Asmb8 ikvm java error

Две типичные проблемы с настройкой iKVM

Достаточно часто с первого раза не получается подключиться к интерфейсу iKVM. Это происходит по разным причинам – интерфейс находится за файерволом или неправильно настроены параметры безопасности Java.

— параметры безопасности Java

После установки Java с сайта Java.com, необходимо внести адрес вашего IPMI в список разрешенных адресов (Exception Site List),

Панель управления -> программы -> Java

открываем закладку Security

нажимаем кнопку “Edit Site List…”

проверяем установку галки “Enable Java content inthe browser”

Добавляем и http, и https адреса.

— Файрвол

Если при подключении к KVM подключение проходит, но в окне JAVA ничего не отображается, или не пробрасывается ISO диск, вероятнее всего, проблема в том, что на файрволе установленном по пути трафика от устройства IPMI/KVM до вашего компьютера не открыты нужные порты.

В соответствии с вашей архитектурой сети и моделью файервола нужно открыть следующие порты:

22	SSH консоль
80	подключение к веб консоли
443	подключение к веб консоли по https
162	SNMP Trap, может использоваться для KVM
623	KVM трафик
664	KVM трафик, шифрованный
5901	виртуальные устройства

Для работы с iKVM c серверами Supermicro удобно использовать программу IPMIView

Источник

How to fix: Java Application Blocked (e.g. when using iKVM)

Ever try to launch a Java web application like iKVM/ Virtual KVM and get an error message: Java Application Blocked, Application Blocked by Java Security? This quick guide will show you how to fix that issue. We are going to use a Dell PowerEdge C6220 node to show how to fix this and get to work in a matter of seconds. Although we are using a server application to demonstrate this technique, it will work for other applications where a similar issue is present.

Why am I getting the Java Application Blocked, Application Blocked by Java Security warning?

The error is likely happening (especially for server administrators) due to the Java application having a self-signed certificate. On older generations of servers, before IPMI security was seen as a major issue, it was common practice for server vendors to self-sign IPMI certificates. Since then two things have happened. First, Oracle began blocking self-signed certificates in standard security settings. This change is why there are so many servers out there still with this issue. Second, most servers/ server vendors have released patches with properly signed certificates. These patches require IPMI firmware to be upgraded which can be risky on a remote installation. Not all vendors have updated firmware available to fix this issue. Also, flashing a failed baseboard management controller (BMC) firmware flash means the BMC may become unresponsive.

The real fix is to upgrade the BMC firmware or whatever Java application you are trying to run. If this is not possible here is the workaround.

How to workaround the Application Blocked by Java Security issue

To demonstrate the issue, we are using one of our Dell PowerEdge C6220 nodes which has an older self-signed Java application certificate. We navigate to Server Information -> vKVM and vMedia -> Launch via the Web GUI. One might notice this is not the standard iDRAC interface. The Dell PowerEdge C6220 was intended for cloud deployments and therefore came with a more industry standard Web IPMI interface. Form the appearance, we think it is running the Avocent BMC software.

Dell PowerEdge C6220 Virtual KVM

When we click on Launch Java KVM Client (or Launch Java VM Client) we get the dreaded Java Application Blocked – Application Blocked by Java Security window. Click OK and let’s start to fix the issue.

Dell PowerEdge C6220 Virtual KVM – Java Application Blocked

The key here is to go to the Windows Control Panel and then navigate to Java (32-bit) or the Java Control Panel. On Windows 10 you can head to the search bar, start typing Java and you can go directly to the Java Control Panel.

iKVM Java Application Blocked – Control Panel – Java

Move to the Security tab. Lowering the security level to High will not fix this issue. Instead, under Exception Site List you can add the IP address or domain name of the IPMI interface you are trying to use. In our example the IP is 10.0.8.86. Sometimes to avoid future issues you may want to add both https and http versions of the machine name/ IP address to avoid potential future conflict. We have found a few machines that required both but most work with just https. You will need to hit OK on the Exception Site List and the Java Control Panel and you should be all set.

