Sun Java System Web Server 7.0 Update 7 Release Notes

Known Issues

This section lists the important known issues and limitations at the time of Web Server 7.0 Update 5 release.


The following table lists the known issues in the administration of Web Server.

Table 5 Known Issues in Administration

Problem ID 



A node can be registered to multiple administration servers which may cause a configuration conflict.

It is possible to register a node to a second Administration Server without canceling the registration with the first Administration Server. However, this leads to the nodes becoming inaccessible to both the Administration Servers. 


On each registration, restart the administration node. The administration node will be available to the most recent Administration Server it has registered to. 


wadm command allows connecting to a node, shows a certificate and then throws a 'HTTP 400 Error'.

When an administration node receives a connection, the administration node does not check the connection is from the Administration Server before proceeding. It not only prints an inappropriate error message, but also prompts the user to enter the password.  


Session replication enabled instances does not come up normally, if other instances in the cluster are not started.


After migrating the Java keystore keycerts using the migrate-jks-keycert command, trying to list the migrated jks keycerts using the list-certs command, displays the CN, org and other information instead of the certificate nickname.


While setting the SSL property using the wadm set-ssl-prop command, the server-cert-nickname property accepts any certificate nickname, instead of accepting only the server certificate nickname.


The set-session-replication-prop CLI command does not work if the 'node' option is provided with a qualified domain name.


Use the output of the list-nodes command for the valid names of the nodes in the set-session-replication-prop command.


Specifying "yes" at the wadm prompt crashes the CLI.


When you try to connect to the Administration Server after the administration certificates have expired, an incorrect error message is displayed.


The register-node command gives an incorrect error message when the Administration server runs out of disk space.


If no disk space is available on the device, wadm throws an incorrect error message "Unable to communicate with the administration server".


Executing the migrate-server command with both "--all" and "--instance" options does not result in an error.

A warning or an error message should be displayed indicating that the user is attempting the set mutually exclusive options. 


The Start Instances. button in the Admin Console is enabled for instance which is already running.

The buttons should be enabled or disabled based on the status of the instance. 


wadm allows you to define duplicate user properties.

Adding duplicate user properties does not show an error message; however, a new user property is not created. 


There is no provision to create new Access Control List (ACL) file using the Admin Console or the CLI.


On Windows, using an existing configuration, repeating the process of adding and removing the registered nodes causes validation failure.


MIME Types allows MIME value with multibyte characters.


Text in Access Control List page is not formatted.


User can be switched between `available' and `selected' lists in ACE even though the user is deleted from the authentication database.


No warning is issued before the deletion of key or the digestfile authentication database.


Administration Interface allows you to create a new user with multi-byte User ID in the keyfile authentication database.


User and Group table in the Admin Console displays the entire result in a single page.


Labeling of the Request Certificate and Install buttons in the Admin Console Create Self-Signed Certificate page needs to be revised.


Add and Remove buttons are enabled in new ACE window even if no items are present in the `Available' list.


Admin Console truncates the display of server logs at 50 lines or 2 pages.


No validation exist to check the entry of wrong country code in the certificate request wizard.


In the Admin Console, no text field description is provided for virtual-server, authdb, dav collection, and event fields .


Admin Console shows wrong JDK version while creating a new configuration.

The JDK version displayed in the Admin Console is 5.0 u6 instead of 5.0 u7. 


Style formatting is lost after restarting the Administration Server from Nodes -> Administration Server General tab.


Attempting to access the Admin Console in another tab of the same browser does not work.


View Log displays result in a single page.

Although the search criteria selected for record size is 25 log entries, the log displays the results in one single page even if there are more than 50 log entries. 


Token mismatch error is displayed when you remove the token password and then reset it in the Common tasks -> Select configuration -> Edit configuration -> Certificates -> PKCS11 Tokens page.


The Virtual Server Management->Content Handling->Document Directories->Add should have a browse option to choose the path of a additional document directory.


Message displayed about WebDAV collection locks in the Admin Console is misleading.

If you specify the time-out value for the WebDAV collection as infinite, the Common Tasks->Select Configuration ->Select Virtual Server->Edit Virtual Sever ->WebDAV->Select collection page displays the message DOES NOT EXPIRE. What it actually means is that the lock does not expire automatically after a specified time or the time-out is infinite.


Incorrect error message is displayed on setting empty token password using the `Set passwords' button.


Instance fails to restart if you try to edit a token password and deploy a configuration on an instance which is already running.


