I don't know how to lower the security level in Java. There are only two options in the Security tab in Java settings - High (selected by default) and Very High. Is it possible to do it in a configuration file of some kind?

All KVM addresses were added to the secure site list with both HTTP and HTTPS prefix. Still the same error.

If I enable Java console and logging, I receive the same error in the console window:

ProtocolAPCP: CONNECTION_TYPE_SSL_ANONYMOUS
OS: Windows 8
DATE TIME:  Connection failed.

I forgot to specify I don't use java 8 yet but I am amazed that you dont have "medium" anymore in the sec settings...

We had opened this bug https://tools.cisco.com/bugsearch/bug/CSCus66699/?reffering_site=dumpcr which was marked as duplicate of https://tools.cisco.com/bugsearch/bug/CSCuo78883/?reffering_site=dumpcr... If you tried the steps in that link and they did not work, I recommend you to open a TAC case and make reference to those two bugs and state you tried what is in there and had no luck, that way we can further investigate what is going on and see if the issue is different and requires further/deeper investigation.

-Kenny

Yes, there is no Medium security settings in Java 8 anymore. I still can connect to the UCS Manager by tinkering with secure site list and ticking checkboxes in popup Java warning windows, but KVM is not accessible.

Unfortunately, we have no active SmartNet package, so I can't open a TAC case.

then try to ping the KVM IP address and see if it is reachable, this does not seem to be a Java problem, unless you tell me that KVM has never worked.

You can also try from another PC running a different Java version (Java 7 u21 always works for me) and see if the issue is isolated to your PC.

Let me know.

-Kenny

All KVM addresses are perfectly reachable from my PC with bot ping and "telnet host 443" commands. I could access all KVMs from my PC before I upgraded Java to v8. The KVMs still can be accessed from another device running Java v7.

Are all of your servers M2, M3 or M4 or you have a few of different types?

This seems to ring some bells https://tools.cisco.com/bugsearch/bug/CSCuj76035/?reffering_site=dumpcr but they are fixed on 2.2(1b) & 2.2(2c) you may try to upgrade UCS to 2.2.2c to test if that solves the issue, however, I dont what is easier, upgrade UCS or downgrade Java?

-Kenny

Keny, I can't see that bug report due to insufficient access rights. Upgrading the firmware makes sense, but it's not the kind of a procedure I'd like to perform when my servers are inaccessible. So it seems right now I have no other solution but to downgrade Java on my PC.

The current version of firmware is 2.2(3e). Maybe I'll install it in the short run anyways.

OK, I thought you had 2.2.1d as that is what you posted in the initial question.. anyways, let us know if you solve the issue, other users will be interested in knowing how this ended up.

-Kenny

I mean that the currently AVAILABLE version is 2.2(3e). :) My servers do run 2.2(1d).

I've solved the problem by installing the latest available version of Java v7 and disabling Java v8. Now I can connect to the servers again. Java v7 asks additional questions about the unsecure SSL certificate it receives from the KVM, and after I confirm that I really want to connect it lets the application start. Java v8 doesn't ask those questions, and this must be the reason for its inability to connect.

Java 7 can be downloaded from here: http://java.com/en/download/manual_java7.jsp

It would still be nice to try to open a case somehow, so we can investigate further and even see if we can open a bug for the investigation.

Please mark the question as answered so others can see you solved it out.  That way someone having the same issue can also try to open a case and get to the root cause.

-Kenny

Keny, I can't mark my own reply as an answer, and I know no other way to mark the entire topic as answered.

I'll see if there is a way to open a TAC case but the chances are slim.

Evengiy,

Alternatively can you try to install Java7.

Then from the Java Control Panel you can check mark which Java version to use or not.

This might save a lot of unnecessary troubles for you.

Please keep me posted.

Regards,

-SK

We are experiencing the same problem.  We are on firmware 2.1(3b).  The KVM works fine on Java 7 but we can not get it to work with Java 8.  Are there any updates on this problem?  Oracle is no longer providing security updates for Java 7. We shouldn't be forced to use an insecure version of Java that will no longer receive security updates.  Has Cisco tried getting this to work with Java 8?  Please provide an update on this issue.  Thanks