iKVM Java Application Blocked – Control Panel – Java – Security Add Edit Site List

Now when we try to launch our application again we get Security Warning – Running this application may be a security risk. In most cases you should think about this prior to proceeding, but with server applications like this one, sometimes you just need the JNLP file to launch.

iKVM Java Application – Accept the risk

After clicking the I accept the risk and want to run this application checkbox, click run. You should see the Java application launch.

iKVM working after Java security exception

Источник

Supermicro IPMIView KVM Console does not work at all

I can’t get the Supermicro IPMIView version 2.* (any of them) to launch the KVM Console either in the IPMIView windows program nor any browser. Java, is installed (version 8, update 131) and I’m running Windows 8.1 (though IPMIView 2 won’t run on my Windows 7 laptop, nor any of the Windows 10 machines). All 3 machines have the same problem: The KVM Console simply will not run on any of them. I can connect to the Supermicro server, turn it off/on/reboot, read all of the sensors just fine. The ONLY thing not working is the KVM Console.

Been at this for days w/no working solutions.

I’ve uninstalled Java, reinstalled Java, uninstalled/reinstalled IPMIView with no luck so I’m thinking the problem is with all of the SM servers (4) that run w/the H8SGL-F series motherboards. Not one works! As per SuperMicro, IPMIView is supposed to be compatible with these boards. But for the last 5 years and countless versions, I’ve never had this working (it also will not work in any of my browsers as IPMIView appears to be looking for an ancient version of Java — go figure — I get the error message in the browser «You need the latest Java(TM) Runtime Environment. Would you like to update now?» — which is incorrect as I have the latest version of Java installed). I’ve made 1000% certain that ALL ports on the network (inside an IPSec VPN) are open — disabled all firewalls with no effect. Either IPMIView is incompatible with these boards, or IPMIView cannot run in an IPSec tunnel.

Regardless, this is driving me bonkers and I’d hate to abandon SuperMicro products (we’re replacing all the servers this year — may go with IBM or HP) over something so ridiculously simple.

Any help is appreciated (we tried paid help, but the IT people here are just as stumped).

Источник

Remote Console Redirection Not Working — ASMB8-iKVM

Motherboard: ASUS Z10PE-D16/4L

Latest BIOS and BMC Firmware installed

I can browse to the management page and have full functionality with no problem.

The «snapshot» that should show the current display on the management page is blank.

When I click «Remote Control,» download the jviewer.jlnp, and run it — it seems to connect. The management page > configuration > services > ikvm shows an active session. However, the jviewer is completely black and shows «0 fps.»

The management page > maintenance > BIOS post code is AE (Legacy Boot Event). While this doesn’t mean that the server successfully booted the OS, it does appear that it passed POST. I’ve seen it cycle through other codes.

I considered it is a Java issue — and perhaps it is — however the BMC version I have installed was specifically created to «support Java 8 Update 181» which is the version I installed.

I am unable to ping any of the guest servers on this host, making it seem the OS isn’t loading.

I am able to connect to the BMC through SSH, which brings me to a SMASH shell. Not really sure what use it is.

I would be happy just being able to see/access the BIOS remotely. Any way to reset the BIOS configuration through BMC? I’m literally across the world so am not able to do anything beyond remote access.

1 Answer 1

I have a similar Asus board (X99-WS/IPMI) board with the ASMB8-iKVM that I wanted to get this feature working also for remote management, and be able to boot from other disks.

The machine has a PCI/E Nvidia video card installed on the board, and the internal ASPEED VGA driver installed also.

The ASPEED VGA controller needs the motherboard VGA header installed to see the output from that screen, and also needs a VGA monitor attached or a VGA termination plug to keep it enabled during BIOS boot.

When Windows was loaded, I could see the ASPEED VGA controller screen, but not the screen for the Nvidia card, because the iKVM only redirects this screen, not from other video cards. I used the Windows hotkeys to switch the ASPEED VGA as the primary screen, but when rebooting, still didn’t see the BIOS screens.

