12

I want to reboot a server, so I opened its Integreted Dell Remote Access Controller in Chrome, and clicked on "start virtual console", which caused Chrome to download a file with a strange name. The file opened in Java Web Launcher, which (after a while) gave the following error:

Unsigned application requesting unrestricted access to system

and:

The following resource is signed with a weak signature algorithm
MD5withRSA and is treated as unsigned

The detailed error message is:

    JNLPException[category: 安全错误 : Exception: null : LaunchDesc: 
    <jnlp codebase="https://192.168.8.208:443" spec="1.0+">
      <information>
        <title>iDRAC7 Virtual Console Client</title>
        <vendor>Dell Inc.</vendor>
        <icon href="https://192.168.8.208:443/images/logo.gif" kind="splash"/>
        <shortcut online="true"/>
      </information>
      <application-desc main-class="com.avocent.idrac.kvm.Main">
        <argument>ip=192.168.8.208</argument>
        <argument>vmprivilege=true</argument>
        <argument>helpurl=https://192.168.8.208:443/help/contents.html</argument>
        <argument>title=idrac-HB66YX1%2C+PowerEdge+M620%2C++%26%2325554%3B%26%2327133%3B+4%2C+%26%2329992%3B%26%2325143%3B%26%2365306%3B+root</argument>
        <argument>user=2114738097</argument>
        <argument>passwd=2007905771</argument>
        <argument>kmport=5900</argument>
        <argument>vport=5900</argument>
        <argument>apcp=1</argument>
        <argument>F2=1</argument>
        <argument>F1=1</argument>
        <argument>scaling=15</argument>
        <argument>minwinheight=100</argument>
        <argument>minwinwidth=100</argument>
        <argument>videoborder=0</argument>
        <argument>version=2</argument>
      </application-desc>
      <security>
        <all-permissions/>
      </security>
      <resources>
        <j2se version="1.6+"/>
        <jar href="https://192.168.8.208:443/software/avctKVM.jar" download="eager" main="true"/>
      </resources>
      <resources os="Windows" arch="x86">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOWin32.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMWin32.jar" download="eager"/>
      </resources>
      <resources os="Windows" arch="amd64">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOWin64.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMWin64.jar" download="eager"/>
      </resources>
      <resources os="Windows" arch="x86_64">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOWin64.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMWin64.jar" download="eager"/>
      </resources>
      <resources os="Linux" arch="x86">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOLinux32.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMLinux32.jar" download="eager"/>
      </resources>
      <resources os="Linux" arch="i386">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOLinux32.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMLinux32.jar" download="eager"/>
      </resources>
      <resources os="Linux" arch="i586">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOLinux32.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMLinux32.jar" download="eager"/>
      </resources>
      <resources os="Linux" arch="i686">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOLinux32.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMLinux32.jar" download="eager"/>
      </resources>
      <resources os="Linux" arch="amd64">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOLinux64.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMLinux64.jar" download="eager"/>
      </resources>
      <resources os="Linux" arch="x86_64">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOLinux64.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMLinux64.jar" download="eager"/>
      </resources>
      <resources os="Mac OS X" arch="x86_64">
        <nativelib href="https://192.168.8.208:443/software/avctKVMIOMac64.jar" download="eager"/>
        <nativelib href="https://192.168.8.208:443/software/avctVMMac64.jar" download="eager"/>
      </resources>
    </jnlp> ]
        at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
        at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
        at com.sun.javaws.Launcher.prepareResources(Unknown Source)
        at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
        at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
        at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
        at com.sun.javaws.Launcher.launch(Unknown Source)
        at com.sun.javaws.Main.launchApp(Unknown Source)
        at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
        at com.sun.javaws.Main.access$000(Unknown Source)
        at com.sun.javaws.Main$1.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)

In the Java\jre\lib\security\java.security file I changed the (default)

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

line, replacing '1024' with '128', and cleared all cache following the instructions given on this page: https://www.blackmoreops.com/2017/06/08/fix-java-error-unsigned-application-requesting-unrestricted-access-to-system/

However, the application still won't load. Does anyone knows how to solve this situation?

Jenny D
  • 28,400
  • 21
  • 80
  • 117
Geek2Sages
  • 121

4 Answers4

13

A quick way to fix this is to comment out the setting of jdk.jar.disabledAlgorithms in the file lib/security/java.security.

Comment this part:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024

The path on windows is something like C:\Program Files (x86)\Java\jre1.8.0_151\lib\security.

Andrew Schulman
  • 9,142
Jag
  • 131
2

update november 2022: comment for avoid alerts unsigned app

#, \ SHA1 denyAfter 2019-01-01

donguru
  • 21
0

iDRAC6 firmware version 1.98 solves this properly. I encountered this same error on iDRAC6 1.8

Obtain firmware .d6 file:

  • Goto iDRAC 6 homepage
  • Choose iDRAC6 Monolithic FW or iDRAC6 Blade FW
  • Download iDRAC6_1.98_A00.exe
  • Use a windows computer to run the extractor
  • Locate extracted file firmimg.d6

Upload the firmimg.d6 file to the iDRAC firmware update page.

JavaRocky
  • 491
-1

Try adding the server IP to the trusted sites in the Java control panel. To do this, start the control panel in Windows, click on Java (you might have to switch to icon view in order to see the Java icon). In the Java settings window, select the "Security" tab, and press the "Edit Site List..." button near the bottom of the window, below "Exception site list". Add your server to the trusted site list.

After this, Java should pop up a warning dialog, but allow you to continue.

If it does not, then your best bet is to install an older Java version (1.6) to access the iDRAC.

Also, you might want to check if there is a newer firmware for your server, as the current one seems a bit outdated.

Lacek
  • 7,673