Hello Dirk,

have you managed to solve your Problem?

We had the same Problem and it turned out that the JAVA-Settings in the user Profile had caused the error.

I was able to resovle the issue by deleting the Java Folder in the following path:

"C:\Users\Username\AppData\LocalLow\Sun\Java\"

Maybe you should make a backup or rename the folder since your Java - trusted sites and possibly more important files are stored there.

Hope I could help.

Thanks for the suggestions but since this ace has only DES encryption. there is a problem with running HTTPS new browsers.
When I run on IE8 opens but when you try to run the "RUN ASDM"

debug:

HTTP: admin session verified =  [0]
HTTP: processing GET URL '/admin/public/startup.jnlp' from host 192.168.1.39
HTTP: authentication not required
HTTP: sending file: public/startup.jnlp, length: 1415

***************

IE message:  that IE can not open this website ???

What I discovered.
When the PC have java 6.x .ASDM starts, but hangs.

debug

*************

HTTP: processing ASDM request [/admin/login_banner] with cookie-based authentication (aware_webvpn_conf.re2c:435)
HTTP: check admin session. Cookie index [-1][0]
HTTP: client certificate required = 0
HTTP: processing ASDM request [/admin/version.prop] with cookie-based authentication (aware_webvpn_conf.re2c:435)
HTTP: check admin session. Cookie index [-1][0]
HTTP: client certificate required = 0
ewaURLHookVCARedirect
ewaURLHookHTTPRedirect: url = /+webvpn+/index.html
HTTP: ASDM request detected [ASDM/] for [/+webvpn+/index.html]
webvpnhook: got '/+webvpn+' or '/+webvpn+/': Sending back "/+webvpn+/index.html"
HTTP 200 OK (192.168.1.39)HTTP 303 See Other (192.168.1.39)ewsStringSearch: no buffer
Close 0
ewaURLHookVCARedirect
ewaURLHookHTTPRedirect: url = /+webvpn+/index.html
HTTP: ASDM request detected [ASDM/] for [/+webvpn+/index.html]
webvpnhook: got '/+webvpn+' or '/+webvpn+/': Sending back "/+webvpn+/index.html"
HTTP 200 OK (192.168.1.39)HTTP 303 See Other (192.168.1.39)ewsStringSearch: no buffer
Close 0
ewaURLHookVCARedirect
ewaURLHookHTTPRedirect: url = /+webvpn+/index.html
HTTP: ASDM request detected [ASDM/] for [/+webvpn+/index.html]
webvpnhook: got '/+webvpn+' or '/+webvpn+/': Sending back "/+webvpn+/index.html"
HTTP 200 OK (192.168.1.39)ewsStringSearch: no buffer
Close 0
ewaURLHookVCARedirect
ewaURLHookHTTPRedirect: url = /+webvpn+/index.html
HTTP: ASDM request detected [ASDM/] for [/+webvpn+/index.html]
webvpnhook: got '/+webvpn+' or '/+webvpn+/': Sending back "/+webvpn+/index.html"
HTTP 200 OK (192.168.1.39)HTTP: net_handle->standalone_client [1]
HTTP: start admin session
HTTP: Standalone authentication OK
HTTP: Idle timeout: 20
HTTP: Session timeout: 1440
HTTP: Authentication server group: LOCAL
HTTP: authorization not required
HTTP: service-type attribute: 2
HTTP: privilege attribute: 15
HTTP: session 64639A@20480@24CA@CD5987B03F6D3A52F16A05E7E02E40522BBF822A
HTTP: create new admin session A64639A@20480@24CA@CD5987B03F6D3A52F16A05E7E02E40522BBF822A
ewsStringSearch: no buffer
Close 0
HTTP: processing ASDM request [/admin/version.prop] with cookie-based authentication (aware_webvpn_conf.re2c:435)
HTTP: check admin session. Cookie index [2][ddcfe440]
HTTP: Admin session cookie [A64639A@20480@24CA@CD5987B03F6D3A52F16A05E7E02E40522BBF822A]
HTTP: Admin session idle-timeout reset
HTTP: admin session verified =  [1]
HTTP: username = [piotrek], privilege = [15]
HTTP: processing GET URL '/admin/version.prop' from host 192.168.1.39
HTTP: user already authenticated, bypass authentication