The Admin Console displays an exception when you delete a configuration and click on the Migrate button.


The Admin Console Review screen in wizards should only show fields that have values.


During migration, the log-dir path permission is not validated.


Cannot log in through the Administration CLI if the administration password has extended ASCII characters.


The error-response file name should be validated.


Administration server starts with expired certificate; wadm should warn about expired certificates.


The unregister-node command should also clean up certificates on the administration node.


WebDAV lock CLIs do not work in a cluster environment.


Multiple installations of the administration nodes on the same node that is registered to the same administration server should be not be allowed.


Accessing the administration node URL results in Page Not Found error.

As the administration node does not have a GUI, accessing the administration node URL results in Page Not Found error.


No validation for class path prefix and suffix, and native library path in JVM Path Settings in Java.


The server.xml elements should be grouped based on functionality.


On Windows, Administration Server moves the Web application files physically before stopping the Web application.


The Admin Console misleads user with "Instance modified" message when runtime files gets created in the config directory.


Trust store does not deleted on uninstalling the administration node after unregistering it with the administration server.


Changes made to the JavaHome property does not get saved after restarting the instance.


Need better validation in certain text fields to prevent obj.conf file corruption.

Most of the functional validation of the data in a form is done in the back end. The GUI has only minimal checks such as empty fields, integer values, and ASCII values. Hence, the GUI stores the data in the obj.conf when parsed gets corrupted .


Executing the restart-admin command followed by the stop-admin command throws exception in administration error logs.


On Windows, the Admin Console intermittently fails to come up.


  1. This problem is seen on Windows 2003 if you have "Internet Explorer Enhanced Security Configuration" enabled.

  2. To access the Admin Console without disabling Enhanced Security feature, include the site in the list of trusted sites explicitly on the browser.

  3. To disable Internet Explorer enhanced security configuration, go to Control Panel > Add/Remove Programs > Add/Remove Windows Components.

  4. Deselect the check box next to Internet Explorer Enhanced Security Configuration.

  5. Restart the browser.


Once config changes are made it is found that file ownership changes in docs directory

When a user creates a directory, adds some files and deploys them under the docs directory, the ownership of all files under this directory, changes to the owner who installed Web Server.  


The user directories should not be created under docs directory. 


Web Server 7.0 Administration CLI does not accept multibye characters as input.

Admin CLI does not accept input strings which has multibyte or non-ascii characters. For example, if you are entering an input value containing a non-ascii character (Felhasználók) along with the command, the input value will be garbled as below:  

wadm>  set-authdb-prop --config=test --authdb=sajit


While modifying the server.xml file manually, to enter base DN value, you have to type the URL encoded sequence as input instead of multibyte characters. For example, type:: "Felhaszn%C3%A1l%C3%B3k" instead of "Felhasználók"


The Admin server throws an error as the postpatch script for patches 125437-14 and 125438-14 are not Alternate Root compliant.


  1. Boot the alternate boot OS after adding the patch to the alternate boot environment.

  2. Start the admin server.

    The admin server fails to start and throws the below error message:

    java.lang.NoClassDefFoundError: com/sun/scn/client/comm/SvcTagException
  3. Edit the web server postpatch script to define the ROOTDIR value as / or /space, where JES base path is given.

    bash-3.00# cat postpatch
    # Copyright (c) 2007 by Sun Microsystems, Inc.
    # All rights reserved
    export PATH
    BASEDIR="`pkgparam -R $ROOTDIR SUNWwbsvr7 BASEDIR 2>/dev/null`"
    if [ -n "$BASEDIR" ]
        if [ -f "$INSTALL_DIR/lib/wsenv" ]
            . "$INSTALL_DIR/lib/wsenv";
            WS_IS_JES=1; export WS_IS_JES
  4. Run the script to complete the upgrade.

    bash-3.00# ksh /tmp/postpatch 
     "//opt/SUNWwbsvr7/lib/perl/perl" -I "//opt/SUNWwbsvr7/lib/perl" -I 
    "//opt/SUNWwbsvr7/lib/perl/lib" -I "//opt/SUNWwbsvr7/lib/perl/lib/site_perl" 

    The admin server starts without any error.


Unable to login to Admin server using Mozilla Firefox 3.0


  1. On the Solaris 10 platform, Mozilla Firefox 3.0.4 browser, go to Edit-> Preferences-> Advanced-> Encryption-> Server tab.