To be able to view the BIOS screens also, the following changes had to be made in the BIOS settings on the board:

BOOT SECTION > ACTIVE VIDEO > ONBOARD DEVICE

BOOT SECTION > REDIRECTION SUPPORT > ENABLED

By changing the ACTIVE VIDEO setting, you will not see any BIOS output on other video cards, only from the internal ASPEED VGA controller. But you will then be able to access it remotely using the Java program.

Источник

TIP: Upgrading ASMB8-IKVM on Asus motherboards

ph0ton

New Member

I just wanted to share an experience with you about my Aspeed BMC firmware upgrade on an Asus P10S-I. I couldn’t find much on the topic, so I thought this could serve as a nice tip for others.

tl;dr version: When applying the FWU using a Freedos bootable USB stick, the update takes a long time, and during the initial steps, it looks like the updater has crashed, since no output is seen for a long time. Just be patient and wait, it’ll get there.

The reason why I wanted to upgrade was that the current iKVM viewer Java applet wouldn’t run on JAVA 8 update 131 or later, due to the MD5 signature of the applet no longer being supported. It is possible to circumvent this, however I think it would break every time I updatede Java on my windows machine. I was unhappy that Asus didn’t release an update this issue. However, they actually did, but only if you visit their ASMB8-IKVM support site.

I downloaded the update, and initially I though I could use the web-based firmware upgrade, but it did not work, worse yet, the BMC did not recover from the upgrade before I rebooted the whole system.
So next step was to:

1. Create a bootable USB, using Rufus
2. Move the contents of the update zip file to root of the usb stick
3. Boot up on the stick
4. Execute flash2.bat, press Y to start the upgrade.
5. The update takes a long time, and during the initial steps, it looks like the updater has crashed, since no output is seen for a long time. Just be patient and wait, it’ll get there. I think I waited 5 — 10 minutes before any output was shown. I guess it took about 25 mins, but I did not time it.
6. The update seem to wipe any configuration, so make sure to set up management LAN NIC, admin password etc. afterwards.

Now I can update Java without issue and the iKVM functionality still works.

Patrick

Administrator

ph0ton

New Member

casperghst42

Member

Interesting, I downloaded the same version (2.0.4) for my MB, the P10S-I which has an earlier, and where Java8 is failing. It looks like they released different version of the firmware for different MB’s . I have a call open with Asus regarding this, and am waiting, so I’m not really ready to do a firmware update with a version which was intended for another MB.

As for the HTML5/iKVM, I was told by Asus that only the new generation will have that: ASMB9 .

Jannis Jacobsen

Active Member

Now I only need to find the ASMB8-IKVM for a good price

ph0ton

New Member

I don’t think aspeed 2400 and other older aspeed chips supports html5, so I don’t it’s necessarily an question of Asus being lazy.

Regarding price ASMB8 : if you are in the EU, then search on various comparison sites. I was able to save about 15 eur .

Sent from my Nexus 6P using Tapatalk

casperghst42

Member

I don’t think aspeed 2400 and other older aspeed chips supports html5, so I don’t it’s necessarily an question of Asus being lazy.

Regarding price ASMB8 : if you are in the EU, then search on various comparison sites. I was able to save about 15 eur .

Sent from my Nexus 6P using Tapatalk

My Supermicro X11SSH-F has an AST2400 and does have have HTML5/iKVM . there could be more things involved, but it could look like that Asus (and ASRock) just don’t fell like doing it.