HTTP: sending file: version.prop, length: 112, x-frame-options 0
HTTP: processing ASDM request [/admin/pdm.sgz] with cookie-based authentication (aware_webvpn_conf.re2c:435)
HTTP: check admin session. Cookie index [2][ddcfe440]
HTTP: Admin session cookie [A64639A@20480@24CA@CD5987B03F6D3A52F16A05E7E02E40522BBF822A]
HTTP: Admin session idle-timeout reset
HTTP: admin session verified =  [1]
HTTP: username = [piotrek], privilege = [15]
HTTP: processing GET URL '/admin/pdm.sgz' from host 192.168.1.39
HTTP: user already authenticated, bypass authentication
HTTP: sending file: pdm.sgz, length: 17772008, x-frame-options 0
HTTP: processing ASDM request [/admin/asdm_banner] with cookie-based authentication (aware_webvpn_conf.re2c:435)
HTTP: check admin session. Cookie index [2][ddcfe440]
HTTP: Admin session cookie [A64639A@20480@24CA@CD5987B03F6D3A52F16A05E7E02E40522BBF822A]
HTTP: Admin session idle-timeout reset
HTTP: admin session verified =  [1]
HTTP: username = [piotrek], privilege = [15]
HTTP: processing GET URL '/admin/asdm_banner' from host 192.168.1.39
HTTP: authentication not required
HTTP: processing ASDM request [/admin/exec/show+version/show+curpriv/perfmon+interval+10/show+asdm+sessions/show+firewall/show+mode/changeto+system/show+admin-context] with cookie-based authentication (aware_webvpn_conf.re2c:435)
HTTP: check admin session. Cookie index [2][ddcfe440]
HTTP: Admin session cookie [A64639A@20480@24CA@CD5987B03F6D3A52F16A05E7E02E40522BBF822A]
HTTP: Admin session idle-timeout reset
HTTP: admin session verified =  [1]
HTTP: username = [piotrek], privilege = [15]
HTTP: processing GET URL '/admin/exec/show+version/show+curpriv/perfmon+interval+10/show+asdm+sessions/show+firewall/show+mode/changeto+system/show+admin-context' from host 192.168.1.39
HTTP: user already authenticated, bypass authentication
HTTP: processing ASDM request [/admin/exec/show+module] with cookie-based authentication (aware_webvpn_conf.re2c:435)
HTTP: check admin session. Cookie index [2][ddcfe440]
HTTP: Admin session cookie [A64639A@20480@24CA@CD5987B03F6D3A52F16A05E7E02E40522BBF822A]
HTTP: Admin session idle-timeout reset
HTTP: admin session verified =  [1]
HTTP: username = [piotrek], privilege = [15]
HTTP: processing GET URL '/admin/exec/show+module' from host 192.168.1.39
HTTP: user already authenticated, bypass authentication
HTTP: processing ASDM request [/admin/exec/show+cluster+interface-mode] with cookie-based authentication (aware_webvpn_conf.re2c:435)
HTTP: check admin session. Cookie index [2][ddcfe440]
HTTP: Admin session cookie [A64639A@20480@24CA@CD5987B03F6D3A52F16A05E7E02E40522BBF822A]
HTTP: Admin session idle-timeout reset
HTTP: admin session verified =  [1]
HTTP: username = [piotrek], privilege = [15]
HTTP: processing GET URL '/admin/exec/show+cluster+interface-mode' from host 192.168.1.39
HTTP: user already authenticated, bypass authentication
HTTP: processing ASDM request [/admin/exec/show+cluster+info] with cookie-based authentication (aware_webvpn_conf.re2c:435)
HTTP: check admin session. Cookie index [2][ddcfe440]
HTTP: Admin session cookie [A64639A@20480@24CA@CD5987B03F6D3A52F16A05E7E02E40522BBF822A]
HTTP: Admin session idle-timeout reset
HTTP: admin session verified =  [1]
HTTP: username = [piotrek], privilege = [15]
HTTP: processing GET URL '/admin/exec/show+cluster+info' from host 192.168.1.39
HTTP: user already authenticated, bypass authentication

*******************

When Java 7 debug http nothing displays

Please help

Piotrek Żebrowski

Hi PZ,

From your troubleshooting it looks like a clear case of Java compatibility issue. 