  2. Click Add Exceptions...

  3. Enter the address of the website you want to access in the text area and click Allow


An OpenSolaris 2008.11 Bug 4788 causes a serious impact on Web Server.

Web Server's certificates are affected during deployment of Web Server on OpenSolaris 2008.11, with the below warning: 

roott# /opt/webserver7/admin-server/bin/startserv 
Sun Java System Web Server 7.0U4 B12/02/2008 02:49
warning: CORE1235: SSL server certificate Admin-Server-Cert
is not yet valid.

An OpenSolaris Bug 4788, with time, causes this problem. For more information about this, see Bug 4788.


Reboot your server after deploying OpenSolaris 2008.11 and correct the server time. 


FastCGI suid environment for Red Hat Enterprise Linux

To get the FastCGI suid environment to work on Red Hat Enterprise Linux, perform the following steps:

  1. cd <webserver_install>/plugins

  2. chown webservd fastcgi

  3. cd fastcgi

  4. chmod 4755 Fastcgistub

  5. Add the following lines in /etc/

  6. Run ldconfig

  7. Restart the Web Server

    Note –

    The file system where the Web Server is installed and the /tmp directory should have permission to run the suid program, The file system should not be mounted with the nosuid option.


The following table lists the known issues in the core of Web Server.

Table 6 Known Issues in Core

Problem ID 



Any URI that does not end with the "real" file name fails to execute properly, resulting in a “No input file specified” error.

For PHP users:

Web Server 7.0 Update 4 populates the environment variables REQUEST_URI and SCRIPT_FILENAME for FastCGI and CGI applications. The introduction of the SCRIPT_FILENAME variable causes PHP to display a No input file specified PHP error for scripts that are mapped to virtual URIs, that is, URLs ending with / instead of /index.html or URLs making use of Web Server 7.0's URI rewriting feature. The affected PHP versions are 5.2.5 through 5.2.9. For more information, see


If a PHP application is mapped to a virtual URI, then cgi.fix_pathinfo should be set to 0 in the php.ini file. This setting is required for many popular PHP applications like Drupal, Wordpress, Joomla, etc.

However, this setting will cause PHP applications that rely on path-info like /foobar.php/baz/ to return a No input file specified PHP error. If a PHP application relies on path-info, then cgi.fix_pathinfo should not be disabled.


When there is an error executing an obj.conf directive, the filename and line number where the offending directive was found are not logged.


When server.xml schema validation fails due to a data type constraint violation, it displays an error message that does not describe the set of valid values for the element.


All HTTP header parsing error are not logged with the client IP and a description of the error.


set-variable SAF could not set predefined variable.


Server treats non-interpolated strings that contain $$ character constants as interpolated.

When a parameter value contains a $$ escape, the server constructs a PblockModel for the parameter block. This is unnecessary because $$ is a constant.


The following table lists the known issues in the FastCGI.

Table 7 Known Issues in FastCGI

Problem ID 



The fastcgi stub does not properly close all the processes when reuse-connection is set to true.

Configure Web Server 7.0 to work with PHP as a FastCGI plug-in and set reuse-connection=true. When you shutting down the server or reconfiguring the server, the fastcgi() process and its child processes are left behind and not killed properly.


The following table lists the known issues in the installation of Web Server.

Table 8 Known Issues in Installation

Problem ID 



Uninstalling the administration node does not delete itself from the administration server node.

After installing the administration node and registering it with the administration server in the Node tab, the administration node is listed in the Node tab. When the administration node is uninstalled, the administration node entry remains in the Node tab. 


Cannot install if the setup is started from a shared folder on the network.

On the Windows platform, unable to install the product when the installer setup.exe is started from a shared network folder on another machine.


On Windows, installer crashes in CLI mode, if the administration password is >= 8 characters.

If the administration user password is greater than eight characters, then any invalid input to the administration port, web server port, or the administration user ID crashes the installer. 


When installing Web Server 7.0 on the Windows platform using the command-line interface (CLI), the administration password must be set to less than (<) eight characters. 


On Windows, need icons for objects in Programs folder.

The objects in the Sun Java System Web Server 7.0 folder on Windows are created with default Windows program icons and do not have specific icons that denote Sun programs. 


The CLI installer does not handle ctrl+c while entering the password.

The installer does not accept ctrl+c and hence the terminal becomes unusable.


