cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
442646
Views
245
Helpful
54
Replies

Unable to launch Device Manager - ASDM issue

anthonyludlow
Level 1
Level 1

Hi There,

I have recently upgraded our spare ASA 5510 router to version 9.1(3) with ASDM image Version 7.1(5)100.

The client i'm attempting to run the ASDM launcher on is Windows 7 x64 running the latest version of Java (7 update 5).

I am able to get to the main screen when I https to the device.  I can install the ASDM launcher, but once I enter the hostname and Password I receive the following error "Unable to launch Device Manager 192.168.X.XXX".

I have gone through a check list and I can confirm the following:

- the 3des-sha1 licence is enabled

- Http server is enabled for my clients subnet

- ssl encryption is enabled

- Tried Firefox and IE10

When I attempt to run the ASDM via the browser I get as far as asking for the password and although the initial prompt seems to accept it, another authentication box appears asking for it over and over again in an endless loop.

I have been through many forum posts and check lists, but cannot seem to pinpoint this problem.

If it helps, the box was previously flashed back to factory-default before I then applied the configuration from scratch (based on the config of our live ASA 5510).

Can somebody help please?

Thanks

54 Replies 54

Prateek Verma wrote:

Hi,

I would suggest you to downgrade the java to version 7 update 45. It should work after that.

- Prateek Verma

Hi Prateek,

I have now downgraded my Java client to v7 Update 45 as you suggested, but I'm now being told that the password I'm entering for the ASDM is invalid, which isn't the case!!

Any thoughts?

Hi Anthony,

Since, you must have following command on ASA:

aaa authentication http console LOCAL

Along with that , there should be a username and password in ASA's local database. So try to configure following command and then check:

username cisco password cisco

After this try to access ASDM with username and password both cisco and check whether it works or not.

- Prateek Verma

Prateek Verma wrote:

Hi Anthony,

Since, you must have following command on ASA:

aaa authentication http console LOCAL

Along with that , there should be a username and password in ASA's local database. So try to configure following command and then check:

username cisco password cisco

After this try to access ASDM with username and password both cisco and check whether it works or not.

- Prateek Verma

This suggestion worked Prateek as previously we'd never had a username configured on our device, so I presume something has been changed in the most recent firmware update which means that you HAVE to have a Username, would I be correct in saying that?

Thanks

An easier way to get around the problem of Java 7 update 51 and ASDM on Windows computers is to point your browser to https:// and chose the option to open ASDM as a Java Web Start Application. ADSM should then start fine and you won't have to downgrade Java and open up security holes that were patched in v. 51.

Then go to the Java control panel item and on the "General" tab under "Temporary Internet Files", click the "View" button, click once on the item with ASDM in it to select it and then click the top row icon that looks like an arrow pointing up and to the right. This will place a shortcut to open the ASDM on your desktop. Suggest you then delete the old desktop icon for starting ASDM as a local app since that no longer works anyway.

Sent from Cisco Technical Support iPad App

" ...

click once on the item with ASDM in it to select it and then click the  top row icon that looks like an arrow pointing up and to the right. "

This does not work for me because the arrow is greyed-out.  BTW I hate java ...

Steve

That's interesting. I went back in and now the arrow icon is greyed out on my computer too - but then I already have the shortcut it previously created on my desktop. I could remove the shortcut and see if the arrow is no longer greyed out but don't want to risk not being able to recreate it. I hate Java too but have some apps that require it - like Cisco ASDM.

You can still start ASDM with Java 7 update 51 on your computer by browsing to https:// and choosing "Java Web Start". IMHO that's way better than Cisco's solution of downgrading the Java version and leaving yourself open to security issues that version 51 (and later) have patched.

Ok, here is something odd. I just now looked on my desktop for the first time in several days (it is normally hidden by a gaggle of open windows), and there was an icon that sure looks like it was created when I tried what you described - even  though the icons was greyed out. Or perhaps the mere act of launching the Java Web Start created it??

The Target for the icon is:

C:\Windows\SysWOW64\javaws.exe -localfile "C:\Users\xxxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\70b3fe2b-31e71a37"

and the Start In is blank.

When I launch it, sure enough it brings up the Java WebStart style ASDM launcher, which is different from the stand-alone version that is broken by the new JAVA 7.whatever.

Puzzled,

Steve

I'm pretty sure it created the icon on your desktop when you first clicked the arrow. As I recall, when I first added the shortcut by clicking the arrow icon nothing apparent seemed to happen, but I looked at my desktop and there it was.

Glad it worked for you!

Stwilliams,

Thanks this helped me allot,

Thanks Again.

Ahmed

Folks,

Don't forget that you have to allow the network or at least the workstation IP that is connecting to the ASA, permission to get to use HTTP to get to the device.

http 192.168.0.0 255.255.255.0 ASA_Device_Network_Name

This is required even if the ASDM computer is on the same subnet as the ASA. In our case 192.168.0.10 is the ASDM computer. The ASA is 192.168.0.1. The 192.168.0.0/24 subnet is named MANAGEMENT. So our command is...

http 192.168.0.0 255.255.255.0 management

Hope that helps someone.

 

The 192.168.0.0/24 subnet is named MANAGEMENT. So our command is...

http 192.168.0.0 255.255.255.0 management

Thanks for kylewent

the key command also been used on outside interface, the message unable launch device manager don't prompt anymore.

 

 

Not sure if I am in the right forum LINE. my issue is that I can get the program to launch, it give the popup that the website is not trusted but option to continue, I do so and then the ASDM launcher seems to complete the update and then,, I get a windows circle of death. My setup is defaulted right now other than the lines i read to add. it did not work before or after the adding of aaa authentication http console LOCAL

 

 

My issue has been resolved with new Java version and certificate.

This issue comes specially when restoring an ASA. In addition to Java compatibility and settings, the follow is required to get the device back to normal.

1. Load compatible ASA and ASDM images, you can check this on Cisco website

2. Enable 3des-sha1 by installing the appropriate license

3. Generate an encryption key, crypto key generate mypubkey rsa modulus 2048

4. Allow https/ASDM access (http server enable, http x.x.x.x y.y.y.y interface-name)

This solved our problem with 7.8.2 ASDM launching on Win7 (Java 8.x).  Once the exception list was updated with the device IP we were able to connect to our ASA's.

I realize this is an old thread but wanted to let others know this solved our issue as well with given our parameters.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: