Alert: Java JRE 7u51 breaks vCloud Uploads Everything

Update (8/4/2014): I have created a tutorial on how to create a ThinApp package to help get around this, check it out!

—-

This morning it came to my attention that my customers were no longer able to upload any media (OVFs or ISOs) to their vCloud catalogs. This seems to be due to the most recent Java JRE version released by Oracle.  The behavior I experienced was that the applet would appear to load but when I would click on the browse button nothing would happen.  This happens across all different browsers and browser versions.  The reason for this seems to be a change in the requirements for certificates and applet signing in JRE 7uU51.

Luckily, there is a quick workaround for this:

1. Open Configure Java control panel, navigate to Security then Edit Site List.

Q1pCY

 

2. Type the URL for your vCloud instance in the blank and Click Add to add (repeat for multiple URLs), click OK

vACny

 

Thats it!  This really is a workaround, I am not sure what the final solution will be but this got my customers and I back into business for now.  If anyone has more information, let me know!

Update: It seems that this update actually breaks everything from HP iLO to vCenter Orchestrator, I am still searching for a better workaround if anyone knows of one.

Update 2: There are reports of this breaking Cisco UCS, Dell iDRAC, vCloud VPN and EMC Unisphere as well.  It might be safe to say that most Java based management tools are going to be effected.  VMware has released a KB article about their parts of it, check it out here.  One interesting thing in the KB is that the upload portion of this issue does not effect vCloud 5.5 as this uses the Client Integration Plugin.

Update 3: Setting the security level to “Medium” also seems to work for most things.

K6f0z

5 Responses to Alert: Java JRE 7u51 breaks vCloud Uploads Everything

  1. Brian January 28, 2014 at 5:14 pm #

    Don’t set your security down to medium if the machine connects to the internet in any way. Java is the largest malware vector in the world right now, and you will be opening yourself up to more by going to medium.

  2. Znapel January 28, 2014 at 5:16 pm #

    I knew this day would be coming. When I got my first Dell server a few months ago it gave me a warning when connecting to iDrac. Something about how the code wasn’t signed and how in future that wouldn’t be cool. I remember wondering what would happen, glad there’s a workaround.

  3. ben January 28, 2014 at 7:05 pm #

    I totally agree Brian, the safest thing to do is whitelist at this point, aside from maybe building a non-persistent sandbox VM.

  4. Dennis January 28, 2014 at 10:09 pm #

    Try disabling the Temp files settings in Java. Go to Java Config. Click the General Tab, settings button and uncheck “Keep temporary files on my computer”.

  5. Jenni Pasternik January 29, 2014 at 6:14 pm #

    I ran into this same problem at a client, the only thing I had to do was close all browsers first and click the button that says “Restore Security Prompts”, Worked for me, hope its works for you!!

Leave a Reply