RH5.1 user cannot install Web Server 7.0 Update 3 using GUI mode


To overcome this failure: 

  1. Use the CLI based installer.

  2. Create a symbolic link to the xdpyinfo command. For example,

    [root@server bin]# ln -s /usr/bin/xdpyinfo /usr/X11R6/bin/xdpyinfo


Registration Options panel UI sometimes doesn't show up properly

The 'Registration Options' GUI in the installer does not show up properly sometimes.  


Resizing the installer window will fix this issue. 

Migration and Upgrade

The following table lists the known issues in the migration and upgrade areas of Web Server.

Table 9 Known Issues in Migration and Upgrade

Problem ID 



Incorrect migration occurs while migrating from Web Server 6.0 to 7.0 if the installed.pkg file is not found.

In Web Server 6.0 to 7.0 migration, if the installed.pkg file is missing, Web Server incorrectly migrates the NSServlet entries in the magnus.conf file.


6.x -> 7.0: Migrated scheduled events still points to 6.x paths in the server.xml file.



6.1->7.0: Migration does not handle relative path set for search-collection-dir correctly.

During instance migration, specifying a relative path for the target path into which the search collections should be copied, results in the search collection directory being created with respect to the config-store. When the instance is instantiated, the indexes are created without properly migrating the search collections.


6.x->7.0: Migration ignores any "document-root" NameTrans specified in the obj.conf file.


On Windows, Web Server Admin Console does not appropriately warn users during migration.

Administration Server does not detect if the selected new configuration or the service name already exists on Windows and hence does not appropriately warn the users to select a different configuration name or suggest a different configuration name as default. 


Web Server 7.0 migration tool is unable to successfully migrate from Web Server 6.1 if it has Root Certs installed in it.


The request processing behavior has changed in Sun Java System Web Server 7.0 Update 2 release.

This change does not manifest while using Web Server 7.0 Update 2 RPP. 

A modification in the Web Server's request processing engine to fix a significant error in Web Server, has changed the order in which the web server processes objects and directives in the server's obj.conf file. This correction now guarantees that the below rules are applied while processing a request:

  • All ppath objects that apply to a request are evaluated

  • If there is a named object that applies to a request, it will take precedence over any ppath objects in cases where the two conflict. If your obj.conf file contain ppath objects, evaluate them to determine if your obj.conf file requires any modification. As a consequence of the above change in the request processing behavior, when you upgrade previous Web Server versions to the Web Server 7.0 Update 2, or later, you may have to make minor changes to the obj.conf files, as listed below:

  1. Using IF directive

    In the following example, directives contained in the ppath objects will not be invoked when an explicit JSP extension is found in the request URI, as the ntrans-j2ee NameTrans SAF will apply to a JSP extension and cause the object named j2ee to be evaluated next. The WebLogic proxy service used here to forward requests to the WebLogic server is no longer invoked, although there are no modifications made to the obj.conf file. As a result, the web server sends the request to it's own web container, instead of the WebLogic proxy, resulting in failure of the request.

    In the obj.conf file, default object, add a conditional statement to the ntrans-j2ee service with the problem URIs, as shown below:

    <Object name="default">
    AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
    #Adding <IF...> and </IF> bracketing to compensate
     for change in ppath processing
    <IF $uri !~ ".*WebApp/.*" >
    NameTrans fn="ntrans-j2ee" name="j2ee"
    PathCheck fn="find-index-j2ee"
    ObjectType fn="type-j2ee"
    Error fn="error-j2ee"

    <Object name="j2ee">
    Service fn="service-j2ee" method="*"
    <Object ppath="*/examplesWebApp/*" >
    Service fn=wl_proxy WebLogicPort=7001
    <Object ppath="*/ejemploWebApp/*">
    Service fn=wl_proxy

    This allows the ntrans-j2ee to be executed only when the URI's do not match.

  2. Using assign-name NameTrans

    In simple scenarios, you can change ppath objects to name objects by using assign-name in the default object. This allows the assign-name to be executed ahead of ntrans-j2ee.

    <Object name="default">
    NameTrans fn="assign-name" from="/examplesWebApp/*" name="examples_proxy"
    NameTrans fn="assign-name" from="/ejemploWebApp/*" name="ejemplo_proxy"
    NameTrans fn="ntrans~j2ee" name="j2ee"
    <Object name="j2ee">
    Service fn="service-j2ee" method="*"
    <Object name="examples proxy" >
    Service fn=wl_proxy WebLogicPort=7001
    <Object name="ejemplo proxy">
    Service fn=wl_proxy WebLogicPort=7002
  3. Disabling

    Turning off Java Web container support on web server will ensure that the JSPs will be handled by WebLogic proxy function. However, this is only suggested when you do not intend to host Java content in the proxying tier.

