Cisco SDM won't launch

Hi, our company has this Cisco 1841 router, I am trying to load some configuration for Amazon's VPC. The problem is I couldn't get in the SDM page. The SDM page just stuck there and shows nothing. I did some reseach and downgrade my JRE from update 12 to update 11. Still doesn't work. Tried different PCs with different setting combinations. Still no luck.
Appreciated some help from here.

ZZ
zzl630Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mmichaCommented:
You may want to make the IP address apart of the Trusted Sites in IE.

Might want to check this link:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803e4727.html#wp70999

Has guide for setting up SDM.  Verify it is installed on the router and configured correctly.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
zzl630Author Commented:
Hey mmicha,

Thank you for your reply.

I just make sure it is in my trusted site.
Newbee question, how can I verify it is installed correctly without login? Any other way I can communicate with the router?

Thanks,
ZZ
0
mmichaCommented:
I'm not a routing expert...  You may want try to telnet or use putty to create a connection to port 443 and see if it opens.  It probably won't display anything but if it doesn't error out it should give a clue that 443 is at least operating.

Trying another web browser as well may assist.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

zzl630Author Commented:
You are right. It won't show anything. But at least I can use telnet to log into the router.
Any chance you know how to create a CSR file using telnet?

Thanks,
ZZ
0
mmichaCommented:
Sorry, you getting beyond my knowledge.

I'm not sure if your telnetting to port 25, or 443.  I was suggesting telnetting: "telnet 192.168.1.1 443" to see if that port is open on it.
0
zzl630Author Commented:
My port is open but still can't open sdm.
0
Melannk24Commented:
Have you completely uninstalled java, removing all files?  Java has a nasty way of leaving files even after you downgrade or upgrade.  We've had problems with ASDM and SDM launching and they were all java issues.   Completely remove all instances of java, remove any leftover files manually and then install the correct version to work with the SDM.  Also, make sure there is no other program grabbing the jre files either, that will cause SDM to hang as well.  Also, if you have any other user logged in locally to SDM while you are trying to load it as well, it will hang too.   It cause a memory allocation error and java pukes.  
0
zzl630Author Commented:
Thanks for your reply, Melannk24

I uninstalled from windows' control panel. Let me try to clean it up completely.

Thanks,
ZZ
0
Melannk24Commented:
Take a look under AppData and cleanup any entries in the Cisco SDM directories too!   What OS are you running on these PCs?  I know with XP you have to run version 5 with update 11, I think.  That is one thing I hate about the Cisco apps, the dependency of java and how it is so easily broken with the necessary java security updates.   Java is highly exploitable and we do not run it here unless it's an absolute necessity.  
0
zzl630Author Commented:
I have this running on my Windows 7. I tried other 3 laptops ,2 servers, windows 7, windows XP, all combinations, none of them works.

Do you know any way to comletly clean up Java? It seems windows control panel doesn't work that well.

Thanks,
ZZ
0
Ernie BeekExpertCommented:
To respond to an earlier question, you should be able to connect to the router using telnet (port 23), ssh (port 22) or through the console. For telnet, ssh and even the console connection you have a nice tool called putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) with which you can connect with any of the formentioned methods.
Telnet or ssh have to be enabled in the router to be able to connect that way (as well as the SDM for that matter) but you can always connect through the console. The only thing is that you need a (cisco) console cable for that. the cable has an RJ45 connector at one end (just like a network cable) and a com port connection (DB-9) at the other end. It's a flat blue cable which comes with all of the cisco equipement.

For now I think we must first see if we can get you in to the router through one of these methods. As soon as we get you to a CLI prompt we should be able to fix the rest.

You do have username and password(s) for it, do you?
0
zzl630Author Commented:
Thanks for your response, erniebeek

Now I have no problem with Telnet. I can login,modify the configuration.

If you have time to take a look at my another thread

That is why I am so eager to get from SDM.

My SDM issue is still here. I asked my vendor to solve this problem, still they have no clue.

Thanks,
ZZ
0
Ernie BeekExpertCommented:
Ok, thinking over the other thread as well but now for this one.

Did the SDM work before?

(and now I can go back to your other question :)
0
zzl630Author Commented:
Well, I assume yes.

I am new to my company, we used to using our vendor to do this.  They setted up all routers, VPN, network stuff until recently my boss asked me to take care.

