01-05-2015 01:18 AM - edited 03-03-2019 07:43 AM
We have ASDM installed on an Administration Server in which to provide onward administration to our ASA Firewall. We receive the following error message when we launch ASDM : "Unable to launch device manager from [IP Address]"
We have added the self-signed certificate into the Java Trusted Sites and Secure Sites stores for the computer, ensured that the https://[IP Address] is in both Java trusted sites and IE's trusted sites and the funny thing is, it works for some users (logging onto the same server) and not others which is what leaves us puzzled.
Happy to provide more information if required but I’d be grateful of any help you can provide, we are keen to get this working for all users as there is no central administrative account as many users will need access.
Many thanks
01-05-2015 08:17 AM
I believe the Java trusted sites and Windows trusted root certificate stores are per-user.
So each account on the admin computer would need to have that setup.
01-06-2015 04:07 AM
Hi Marvin,
Many thanks for your reply.
We created a generic 'Sun\Java\Deployment' folder in the local C: drive and created the following text files:
deployment.config
deployment.properties
We have amended the deployment.config file to look at the deployment.properties file which in turn populates the trusted.certs store and the exception.sites list for all users.
We have found that regardless of which use we log in as, the certificate is present as are the exception sites but we still get the same error message for a number of users; even importing the certificate at this stage (whilst logged in as a "non-working" user does not work unfortunately.
Many thanks again,
Hannah
**Update** We have tried both with and without the certificate in the windows store and it hasn't made any difference I'm afraid.
12-07-2015 05:26 AM
Can't remember if it is priv exec mode or config mode, but "ssl cipher default" fixed it for us.
12-06-2015 11:12 PM
Are you able to open the same from Java Web Start ?
12-07-2015 02:41 AM
Hi,
The only way we can administer our ASA is using the Web Interface; ASDM is un-usable for us.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide