Cisco ASDM 5.2 for ASA ClassCastException X509TrustManagerImpl to X509ExtendedTrustManager
I hadn’t used my Cisco ASDM 5.2 for ASA for a while and when I needed to add a couple of extra users to the VPN it didn’t work.
Everything seemed to load in ok but when I tried to submit my login credentials it hung. I loaded the Java console and got the following exception when I tried to authenticate.
Using JRE version 1.7.0_05 Java HotSpot(TM) Client VM User home directory = C:\Users\mrn ---------------------------------------------------- c: clear console window f: finalize objects on finalization queue g: garbage collect h: display this help message m: print memory usage q: hide console s: dump system properties ---------------------------------------------------- ASDM Application Logging Started at Wed Aug 29 12:46:43 BST 2012 --------------------------------------------- Local DM Launcher Version = 1.5.20 Local DM Launcher Version Display = 1.5(20) OK button clicked Cache location = C:/Users/mrn/.asdm/cache Exception in thread "AWT-EventQueue-0" java.lang.ClassCastException: sun.security.ssl.X509TrustManagerImpl cannot be cast to com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager at com.sun.deploy.security.X509ExtendedDeployTrustManager.The problem is caused by Cisco ASDM 5.2 requiring Java 6. In spite of having Java 6 and 7 installed, the Cisco software doesn’t know the difference and just accepts the first installation as being the only installation. Version 7 comes first and so the Cisco software tries to use it. Sun have a couple of internal classes that only sun are supposed to use because they might change without warning. Low and behold they did! X509TrustManagerImpl no longer has the same interface as X509ExtendedTrustManager and so we get a ClassCastException. In order to work around the problem we must launch the Cisco ASDM 5.2 from an environment where it only knows about Java 6. Create a file called(Unknown Source) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) at java.lang.reflect.Constructor.newInstance(Unknown Source) at java.lang.Class.newInstance0(Unknown Source) at java.lang.Class.newInstance(Unknown Source) at com.cisco.launcher.w.a(Unknown Source) at com.cisco.launcher.s.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) at java.awt.Component.processMouseEvent(Unknown Source) at javax.swing.JComponent.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEventImpl(Unknown Source) at java.awt.EventQueue.access$000(Unknown Source) at java.awt.EventQueue$3.run(Unknown Source) at java.awt.EventQueue$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.awt.EventQueue$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.run(Unknown Source)
asdm-launcher.bat
and place it into C:\Program Files (x86)\Cisco Systems\ASDM
. Use your favourite text editor and add the following to the file:
cd C:\Program Files (x86)\Cisco Systems\ASDM “C:\Program Files\Java\jre6\bin\javaw.exe” -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.LauncherWhen the batch file has been saved:
- Create a shortcut on the desktop (or wherever) to use it. To make it more similar to the old shortcut you can change the icon used.
- Right-click on the shortcut and select Properties then Change Icon.
- Click Browse
- Enter
"C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.exe"
and hit return. - Select the icon you would like and press OK.
"C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.conf"
which contains instructions to launch the Java Virtual Machine (JVM) with certain parameters but I couldn’t get it to pick up a different version of Java. So if anyone knows what goes into that file so that we don’t need a hacked up batch file then let us know in the comments.
I blog things that take ages to find on the interweb but here’s the source of my final solution:
[ https://supportforums.cisco.com/thread/2099390 ]1 comment
Comment from: blake [Visitor]

Form is loading...
add the following to the asdm-launcher.config file:
javapath c:\Program Files\Java\jre6\bin\client\jvm.dll