Thanks,
ZZ
0
Ernie BeekExpertCommented:
Rule number one: don't assume anything.
So can't you ask your vendor how they did that?
0
zzl630Author Commented:
Already asked. They used SDM. I even asked the vendor to do the job. But they seem have no clue after 2 months.
0
Melannk24Commented:
Have you tried the JavaRA tool to assist in cleaning up old files that may be left over?  It's worth a try, it's open source though....  not sure if you have restrictions on what programs you can run on these PCs.

http://sourceforge.net/projects/javara/

0
zzl630Author Commented:
Yes I tried. I post another thread on EE to make sure I cleaned up Java completly.

I tried all kinds of version of JRE and browsers, still no luck.

Do I need to include the path to the windows runtime enviroment?

Thanks,
ZZ
0
Melannk24Commented:
Yes, include the path and also the browsers you have tried.   I still think it's a java issue, in some cases users had to install two or three versions back to get it to work.  Very frustrating.
0
Melannk24Commented:
Also, what versions of java have you tried??
0
zzl630Author Commented:
Java 5 update 8
                       22
java 6 update 10
                       11
                       12
                       24
                       
0
zzl630Author Commented:
Someone tried those version on their machines, it worked. Just no luck for me.
0
Melannk24Commented:
Let's go back to the basics....   You say the page just sits there, does the Java applet go to launch and then fails?  Or does it not even attempt to load java at all?  You might have a java version and certificate issue.  There is a md5 / md2 cert error....   it's an easy fix though.

0
Melannk24Commented:
Wait a minute, you haven't tried Java 5 update 9, it's documented (2009) that SDM will work with that one.   Give that a try.........
0
zzl630Author Commented:
I am not sure what is that md5 / md2 cert error, but I do have a certificate error if I log in. What is the solution for this one?
Java 5 update 9 doesn't work for me btw.
0
Melannk24Commented:
I really thought that would work.  What version of SDM are you using, 2.5?


Do the following for the cert error:

Run Internet Explorer, Firefox, etc. and go to Tools->Options->Advanced and deselect the 'use JRE version x.x.x' under the Java (Sun) category. Press OK and restart IE.

2. Try and open SDM again. You should get a security warning asking if you wish to Run the applet. Click on the View Certificate button.

3. Click on the Certificate Path option and you should see the applet as the third in the chain with two Verisign certificates above it.  For each of these Verisign certificates you need to view it, click on the details tab and then 'save to file' button to export the certificate. Export each certificate as DER and save to a convenient locations.

4. Open the Java control panel application and click on the security tab and then the 'Certificates' button.

5. For each category in the drop down box (Trusted certificates, secure site, secure site ca, signer ca) import both certificates that you previously exported. You'll need to change the 'files of type' list box to 'all files' so you can see your exported certificates.

6. Click Apply and close the Java control panel.

7. In your browser change your advanced option back to using the Sun JRE.

8. Restart IE/Firefox and the cert error should be gone.

0
zzl630Author Commented:
Thank you for your detailed answer, Melannk24

I deselected Java and restart IE, I didn't get a security warning for running the applet.

Probaly I didn't explain my question well.

When I try to login the SDM, it pop up a window message.

(You are using HTTP to connect to the router. A more secure protocal(HTTPS) is available. Click OK to use HTTPS, or Cancle to continue with HTTP)

If I choose HTTP, there is no certificate error for me. For HTTPS, there is one. But both won't launch the SDM, just a blank page.

Thanks,
ZZ
0
Melannk24Commented:
Should be accessing it on 443 (SSL).  The router should initially prompt you to download the latest image from the device, which I'm guessing would be 2.5.  

I would try a lone Firefox installation with java for SDM.  In fact, maybe this thread will help.  It's from Cisco Learning Network, pretty good guys over there.

Mar 21, 2011 2:00 PM
Nick B.
Member Nick B.
3 posts since
Jun 14, 2009

Hi,

 

I've spent numerous hours debugging my SDM installations and helping a few others along the way. Today I was presented with a brand-new  Windows 7 Professional x64 box, and I needed SDM to configure my 871 router. I now have the combination working so here are my notes in the hope that they are useful to somebody else!