But which FW did you use, there are two different ones, and the one for the P10S-I is larger than the one for the rest of the Server boards?

liv3010m

New Member

Yesterday I installed my new Z10PA board and obviously since day one I startet experiencing problems with this ASMB8 stuff. I even updated to the latest version wich was released same yesterday (version 1.14.2 date 2018/09/07). Besides java complaining about weak MD5 (still after the update) I got a black screen when I connect via console redirect.
Does anybody know if there is an HTML5 beta update for ASMB8?
If not, is the iKVM functionality provided by AMI, right? no way to crossflash ASMB8 with ASMB9 firmware or «hack» it to add the missing HTML5 portion? Does a standard/generic version of AMI MegaRAC SP-X exist?
HTML5 works as someone previously said on AST2400 based BMC, so Asus could/should implement it on it boards that use those chips.
https://ami.com/ami_downloads/MegaRAC_SP-X_Data_Sheet.pdf

djstrauss

New Member

I just wanted to share an experience with you about my Aspeed BMC firmware upgrade on an Asus P10S-I. I couldn’t find much on the topic, so I thought this could serve as a nice tip for others.

tl;dr version: When applying the FWU using a Freedos bootable USB stick, the update takes a long time, and during the initial steps, it looks like the updater has crashed, since no output is seen for a long time. Just be patient and wait, it’ll get there.

The reason why I wanted to upgrade was that the current iKVM viewer Java applet wouldn’t run on JAVA 8 update 131 or later, due to the MD5 signature of the applet no longer being supported. It is possible to circumvent this, however I think it would break every time I updatede Java on my windows machine. I was unhappy that Asus didn’t release an update this issue. However, they actually did, but only if you visit their ASMB8-IKVM support site.

I downloaded the update, and initially I though I could use the web-based firmware upgrade, but it did not work, worse yet, the BMC did not recover from the upgrade before I rebooted the whole system.
So next step was to:

1. Create a bootable USB, using Rufus
2. Move the contents of the update zip file to root of the usb stick
3. Boot up on the stick
4. Execute flash2.bat, press Y to start the upgrade.
5. The update takes a long time, and during the initial steps, it looks like the updater has crashed, since no output is seen for a long time. Just be patient and wait, it’ll get there. I think I waited 5 — 10 minutes before any output was shown. I guess it took about 25 mins, but I did not time it.
6. The update seem to wipe any configuration, so make sure to set up management LAN NIC, admin password etc. afterwards.

Now I can update Java without issue and the iKVM functionality still works.

Sorry to bring this back, but I have an issue with the ASMB8 Module, the thing is i recently purchased a P10S-I Board from the egg at discount price. It’s working as expected. Then I realized that i wanted to buy an IPMI Module for managing porousness. Well I found one on affordable price. Receive the module and proceeded with the install.

Every time server Boots it can unit the BMC Module and in BIOS there’s a FAILED Message on Server Management tab.

Then I proceed to perform a BIOS Upgrade to the board and a BMC Firmware Update. For my surprise i saw that the ASMB8 module says Z10PA-D8 and not P10S-I. I supposed that this module is a generic part that can be used in any compatible board.

Well I was expecting to perform a forced firmware upgrade and have tried any combination of commands to do it, but nothing happened.

Is there a chance to know which module do you have installed on the P10S-I motherboard and the steps you made for updating the BMC Firmware.

Источник

Hi there. I have a server using ASMB8-iKVM IPMI (https://servers.asus.com/products/Servers/Server-Accessories/ASMB8iKVM) which enables me to remotely see a virtual screen, input keystrokes (enter the bios etc), over the LAN network via ipv4 — i.e. before any OS has been loaded. I access the web-interface via e.g. https://192.168.1.11/ -I can then login as admin and click a button to launch a java-application via a button labeled «Launch» (Java Console Launch). Here’s the problem:

In my case I constantly need to «remove exception» and to the «Warning: Potential Security Risk Ahead» I need to click «Advanced…» and «Accept the Risk and Continue» and then I get the username/password prompts (and a redirection) at https://192.168.1.11/index.html so I can login and get access to the «java-launch»-button. If I then reload the page — I get a blank page — no login — so impossible to login and get the java-application to run again… Until I repeat the whole process and «remove exception» and «Accept the Risk and Continue»… I know it’s using a self-signed certificate — but I don’t care — just want it to «always work»…

Is this a problem with Firefox (or the Javascript code? I updated to the latest bios 2019/11/15 + firmware Oct 13, 2020, but unfortunately this product is outdated). I think Firefox has changed something that causes this problem. Anyone has any experience, maybe an explanation — or maybe even a solution (which I hope for)?

