM launcher there will a cup icon on the bottom right corner. Click on it and hit 5 on the keyboard to get the logs. Once you do this enter your credentials and try to log onto ASDM. Send the logs you get. Also try to upgrade the ASDM version and try to log in.


Regards,

Rahul

praprama Fri, 10/01/2010 - 05:06
User Badges:
  • Cisco Employee,

Hi,


Those aren't the complete logs are they? Please paste the complete logs if those aren't already. Also, you can copying the asdm image again onto the flash and try accessing it. just to ensure there was no data corruption the last time you copied it.


Regards,

Prapanch

suthomas1 Fri, 10/01/2010 - 08:21
User Badges:

Hi Rahul,


this asa is up for more than an year now.i will do the asdm icon log thing again tomorrow once in workplace & give the output as it comes.


Prapanch,


The logs that were pasted are complete in the sense to what was displayed while asdm was being tried. As said before, once login is entered asdm takes it and shows loading after which it just sits there . Nothing else happens & all the while that log was what came on the debug.

ultimately i had to cancel of asdm login.


I will try it again tomorrow and post the output. & about re-copy of asdm , will it cause outage to do. I mean reload or something, as this is into production.


Thanks & appreciate both of your willingness to help!

Jitendriya Athavale Fri, 10/01/2010 - 08:34
User Badges:
  • Cisco Employee,

why dont you try chaning the asdm image, sinc eyou say you havent used it for a while and it was working before


i see 2 things here java or image for some reason is corrupted


while we continue to look into java issue,


also one suggestion try the latest one that supports your asa image i think 6.25-53 must be good (just in case it issome kind of a bug)

if this doesnt work we will contnue working with the java logs and debugs

Jitendriya Athavale Fri, 10/01/2010 - 08:35
User Badges:
  • Cisco Employee,

by the way chaning asdm image does not reqiure relaod, just change the image pointer


no asdm image flash:/asdm...blah blah old


no asdm image flash:/asdm...blah blah new

Correct Answer
rmavila Fri, 10/01/2010 - 08:41
User Badges:
  • Cisco Employee,

Hi ,


There is a bug associated with ASDM version 6.1 in which we cannot access the ASDM after the ASA is up and running for more than 1 yr 0 days. This can be verified from the java logs. The work around is to reload the ASA or a permanant solution is to upgrade the ASDM version.


Hope this helps


Regards,

Rahul

suthomas1 Fri, 10/01/2010 - 22:43
User Badges:

i got the logs from asdm,


Java Web Start 1.6.0_21
Using JRE version 1.6.0_21-b07 Java HotSpot(TM) Client VM
User home directory = C:\Documents and Settings\TEMP
----------------------------------------------------
c:   clear console window
f:   finalize objects on finalization queue
g:   garbage collect
h:   display this help message
m:   print memory usage
o:   trigger logging
p:   reload proxy configuration
q:   hide console
r:   reload policy configuration
s:   dump system and deployment properties
t:   dump thread list
v:   dump thread stack
0-5: set trace level to
----------------------------------------------------


---------------------------------------------
Local Launcher Version = 1.5.30
Local Launcher Version Display = 1.5(30)
Trace level set to 5: all ... completed.
OK button clicked
Trying for ASDM Version file; url = https://x.x.x.x/root/
network: Connecting https://x.x.x.x/root//version.prop with proxy=DIRECT
network: Connecting socket://x.x.x.x:443 with proxy=DIRECT
Server Version = 6.1(3)
Server Launcher Version = 1.5.30, size = 319488 bytes
invoking SGZ Loader..
Cache location = C:/Documents and Settings/TEMP/.asdm/cache
network: Connecting https://x.x.x.x/root//pdm.sgz with proxy=DIRECT
network: Connecting socket://x.x.x.x with proxy=DIRECT
security: JAVAWS AppPolicy Permission requested for: https://x.x.x.x/root//public/lzma.jar
security: Istrusted: https://x.x.x.x/root//public/asdm.jnlp true
network: Connecting https://x.x.x.x/root//asdm_banner with proxy=DIRECT
network: Connecting socket://x.x.x.x:443 with proxy=DIRECT
network: Connecting https://x.x.x.x/root/exec/show+version/show+curpriv/perfmon+interval+10/show+asdm+sessions/show+firewall/show+mode/changeto+system/show+admin-context with proxy=DIRECT
network: Connecting socket://x.x.x.x:443 with proxy=DIRECT
network: Connecting https://x.x.x.x/root/exec/show+version/show+curpriv/perfmon+interval+10/show+asdm+sessions/show+firewall/show+mode/changeto+system/show+admin-context with proxy=DIRECT
network: Connecting socket://x.x.x.x:443 with proxy=DIRECT
Exception in thread "SGZ Loader: launchSgzApplet" java.lang.NumberFormatException: For input string: "1 year 112"
    at java.lang.NumberFormatException.forInputString(Unknown Source)
    at java.lang.Integer.parseInt(Unknown Source)
    at java.lang.Integer.parseInt(Unknown Source)
    at com.cisco.pdm.Check.h(DashoA10*..:1358)
    at com.cisco.pdm.Check.c(DashoA10*..:858)
    at com.cisco.pdm.Check.a(DashoA10*..:438)
    at com.cisco.pdm.PDMApplet.start(DashoA10*..:132)
    at com.cisco.nm.dice.loader.r.run(DashoA19*..:410)


This is where it stops for a long period until i close the asdm window off.

I could not try reloading of image, will try it later.


does the above logs help.


Thanks one & all for their great help.

mmandeka Fri, 10/01/2010 - 22:49
User Badges:
  • Cisco Employee,

Hi Thomas,


You are hitting the bug CSCsr89144


As a workaround you can reload the asa to fix the issue.

Or you can upgrade the code of the ASDM to 6.1.5

praprama Fri, 10/01/2010 - 22:50
User Badges:
  • Cisco Employee,

Hi,


As Rahul suggested previously, you seem to be running into CSCsr89144. Details about the above can be found at


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsr89144


As a workaround, try reloading the ASA. Also, as JItendriya suggested, best option we have is to upgrade the ASDM to a more recent version.


Hope this helps!!


Thanks and Regards,

Prapanch

suthomas1 Fri, 10/01/2010 - 23:12
User Badges:

A Heap of thanks to you all for helping out so much.

thanks for the suggestions. we will do a reload with a purpose window.


It should be fine after this.


thanks again.

praprama Fri, 10/01/2010 - 23:38
User Badges:
  • Cisco Employee,

Glad i could be of help. Do let us know how it goes after the reload.


Regards,

Prapanch

suthomas1 Sat, 10/16/2010 - 07:08
User Badges:

Heaps of thanks to all of you.

asdm is now functioning properly after a reboot , as per the advise, was carried out.


thanks again!

Actions

This Discussion