 

    * Install Firefox 3.6. Set it as your default browser.
    * Download and install 32-bit JRE 1.6.0_03 from the Java Archive. This version is needed for SDM functionality. I specifically chose this version as it wsa the most recent one listed in the SDM 2.5 release notes.
    * Download and install latest 32-bit JRE (at this point 1.6.0_24). This is required for FF to recognise Java is installed.
    * FF popup blocker - if SDM installed on the router then  add it's hostname or ip address to the FF popup exceptions list. If you are running SDM from the PC installation then you will need to  disable the popup blocker competely (unless you know of a way to add local content to the popup blocker exception list).
    * Go to Windows Control Panel and open the Java (32-bit) Control Panel. Select the Java tab then the View button. Click on the User tab and you should see both of the Java versions you have installed. For 1.6.0_03, you will need to add the parameter   " -Xmx256m" to the Runtime Parameters cell. For 1.6.0_24 you will need to uncheck the Enabled check-box. Click OK then OK to exit the Java Control Panel.
    * Install Cisco SDM V2.5 on the PC.
    *   Launch SDM. Enter the device ip address or hostname.  You will then see the user/password web authentication box. Once you have entered these successfully,  accept the warning box that reports an invalid digital signature. You will then get another Java security warning box telling you the application requires an earlier version of Java - click RUN and SDM Control panel should appear.
    * Check SDM for functionality with Configure -> Additional Tasks and if this is OK then you are up and running!

 

Finally, this procedure works for Windows 7 but it should work for other versions of Windows XP, Vista with Firefox 3.6. I have another system with 32-bit Vista so that will probably be the next one for scrutiny.
0
Ernie BeekExpertCommented:
Hi there, sorry for the delay. Had to go abroad (and still am |-).

So after reading through, did you check if SDM is still installed and working on the router (just to ask the obvious :)
0
zzl630Author Commented:
Hey erniebeek, how are you doing?
Hope you doing fine no matter where you are.

Thanks for your answer. I was able to login but faced a issue. I post another thread, if you have time, it is here.

Thanks,
ZZ
0
Ernie BeekExpertCommented:
Yeah, still trying to figure that one out :-~ We allready discussed that so hoping to find an answer for that as well.
But here I meant: you can logon, but is SDM (still) installed?
Have a look at this: http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803e4727.html#wp88569
0
zzl630Author Commented:
Well, here is what I got from "Router# show flash:"

"-#- --length-- -----date/time------ path
1     34414284 May 14 2010 22:55:10 c1841-advsecurityk9-mz.124-24.T3.bin
2         1038 May 27 2010 18:59:20 home.shtml
3         2746 May 27 2010 18:59:20 sdmconfig-18xx.cfg
4       112640 May 27 2010 18:59:22 home.tar
5      1505280 May 27 2010 18:59:44 common.tar
6      6389760 May 27 2010 19:01:18 sdm.tar
7            0 May 14 2010 19:14:52 webvpn
8            0 May 04 2010 18:37:44 webvpn/context_1

35     3203909 Mar 19 2010 20:40:26 webvpn/svc.pkg
36           0 May 14 2010 19:14:52 webvpn/context_2

50     1697952 May 27 2010 19:01:50 securedesktop-ios-3.1.1.45-k9.pkg
51      931840 May 27 2010 19:02:10 es.tar
52      303932 Apr 05 2011 20:02:08 http
"

They are different than the link you send to me. The criteria is "If the show flash command output does not produce a listing similar to the example, SDM is not installed on the router." Not sure similar or not.
0
Melannk24Commented:
Looks like it has an install file of May 27th, 2010.
0
Ernie BeekExpertCommented:
Well, one thing I am missing is the sdm.(s)html. So it looks like a part is there and a part isn't.
It might be a good idea to reinstall the SDM (make a good backup first of course :).
0
zzl630Author Commented:
Yea, I guess so far that is the only option for me. Let me try to do that and see what will happen.

Thanks,
ZZ
0
Ernie BeekExpertCommented:
Good luck.
Any questions? Let me know.
0
zzl630Author Commented:
Sure, thans a lot!
0
Ernie BeekExpertCommented:
Looks to me a reinstall should do it. But we'll need the authors feedback for that.
I think without feedback the best thing to do is to delete this question.
0
zzl630Author Commented:
Still waiting for vendor to do this. Close this question, credit for everyone.

Thanks,
ZZ
0
zzl630Author Commented:
Still waiting for vendor to do this. Close this question, credit for everyone.

Thanks,
ZZ
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.