*** UPDATE/SOLUTION ***: I discovered that if I logout via the button to do so, I don’t need to do the annoying «remove exception/advanced/accept the risk»-yadda yadda… I think it’s a bug, because it should treat «timeout» as the same as «automatic logout» — but apparaently not… Just wanted to post the update, for the record…

Обновлено 26.06.2018

Добрый день! Уважаемые читатели и гости компьютерного блога №1 в России Pyatilistnik.org. Я уверен, что у многие системные администраторы используют в своей практике, порты управления серверами, про которые я уже очень подробно рассказывал. Если вы новичок в этом деле, то это отдельный сетевой интерфейс, который позволяет взаимодействовать с сервером, не имея на нем операционной системы. Самый используемый случай, это если завис сервер, чтобы его дернуть, или для того, чтобы установить на нем удаленно ОС. Благодаря такому KVM, вы монтируете в него ISO, эмулируя DVD-rom, а дальше все стандартно. Есть единственный минус, данный KVM работает на Java, которое очень привередливое и очень часто глючит. У меня есть старенькие лезвия Dell M600, и вот при попытке открыть IDRAC, я получаю ошибку Unable to launch the application, что не дает запуститься консоли квм. Данная ошибка, очень часто встречается в клиент-банках, которые так же могут работать через Java. Ниже я покажу как ее исправить и решить на корню.

Причины ошибки с запуском Java

Вот так вот выглядит ошибка:

Тут есть ряд причин, которые не дают правильной работе приложения:

• Нужно убрать проверку MD5 хэша
• Добавить адрес в список исключений
• Несовместимость c версией JAVA

Исправление ошибки Unable to launch the application

Первым делом вам необходимо поправить один конфигурационный файл, под именем java.security. Данный файл располагается по пути C:Program FilesJavaваша версия javalibsecurityjava.security. Перед его редактированием советую сделать его резервную копию.

Открываем его с помощью блокнота или Notepad++ и находим строку:

Удаляем из этой строки проверку алгоритма MD5 и приводим строку вот к такому виду:

Перезапустите браузер. Если это не помогло исправить ошибку: Unsigned application requesting unrestricted accses to system, то сделаем еще вот, что. Так как JAVA имеет очень высокий риск хакерской атаки, то разработчики задали там очень высокий уровень безопасности. Чтобы он не срабатывал, на нужных нам ресурсах, нам необходимо добавить адрес в исключения.

Напоминаю, что подобное мы уже делали, при ошибке: Java Application Blocked. Открываем панель управления Windows, находим там значок Java. Открываем его и попадаем в Java Control Panel. Переходим на вкладку «Security». Оставьте уровень защиты на «High», чуть ниже будет пункт список сайтов для исключения «Exception Site List», по умолчанию он будет пустым. Для его редактирования нажмите кнопку «Edit Site List». Для добавления новой строки нажмите кнопку «Add» и введите нужный вам ресурс. Сохраняем настройки и перезапускаем браузер.

В итоге это в 100% случаев решает ошибку с запуском окна на Java. В итоге открыв KVM окно в IDRAC на Dell M600 я не увидел Unable to launch the application. В итоге Java-аплет запустился, попросил подтверждения того, что я доверяю данному издателю приложения. Чтобы оно больше не выскакивало, поставьте галку «Do not show this again for this app from the publisher above» и нажмите «Run» для запуска.

Мы почти у финишной прямой, но видимо судьба решила меня еще подразнить и я получил следующее сообщение:

Данная ошибка решается тремя действиями. Как видно из ошибки, java не устраивает сертификат, который она не смогла найти. Лично в моем случае он устарел, так как оборудование старое и java 8 версии, видит, что нужен новый сертификат. Если не знаете, просрочен у вас сертификат или нет, то откройте страницу с нужным вам сервисом и запросите сертификат (Как посмотреть сертификат в Google Chrome я уже освещал, посмотрите.)

