iDRAC6 on a modern Chrome

I recently came into posession of an old Dell R510, for messing around and home storage duties. It came with an Enterprise iDRAC6 card which is particularly ancient, but seemed to mostly do the job once I put it on my network (putting it on the admin VLAN is on my todo list, at this point I’m going to just unplug it when it’s not in use). Accessing the remote console was another thing entirely though.

Getting remote console to work requires absolutely neutering several of the security settings for Java (and of course it requires Java be present to begin with) so I’d recommend setting it up on a sacrificial Windows VM instead. With “don’t put the gun at your foot” out the way, let’s see about putting some rounds in the chambers:

Step 1 - Install Java JRE8.

You may already have it, I didn’t. JRE8 does work, it just takes some finesse - but the remote console won’t work without some form of Java it seems.

Step 2 - Disable security protections

Open the directory where the JRE is installed, mine is C:/Program Files (x86)/Java/jre1.8.0_181. Then navigate to lib/security. Open the file java.security in a privileged text editor, or in a regular text editor and save it someplace you can make changes, then copy the file back as a privileged user.

Now comment out these two blocks:

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
#    EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC

and

#jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024

Note the # is there to comment them out, the original lines will not be commented. If you wanted to you could work out what your version of iDRAC is actually using and only enable that particular travesty, but I’d rather not even have the JRE on any machine I care about so I didn’t bother.

Step 3 - Whitelist the iDRAC host

Open “Configure Java”, to to the “Security” tab, then in the Exception Site list, click “Edit Site list”. Add the HTTPS URL of the iDRAC host to the exception list and Apply all the things.

Step 4 - Un-fuck the Chrome downloads.

When clicking “Open Virtual Console”, you’ll get a weird filename like viewer.jnlp and a bunch of shit after it. As the extension isn’t .jnlp, Chrome/Windows doesn’t know how to open it, so it drops it in your downloads folder. Simply rename the file to viewer.jnlp, double click it, dismiss all the warnings that show up and your remote console should “just work”.

Sources:

• https://www.blackmoreops.com/2017/06/08/fix-java-error-unsigned-application-requesting-unrestricted-access-to-system/
• https://mindlesstux.com/2018/06/21/fix-for-java-8-idrac-6-connection-failed/
• https://bobmckay.com/i-t-support-networking/accessing-dell-server-via-drac-idrac/