Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASDM-IDM Unable to launch device manager

Hi,

I am having trouble trying to log into my IPS 4260 sensor using ASDM-IDM. When I try to login I get the error message "Unable to launch device manager". When I look in the Java console I see a few of these messages:

"javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake"

I do have access to the sensor over SSH and I have done a tls generate-key. I am also able to access the sensor using IPS Manager Express, just not ASDM-IDM. The ASDM-IDM application I am using does work for my ASA 5525 and 5520s.

Does anyone know why I might be getting this error message?

Everyone's tags (3)
16 REPLIES
New Member

ASDM-IDM Unable to launch device manager

Can you get to the sensor via web interface? Try that and launch IDM from there, could be some issues with the local install. I have had similar issues before.

New Member

Re: ASDM-IDM Unable to launch device manager

When I try that I get a window that says "Unable to launch the application". After clicking the "Details" button, I get this message:

com.sun.deploy.net.FailedDownloadException: Unable to load resource: https://10.1.1.18/public/idm/idm.jnlp

New Member

Re: ASDM-IDM Unable to launch device manager

Time to troubleshoot, can you ping the sensor from your desktop? Do you have console access to it?

New Member

Re: ASDM-IDM Unable to launch device manager

Yes I can ping it and I am able to connect to it using IPS Manager Express as noted in the original question. I don't have console access as it's in another location but I can access it over SSH.

New Member

Re: ASDM-IDM Unable to launch device manager

I removed Java 7 and installed Java 6 update 45. Now launching ASDM from the webpage works.

Cisco Employee

Yes ASDM-IDM application does

Yes ASDM-IDM application does not support Java 7.

New Member

Solved.

Solved.

That's Java issue. I'm running mac 10.9.5. 

IPS 7.1 recommend Java JRE 1.5 or 1.6 

http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/release/notes/release7_1_10.html

How ever downgrading from Java 8 to Java 6 to get an application to work. But had no luck. 

You must ensure that your JRE is truely 1.5 or 1.6

This works on downgrading 8 to 6

https://support.apple.com/en-us/HT202643

Cisco Employee

ASDM-IDM Unable to launch device manager

can you post your show version output.

also the sh run ssl output.

New Member

I had the same issue and was

I had the same issue and was able to resolve this by doing the following:

First of all add the site to the Exception site list:

From Java control panel, click security click edit site list and add your device https://x.x.x.x

Next, adjust your SSL settings: 

From Java Control Panel Click Advanced-> scroll to "Advanced Security Settings"-> Uncheck "Use TLS1.1", "Use TLS1.2" (if they are checked) and check "Use SSL2.0 compatible ClientHello Format" as well as "Use SSL 3.0" and "Use TLS1.0".

 

Hope you had the same luck with this solution that I did.

 

New Member

I had to do what Brian did,

I had to do what Brian did, and some more.

 

First I did Brian Green's steps of changing the SSL/TLS versions.

From Java Control Panel Click Advanced-> scroll to "Advanced Security Settings"-> Uncheck "Use TLS1.1", "Use TLS1.2" (if they are checked) and check "Use SSL2.0 compatible ClientHello Format" as well as "Use SSL 3.0" and "Use TLS1.0"

Then, I also had to import the certificate files a very specific way. Fortunately getting into the Java options from Brian's hint opened up Pandora's box here, plus a little wireshark debugging made me certain that MY PC did NOT LIKE the certificate.

Here's what I did (all steps after 1-3 from Java Control Panel)

  1. Go to the https page for the ASA in your browser
  2. Click the Lock Icon in the Address Bar, and go thru the usual to export the certificate.
  3. Change the .pem or .crt extension to .csr
  4. Just as a precaution, from Java Settings Panel's Security tab > Network Settings do not use any https proxies, use 'Direct connection'
  5. Now go to the Security tab
  6. add your ASA's https:// URL to the 'Exceptions' Sites list
  7. Click the 'Manage Certificates' button
  8. THIS IS KEY >>> Pull the drop-down 'Certifcate Type' menu down and select 'Secure Site'
  9. Remain on the 'User' tab and click 'Import'
  10. Now import the .csr certifiate file that the ASA will present in the handshake that you saved in steps 1-3
  11. Click Apply and OK in the Java Security Setting
  12. Now try the ASA.... ;)

By the way the default 'High' securiy level worked just fine for me.

************** Tristan Manduley Cisco TAC
New Member

Thanks a million Bernard.

Thanks a million Bernard. Following through this procedure finally resolved both ASDM and SSH access to my ASA after I installed version 9.2(2)4 and they both went in-op.

New Member

hello all, this solution didn

hello all,

 

this solution didn't worked for me either. I had JRE 1.8.0.25, I think it was latest version for that moment.

then I installed 1.7.0.71 and what I did next:

1. added my host URL to exceptions list

2. unchecked "use TLS1.2"

3. checked "Use SSL2.0 compatible ClientHello Format"

you can find in the attachment screenshots of my settings (sorry for ugly lines)

thats all

 

p.s. it wasn't ASA ASDM, it was UCS CIMC, but I think all the same Java

New Member

I looked at your screenshot. 

I looked at your screenshot.  Try unchecking the use TLS 1.1 and see if that works. 

New Member

I'm sorry for misleading I

I'm sorry for misleading I meant that with Java 1.8.0.2 it didn't works.

But it indeed did worked when I did what I said (and what showed at the screenshot) despite "TLS1.1" option was checked.

 

Ruslan

Hall of Fame Super Silver

The only way I was able to

The only way I was able to get a CIMC to work just recently was to explicitly launch it using Java 1.7. some command line trickery sufficed for that as follows (all one line at the command prompt):

C:\Users\marvin.rhoads>C:\"Program Files (x86)"\Java\jre1.7.0_21\bin\javaws C:\Users\marvin.rhoads\Downloads\viewer.jnlp(10.197.122.87@0@1416414750320)

ASDM on the other hand works fine with my latest patches Java 1.8. I do use the latest ASDM launcher (1.5(78), used to launch various ASDM versions on multiple ASAs).

New Member

Thank you!

Thank you!

26316
Views
47
Helpful
16
Replies
CreatePlease to create content