Мой сертификат на лезвии Dell M600, закончился в 2012 году и был выпущен компанией делл, у меня два варианты, забить на это и сделать следующие шаги, либо же сгенерировать csr запрос и отправить его деловцам, чтобы те дали новый сертификат, что геморройно, либо обновить IDRAC, но вся загвоздка в том, что оборудование Dell M600 уже снято с поддержки и порт управления имеет последнюю прошивку.

Что делаем далее, удаляем из хранилища Java текущий сертификат, делается это через все тот же Java Control Panel, на вкладке «Security» в пункте «Manage Certificates»

Находим нужный сертификат и удаляем его.

Далее как в случае с ошибкой «Failed to validate certificate. The application will not be executed» нам необходимо почистить кэш в джаве. Делается это на вкладке общие «General», через кнопку настроек «Settings». Далее нажимаем «Удалить файлы (Delete Files)»

оставляем галки:

1. Trace and Log Files
2. Cached Applications and Applets

Перезапускаем браузер и пробуем запустить ваше приложение. В итоге меня ждала уже следующая ошибка, которую я видел:

В таких случаях, эта ошибка сообщала, что нужно понизить версию java, так как оборудование старое, либо обновить прошивку на оборудовании. В итоге вы должны удалить джаву, и не забыть почистить компьютер от оставшегося мусора. После чего перезагрузить ваш компьютер и установить новую джаву. В моем случае я поставил версию 6.45, и все завелось.

Надеюсь вы смогли решить вашу проблему с запуском java-приложения и победили ошибку: Unable to launch the application. Unsigned application requesting unrestricted accses to system. The following resourse is signed with a weak signature algorithm MD5withRSA and is treated as unsigned. Если у вас есть другие методы, то просьба описать их в комментариях, давайте делиться опытом.

Ever try to launch a Java web application like iKVM/ Virtual KVM and get an error message: Java Application Blocked, Application Blocked by Java Security? This quick guide will show you how to fix that issue. We are going to use a Dell PowerEdge C6220 node to show how to fix this and get to work in a matter of seconds. Although we are using a server application to demonstrate this technique, it will work for other applications where a similar issue is present.

Why am I getting the Java Application Blocked, Application Blocked by Java Security warning?

The error is likely happening (especially for server administrators) due to the Java application having a self-signed certificate. On older generations of servers, before IPMI security was seen as a major issue, it was common practice for server vendors to self-sign IPMI certificates. Since then two things have happened. First, Oracle began blocking self-signed certificates in standard security settings. This change is why there are so many servers out there still with this issue. Second, most servers/ server vendors have released patches with properly signed certificates. These patches require IPMI firmware to be upgraded which can be risky on a remote installation. Not all vendors have updated firmware available to fix this issue. Also, flashing a failed baseboard management controller (BMC) firmware flash means the BMC may become unresponsive.

The real fix is to upgrade the BMC firmware or whatever Java application you are trying to run. If this is not possible here is the workaround.

How to workaround the Application Blocked by Java Security issue

To demonstrate the issue, we are using one of our Dell PowerEdge C6220 nodes which has an older self-signed Java application certificate. We navigate to Server Information -> vKVM and vMedia -> Launch via the Web GUI. One might notice this is not the standard iDRAC interface. The Dell PowerEdge C6220 was intended for cloud deployments and therefore came with a more industry standard Web IPMI interface. Form the appearance, we think it is running the Avocent BMC software.

When we click on Launch Java KVM Client (or Launch Java VM Client) we get the dreaded Java Application Blocked – Application Blocked by Java Security window. Click OK and let’s start to fix the issue.

The key here is to go to the Windows Control Panel and then navigate to Java (32-bit) or the Java Control Panel. On Windows 10 you can head to the search bar, start typing Java and you can go directly to the Java Control Panel.