Can you check and confirm that you are following all the compatibility requirements mentioned in the release notes for ASDM7.4x release.

http://www.cisco.com/c/en/us/td/docs/security/asdm/7_4/release/notes/rn74.html

Missing any one of the requirement can lead to the problem you are facing.

Let us know your findings!!!

Thanks,

R.Seth

Hi Piotrek Żebrowski,

I was reviewing your notes above and wanted to further develop your license status. You mentioned your device has DES encryption. The ASDM on an ASA 5506 requires strong encryption so a 3DES / AES license is required.

Would you please verify you have this license by providing the results for:

ciscoasa# sh ver | i DES

Release Notes for Cisco ASDM, 7.4(x)

Source:  https://tools.cisco.com/squish/7f094

Thanks,

Juan Gonzalez

HI

Unfortunately

ASA5506-CD# sh ver | i DES
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES          : Disabled       perpetual
 

I activated 3DES, AES encryption and everything works.
Thank you all.

Piotrek

Hi Piotrek,

Thank you for providing your results. Based on the information you have provided your device does not have the 3DES license.

The 3DES / AES license is a requirement for the ASDM feature.  Like RISSETH mentions below; missing any one of the requirements mentioned in the documentation can provoke problems.

To obtain this license you can contact your account team or local Cisco partner. More information is included in the release notes below.

Release Notes for Cisco ASDM, 7.4(x)

Source:  https://tools.cisco.com/squish/7f094

Thanks,

Juan Gonzalez

Hi Piotrek,

This is excellent news. Thank you for updating the group with your findings. Have a great week.

I was able to resolve the issue by deleting the Java Folder in the following path:

"C:\Users\Username\AppData\LocalLow\Sun\Java\"

This solved my issue - thank you!

Hi Amrodia

I have a similar problem despite the fact that java displays other messages. The following configurations. I was checking on several computers with different systems and Java. always the same message:
"unable to lunch Device Manager from x.x.x.x"

I have never had such problems with ASA

**************

ASA5506-CD# sh version

Cisco Adaptive Security Appliance Software Version 9.4(1)
Device Manager Version 7.4(1)

Compiled on Sat 21-Mar-15 11:42 PDT by builders
System image file is "disk0:/asa941-lfbff-k8.SPA"
Config file at boot was "startup-config"

ASA5506-CD up 22 hours 20 mins

**********************

http server enable
http server session-timeout 1440
http 192.168.1.0 255.255.255.0 inside
http 192.168.10.0 255.255.255.0 menage
http 89.70.25.181 255.255.255.255 outside
http 87.204.241.66 255.255.255.255 outside
ASA5506-CD(config)# sh run aaa
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
ASA5506-CD(config)# sh run asdm
asdm image disk0:/asdm-741.bin
no asdm history enable
ASA5506-CD(config)# sh asp table
ASA5506-CD(config)# sh asp table soc
ASA5506-CD(config)# sh asp table socket

Protocol  Socket    State      Local Address                                Fore                              ign Address
TCP       0003d968  LISTEN     192.168.1.251:22                             0.0.                              0.0:*
TCP       00044fa8  LISTEN     192.168.10.1:22                              0.0.                              0.0:*
TCP       000fc188  LISTEN     83.19.131.52:22                              0.0.                              0.0:*
TCP       00e34e68  ESTAB      192.168.1.251:22                             192.                              168.1.52:62061
SSL       01765458  LISTEN     192.168.1.251:443                            0.0.                              0.0:*
SSL       01773b48  LISTEN     192.168.10.1:443                             0.0.                              0.0:*
SSL       01783c08  LISTEN     83.19.131.52:443                             0.0.                              0.0:*
ASA5506-CD(config)# sh run all ss
ASA5506-CD(config)# sh run all ssl
ssl server-version tlsv1
ssl client-version tlsv1
ssl cipher default custom "DES-CBC-SHA"
ssl cipher tlsv1 custom "DES-CBC-SHA"
ssl cipher tlsv1.1 low
ssl cipher tlsv1.2 low
ssl cipher dtlsv1 low
ssl dh-group group2
ssl ecdh-group group19
ssl certificate-authentication fca-timeout 2

Please help..

Piotr Zebrowski

Hi Piotrek,

What is the OS you are running on your PC?

What is the java version?

You can check "java console logs" and "debug http 255" output from ASA while trying ASDM.

Share your findings.

