I hadn’t used my
Cisco ASDM 5.2 for ASA for a while and when I needed to add a couple of extra users to the VPN it didn’t work.
Everything seemed to load in ok but when I tried to submit my login credentials it hung. I loaded the Java console and got the following exception when I tried to authenticate.
Using JRE version 1.7.0_05 Java HotSpot(TM) Client VM
User home directory = C:\Users\mrn
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
m: print memory usage
q: hide console
s: dump system properties
----------------------------------------------------
ASDM Application Logging Started at Wed Aug 29 12:46:43 BST 2012
---------------------------------------------
Local DM Launcher Version = 1.5.20
Local DM Launcher Version Display = 1.5(20)
OK button clicked
Cache location = C:/Users/mrn/.asdm/cache
Exception in thread "AWT-EventQueue-0" java.lang.ClassCastException:
sun.security.ssl.X509TrustManagerImpl cannot be cast to
com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager
at com.sun.deploy.security.X509ExtendedDeployTrustManager.(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at com.cisco.launcher.w.a(Unknown Source)
at com.cisco.launcher.s.actionPerformed(Unknown Source)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$000(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
The problem is caused by
Cisco ASDM 5.2 requiring Java 6. In spite of having Java 6 and 7 installed, the Cisco software doesn’t know the difference and just accepts the first installation as being the only installation. Version 7 comes first and so the Cisco software tries to use it.
Sun have a couple of internal classes that only sun are supposed to use because they might change without warning. Low and behold they did!
X509TrustManagerImpl no longer has the same interface as
X509ExtendedTrustManager and so we get a
ClassCastException.
In order to work around the problem we must launch the
Cisco ASDM 5.2 from an environment where it only knows about Java 6.
Create a file called
asdm-launcher.bat
and place it into
C:\Program Files (x86)\Cisco Systems\ASDM
. Use your favourite text editor and add the following to the file:
cd C:\Program Files (x86)\Cisco Systems\ASDM
“C:\Program Files\Java\jre6\bin\javaw.exe” -Xms64m -Xmx512m -Dsun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar com.cisco.launcher.Launcher
When the batch file has been saved:
- Create a shortcut on the desktop (or wherever) to use it. To make it more similar to the old shortcut you can change the icon used.
- Right-click on the shortcut and select Properties then Change Icon.
- Click Browse
- Enter
"C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.exe"
and hit return.
- Select the icon you would like and press OK.
There is a file called
"C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.conf"
which contains instructions to launch the Java Virtual Machine (JVM) with certain parameters but I couldn’t get it to pick up a different version of Java. So if anyone knows what goes into that file so that we don’t need a hacked up batch file then let us know in the comments.
I blog things that take ages to find on the interweb but here’s the source of my final solution:
[ https://supportforums.cisco.com/thread/2099390 ]