Move to the Security tab. Lowering the security level to High will not fix this issue. Instead, under Exception Site List you can add the IP address or domain name of the IPMI interface you are trying to use. In our example the IP is 10.0.8.86. Sometimes to avoid future issues you may want to add both https and http versions of the machine name/ IP address to avoid potential future conflict. We have found a few machines that required both but most work with just https. You will need to hit OK on the Exception Site List and the Java Control Panel and you should be all set.

Now when we try to launch our application again we get Security Warning – Running this application may be a security risk. In most cases you should think about this prior to proceeding, but with server applications like this one, sometimes you just need the JNLP file to launch.

After clicking the I accept the risk and want to run this application checkbox, click run. You should see the Java application launch.

Final Words

This guide should take you only a few seconds to complete. For cases where you have one server or application that you need to immediately access, it works. On the other hand, when you switch PCs, it will not help. Likewise when you have to access multiple servers, you have to add multiple IPs to the site list (e.g. this Dell PowerEdge C6220 server has four nodes in the 2U chassis. One tip we have is that non-browser based Java application launchers (e.g. Supermicro IPMIview) do not require this workaround as they can launch the applications directly.

Достаточно часто с первого раза не получается подключиться к интерфейсу iKVM. Это происходит по разным причинам – интерфейс находится за файерволом или неправильно настроены параметры безопасности Java.

— параметры безопасности Java

После установки Java с сайта Java.com, необходимо внести адрес вашего IPMI в список разрешенных адресов (Exception Site List),

Панель управления -> программы -> Java

открываем закладку Security

нажимаем кнопку “Edit Site List…”

проверяем установку галки  “Enable Java content inthe browser”

Добавляем и http, и https адреса.

—  Файрвол

Если при подключении к  KVM подключение проходит, но в окне JAVA ничего не отображается, или не пробрасывается ISO диск, вероятнее всего, проблема в том, что на файрволе установленном по пути трафика от устройства IPMI/KVM до вашего компьютера не открыты нужные порты.

В соответствии с вашей архитектурой сети и моделью файервола нужно открыть следующие порты:

22	SSH консоль
80	подключение к веб консоли
443	подключение к веб консоли по https
162	SNMP Trap, может использоваться для KVM
623	KVM трафик
664	KVM трафик, шифрованный
5901	виртуальные устройства

Также нужно открыть порт 623 и 5901 в файрволе на локальном компьютере – операционная система предложит это сделать при первом подключении – нужно согласиться.

Для работы с iKVM c серверами Supermicro удобно использовать программу IPMIView

I can’t get the Supermicro IPMIView version 2.* (any of them) to launch the KVM Console either in the IPMIView windows program nor any browser. Java, is installed (version 8, update 131) and I’m running Windows 8.1 (though IPMIView 2 won’t run on my Windows 7 laptop, nor any of the Windows 10 machines). All 3 machines have the same problem: The KVM Console simply will not run on any of them. I can connect to the Supermicro server, turn it off/on/reboot, read all of the sensors just fine. The ONLY thing not working is the KVM Console.

Been at this for days w/no working solutions.

I’ve uninstalled Java, reinstalled Java, uninstalled/reinstalled IPMIView with no luck so I’m thinking the problem is with all of the SM servers (4) that run w/the H8SGL-F series motherboards. Not one works! As per SuperMicro, IPMIView is supposed to be compatible with these boards. But for the last 5 years and countless versions, I’ve never had this working (it also will not work in any of my browsers as IPMIView appears to be looking for an ancient version of Java — go figure — I get the error message in the browser «You need the latest Java(TM) Runtime Environment. Would you like to update now?» — which is incorrect as I have the latest version of Java installed). I’ve made 1000% certain that ALL ports on the network (inside an IPSec VPN) are open — disabled all firewalls with no effect. Either IPMIView is incompatible with these boards, or IPMIView cannot run in an IPSec tunnel.

Regardless, this is driving me bonkers and I’d hate to abandon SuperMicro products (we’re replacing all the servers this year — may go with IBM or HP) over something so ridiculously simple.

Any help is appreciated (we tried paid help, but the IT people here are just as stumped).