Thanks,

R.Seth

I tried it and Windows 7 x64 with Java 7u9 and u45 and Windows XP java7 and java8_51. Everywhere the message the same
The following message from Java. whether ASDM luncher is 1.5 or 1.6 and the version of Java bugs are similar

strange because the debug http did not respond when I run ASDM luncher

Local Launcher Version = 1.5.71
Local Launcher Version Display = 1.5(71)
OK button clicked
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
 at com.cisco.launcher.s.new(Unknown Source)
 at com.cisco.launcher.s.actionPerformed(Unknown Source)
 at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
 at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
 at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
 at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
 at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
 at java.awt.Component.processMouseEvent(Unknown Source)
 at javax.swing.JComponent.processMouseEvent(Unknown Source)
 at java.awt.Component.processEvent(Unknown Source)
 at java.awt.Container.processEvent(Unknown Source)
 at java.awt.Component.dispatchEventImpl(Unknown Source)
 at java.awt.Container.dispatchEventImpl(Unknown Source)
 at java.awt.Component.dispatchEvent(Unknown Source)
 at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
 at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
 at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
 at java.awt.Container.dispatchEventImpl(Unknown Source)
 at java.awt.Window.dispatchEventImpl(Unknown Source)
 at java.awt.Component.dispatchEvent(Unknown Source)
 at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
 at java.awt.EventQueue.access$200(Unknown Source)
 at java.awt.EventQueue$3.run(Unknown Source)
 at java.awt.EventQueue$3.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
 at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
 at java.awt.EventQueue$4.run(Unknown Source)
 at java.awt.EventQueue$4.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
 at java.awt.EventQueue.dispatchEvent(Unknown Source)
 at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
 at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
 at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
 at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
 at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
 at java.awt.EventDispatchThread.run(Unknown Source)
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
 at com.cisco.launcher.s.new(Unknown Source)
 at com.cisco.launcher.s.actionPerformed(Unknown Source)
 at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
 at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
 at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
 at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
 at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
 at java.awt.Component.processMouseEvent(Unknown Source)
 at javax.swing.JComponent.processMouseEvent(Unknown Source)
 at java.awt.Component.processEvent(Unknown Source)
 at java.awt.Container.processEvent(Unknown Source)
 at java.awt.Component.dispatchEventImpl(Unknown Source)
 at java.awt.Container.dispatchEventImpl(Unknown Source)
 at java.awt.Component.dispatchEvent(Unknown Source)
 at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
 at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
 at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
 at java.awt.Container.dispatchEventImpl(Unknown Source)
 at java.awt.Window.dispatchEventImpl(Unknown Source)
 at java.awt.Component.dispatchEvent(Unknown Source)
 at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
 at java.awt.EventQueue.access$200(Unknown Source)
 at java.awt.EventQueue$3.run(Unknown Source)
 at java.awt.EventQueue$3.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
 at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
 at java.awt.EventQueue$4.run(Unknown Source)
 at java.awt.EventQueue$4.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
 at java.awt.EventQueue.dispatchEvent(Unknown Source)
 at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
 at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
 at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
 at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
 at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
 at java.awt.EventDispatchThread.run(Unknown Source)
Trying for ASDM Version file; url = https://192.168.1.251/admin/
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
 at com.cisco.launcher.y.a(Unknown Source)
 at com.cisco.launcher.y.if(Unknown Source)
 at com.cisco.launcher.r.a(Unknown Source)
 at com.cisco.launcher.s.do(Unknown Source)
 at com.cisco.launcher.s.null(Unknown Source)
 at com.cisco.launcher.s.new(Unknown Source)
 at com.cisco.launcher.s.access$000(Unknown Source)
 at com.cisco.launcher.s$2.a(Unknown Source)
 at com.cisco.launcher.g$2.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
Trying for IDM. url=https://192.168.1.251/idm/idm.jnlp/
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
 at com.cisco.launcher.w.a(Unknown Source)
 at com.cisco.launcher.s.for(Unknown Source)
 at com.cisco.launcher.s.new(Unknown Source)
 at com.cisco.launcher.s.access$000(Unknown Source)
 at com.cisco.launcher.s$2.a(Unknown Source)
 at com.cisco.launcher.g$2.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
 

PZ

Hi PZ,

I think there was no ASDM traffic reaching firewall because of which the debug did not show anything.

Can you try doing https to your ASA and then run ASDM Java app and share your findings.

Thanks, 

R.Seth