Java Runtimes JRE7 – Your Java version is insecure popup 3 Comments

This one has been pain in the ass to find out... Since Java 7 (1.7_xx) the security and setting management is a total nightmare. This is so messy you can't find a reliable information on Oracle website... The worse thing is all the mechanism seems to change between versions... from 1.7_01 to _11 is one way to do thing and version after it's done another way... Here is the ugly pop up I want to eliminate from the user interface on the XenApp Desktop. To do so, I had to check every change within files, registry to finally find out everything was located in the registry for this version of java, JRE7 1.7_13... So I wanted to create a GPP to target user connected on the XenApp servers, here is my xml file created from a registry export : Next, I wanted to filter this GPP with a WMI filter, this WMI Query will look for locations of the JRE7 Folder on the System and if found it will apply the policy.   And this works ! I didn't need to do anything with deployment.properties and deployment.config as described everywhere on the Oracle website... (This website is really pain in the ass to find good documentation...) I hope it will help, and I hope Oracle will stop to change the way we need to use to manage Java configuration....

This issue appear on my Presentation Server 4 HR5, 32bit only, x64 servers (Windows 2003 & 2008) were fine after deploying Citrix Edgesight Agent for XenApp 5.2 SP1. (build 5.2.3012.0) Impacted applications : All java applications using more than 706mb of reserved memory, command line example :  c:\Progra~1\Java\jre1.5.0_07\bin\javaw -Xms8m -Xmx1024m -Dcai.starter.jvm.options="-Xms8m -Xmx1024m" -classpath d:\xxxxxxxxxxxxx Visual Studio 2008 Pro SP1 x64 crashes when Citrix Edgesight 5.2SP1 is installed, process CL.exe. Reminder : -Xmsn Specify the initial size, in bytes, of the memory allocation pool. This value must be a multiple of 1024 greater than 1MB. Append the letter k or K to indicate kilobytes, or m or M to indicate megabytes. The default value is 2MB.       -Xmxn Specify the maximum size, in bytes, of the memory allocation pool. This value must a multiple of 1024 greater than 2MB. Append the letter k or K to indicate kilobytes, or m or M to indicate megabytes. The default value is 64MB.  Affected system : Microsoft Windows 2003 R2 Sp2 x32 with Citrix Presentation Server 4 HR5 Error message : Or Even if the Presentation Server all have 4Gb of ram,  and freshly rebooted (567mb memory occupation) the java application doesn't want to start. I first uninstall Citrix Edgesight, and checked everything was fine, it was fine with prior Edgesight for XenApp's version. Someone had the same issue, only one person posted this issue with a java application on Citrix's forums : http://forums.citrix.com/thread.jspa?threadID=261266&tstart=0  About the Visual Studio 2008 SP1 x64 the process CL.exe seems the one to exclude to make it work. Workaround : To avoid EdgeSight for XenApp agent "blocking" a process, you need to hade the executable program to the following registry key : You need to keep in mind, adding file to this registry key excluding them from statistics (information to confirm) Update 30 march 2010 : There is no fix yet for this issue, Edgesight for XenApp 5.3 next version should include the fix, but not before Q2 2010...

These last days I had to find out what was wrong with an extranet publish through XenApp. This extranet is using java and the issue users reported was random disconnection with a java popup. Find out what is wrong with extranet application is very hard because this is just a published browser with an URL pointing to a website in another company, everything works well until one day... My goal was to bring as much information and details as possible to the extranet's support team and I needed to use the java console and grab the most verbose log possible. First you need to publish the Java Control Panel, you can do it easily by make a new publish application and using the executable file called javacpl.exe in the java/bin directory of your Java JRE installation directory. Look the next screenshot for details about published application : Once you Java Control Panel is published you need to grant access to this publish application to the target account and launch it. Then you need to go to the advanced tab and use the same configuration as above : Next, you need to go to Java tab and view to add this command line after the javaw.exe path -Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect -Djavax.net.debug=all The click on Apply the OK to close everything. The setup to trap all the information in the java console is done, now you can open you publish browser and go the the website and get all the debug information you will need to send the the dev of the problematic website. You can test you console/debug mode with this url : http://java.com/en/download/help/testvm.xml it should give you something like that : The word <DEBUG> should appear in the console. If you have any request or detail to ask, just go on the forum and ask.