How to Run Dual Java Versions for Compatibility

Ever get an alert to update Java? (pause for groans)

I don’t know about you, but I need Java to always be updated on my browsers so I’m not vulnerable online and so that newer Java based code always works properly. I also need older Java apps to still be able to run (ASDM particularly). Personally, I run Windows 7 x64 and primarily use Google Chrome as my Internet Browser.

Here is the error I was getting:

Cisco ASDM IDM launcher error

I found a blog by Pete Long which identified that any Java Version past JRE7u45 would cause this issue. Even further, see what Cisco’s release notes say:

Java Version Conditions Notes
7 update 51
  • ASDM Launcher requires trusted certificate
  • Java Web Start requires newer ASDM version or workaround
To continue using the Launcher, do one of the following:

  • Install a trusted certificate on the ASA from a known CA.
  • Install a self-signed certificate and register it with Java. See the ASDM certificate procedure in this document.
  • Downgrade Java to 7 update 45 or earlier.
  • Alternatively use Java Web Start.

To use Java Web Start, do one of the following:

  • Upgrade ASDM to Version 7.1(5.100) or later. This ASDM version includes the Permissions attribute in the JAR manifest, which is required as of Java 7 Update 51.
  • To use ASDM 7.1(5) or earlier, add a security exception in the Java Control Panel for each ASA you want to manage with ASDM. See the “Workaround” section at:

http://java.com/en/download/help/java_blocked.xml

If you already upgraded Java, and can no longer launch ASDM in order to upgrade it to Version 7.1(5.100) or later, then you can either use the CLI to upgrade ASDM, or you can use the above security exception workaround to launch the older ASDM, after which you can upgrade to a newer version.

Source: http://www.cisco.com/c/en/us/td/docs/security/asdm/7_1/release/notes/rn71.html#15907

Well, I wasn’t thrilled with this information, but I did find a solution to my issue. In order to run ASDM (or any JAR application) in an older version of Java but still have the current release in your browser, follow these steps:

  1. Update Java to the newest version. You can easily do this by going to http://www.java.com/en/download/installed.jsp in your browser to get the appropriate version. This provided me with chromeinstall-7u51.exe. (Let this java app uninstall any older versions that it finds.)
  2. Download the compatible version for your Java App. I needed JRE7u45 and found it by visiting the Oracle Java Archive, http://www.oracle.com/technetwork/java/archive-139210.html. You will need to create a free Oracle Account in order to gain Download Access. The Version I needed was: Java SE Runtime Environment 7u45
  3. Run the JRE Install executable and make sure you choose “Change destination folder”. I set mine as ‘C:\Program Files\Java\jre7u45’ Change Destination Folder for Java
  4. You will now need to set an Environment Path for Java to run as jre7u45.
    1. Press the WinKey + R, type ‘control sysdm.cpl’
    2. Go to the Advanced Tab
    3. Click on Environment Variables
    4. Under System Variables, locate ‘Path’ and click Edit
    5. You will then add the java Bin path, mine was ‘C:\Program Files\Java\jre7u45\bin\’
    6. Click OK a few times to save your changes
  5. Now to load your java app in the previous release, you will need to call it from Command Prompt. I used a batch file to complete this with the existing target from the ASDM Shortcut.
    start javaw -jar "C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.jar" -Xms64m -Xmx512m -sun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar
  6. If you need to run a different app, just change the section after ‘start javaw –jar’. Running this in your batch will make sure the Command Prompt window does not stay open while your JAR runs.

This worked for me and allows me to continue using ASDM without worrying about Java auto updating and breaking it or any websites not loading properly. Hope this helps you! As always, if you enjoyed this: Link it; Like it; Subscribe to it!

VN:F [1.9.22_1171]
Rating: 9.6/10 (20 votes cast)

About Fpweb.net Crew

Our business is centered on bringing enterprise-class strategy, support, and security to your hosted or managed platforms no matter where you choose to deploy your environment. We specialize in providing managed services, cyber security, and expert, USA-based, 24/7 Absolute Support® on-premises, or in any cloud.
This entry was posted in Network Administration and tagged , , , , , , , , , , , , . Bookmark the permalink.

9 Responses to How to Run Dual Java Versions for Compatibility

  1. Chad Wright says:

    You, my friend, are amazing. Thank you so much for rescuing my sanity.

  2. Nayyar Sarfaraz says:

    @Chad Wright
    Can you please explain me

    start javaw -jar “C:\Program Files (x86)\Cisco Systems\ASDM\asdm-launcher.jar” -Xms64m -Xmx512m -sun.swing.enableImprovedDragGesture=true -classpath lzma.jar;jploader.jar;asdm-launcher.jar;retroweaver-rt-2.0.jar

    I mean if asdm-launcher.jar is located under C:\Program Files (x86) then why you edit the path under System Variables?

    Nayyar

  3. Damian says:

    This sounds like a necessary weapon to have in the fight between ASDM and Java versions.

    However, I am not technically inclined enough to get it going!

    Would someone who has it working mind assisting? I have the batch created. However, I get an error when running it.

    Advanced thanks.

  4. Brian says:

    Great little tool but cant get it working, when I try to run I get the following errors;

    Error: Could not create the Java Virtual Machine.
    Error: A fatal exception has occured. Program will exit.

    Any ideas?

  5. Dylan Galiffa says:

    What if you have two Java Web applications? We used to be able to install the newest version of Java and then install the older(needed) version and both Web applications will work.

    Now the old Web app prompts, saying its unsigned and makes you accept two prompts and select which version of java you want to use.

    Any ideas?

  6. Dennis says:

    I don’t really see how this makes me less vulnerable? When i visit a malicious site that scans for installed JRE versions it shouldn’t have a problem forcing an older version so that my machine is exploitable.

    So from a security perspective this isn’t really recommendable, or am i missing out on something?

  7. Dennis says:

    Dennis :
    I don’t really see how this makes me less vulnerable? When i visit a malicious site that scans for installed JRE versions it shouldn’t have a problem forcing an older version so that my machine is exploitable.
    So from a security perspective this isn’t really recommendable, or am i missing out on something?

    I found a solution that is more secure and allows u to run the latest Java 7:
    https://blog.hqcodeshop.fi/archives/181-Java-1.7-update-51-breaking-Cisco-ASDM-login.html

    @Dennis

  8. Gregg Eshelman says:

    I need to access a print server on my local network. It runs JAVA and has to be accessed via a web browser by entering its IP address in the address bar.

    I’ve tried all the settings and adding the IP in the exception list but still JAVA says “Nope! Security risk!” and blocks it.

    It’s just sheer idiocy by Oracle, hobbling their own product instead of fixing it.

  9. chaki says:

    thanks…for your post

Leave a Reply

Your email address will not be published. Required fields are marked *

Let's make sure you're human first: *