Sample Applications

The following table lists the known issues in Sample Applications of Web Server.

Table 10 Known Issues in Sample Applications

Problem ID 



sendmail.jsp shows incorrect file to be edited to specify for javamail sample application.


To set, edit the and not the build.xml as specified in install_dir/samples/java/webapps/javamail/src/docroot/sendmail.jsp.


The following table lists the know issues in the search functionality of Web Server.

Table 11 Known Issues in Search

Problem ID 



Search engine fails to index password protected PDF document

If a PDF document is password protected and encrypted, the search engine fails to index the document's metadata. As a result, the requested search fails.  


The following table lists the known issues in the security area of Web Server.

Table 12 Known Issues in Security

Problem ID 



Limitation supporting basic and digest-based ACLs for resources in the same directory.

If the server uses digest and basic-based ACLs in different parts of their doc tree, attempting to use both simultaneously on different files or resources in the same directory is not possible. 


TLS_ECDH_RSA_* require the server cert signed with RSA keys.

Cipher suites of the form TLS_ECDH_RSA_* requires server to have an ECC keypair with a cert signed using RSA keys. Note that this precludes using these cipher suites with self-signed certificates. This requirement is inherent to these cipher suites and is not a bug. The server should detect and warn about wrong configurations related to these cipher suites but currently it does not do so.

Session Replication

The following table lists the known issues in the session replication functionality of Web Server 7.0.

Table 13 Known Issues in Session Replication

Problem ID 



Descriptive error message is not displayed when an error occurs remotely.

When an exception occurs remotely, error messages are logged in the error log of the remote instance. However, the local instance currently displays a generic remote exception which does not clearly indicate which error log that the user must view. 


Session replication does not failover correctly when cookies are disabled on the client.


When enabled, session replication should be the default session manager.

After enabling session replication by using the Admin Console or the CLI, or by editing the server.xml file, session replication is not really enabled. Instead, sun-web.xml needs to be manually edited.


A minor data loss occurs, as async cluster is not available.

It is observed that a small amount of http session data loss can occur in few cases. Asynchronous implementation, by using asnyc parameter, in session failover might resolve this issue.  

Web Container

The following table lists the known issues in the web container of Web Server.

Table 14 Known Issues in Web Container

Problem ID 



Web container writes to stderr.


Incorrect web application session statistics for MaxProcs > 1 mode.

Web Server runs in multi-process mode. The MaxProcs configuration variable in the magnus.conf is used to set the maximum number of processes. If the value for MaxProcs is set to greater than 1, the Web Server uses mmap-based session manager so that the session could be shared among different JVMs. While collecting statistics from multiple processes, web application MBeans provide session for individual MBeans. There is no way to find the true number of sessions by seeing individual MBean's web application session statistics.



Web container deletes the disabled web application MBeans object.

When the web application is disabled by setting the <enabled> element to false in the server.xml file, the web container deletes the web application's MBeans and hence treats it as a closed or deleted web application. Since disabled objects are deleted, statistics are also lost.


No information is logged in error logs at the finest log level on successful JNDI resource creation.

6422200 does 1 byte reads.

When reading the server.xml file, the first line containing the XML version number and the encoding is read 1 byte at a time.


Servlet container creates a thread per virtual server.


REQ_EXIT causes javax.servlet.ServletException.


The following table lists the known issues in the localized version of Web Server.

Table 15 Known Issues in Localization

Problem ID 



Search filter “*” does not work correctly for multi-byte strings.


There is no functionality equivalent to use-responseCT-for-headers in Web Server 7.0.

Response header encoding is enabled at the web-app level by setting the value of the configuration parameter use-responseCT-for-headers to any of the values; yes, true, or on in the web-app/sun-web.xml file.

For example, set Response header encoding as follows: 

<parameter-encoding form-hint-field="j_encoding"/>
<property name="use-responseCT-for-headers" value="true" />


Creating socket error message is not localized.


patchrm 125437-15 fails if they are installed in Japanese locale.

Installing patchrm 125437-15 in Japanese locale fails and throws the below error: 

WARNING: patchrm returned <7>

The log file output is as below:  

 XXXXXXXXXXXXXXXXXXX 4: `(' unexpected pkgadd: 
ERROR: checkinstall script did not complete successfully
Installation of <SUNWwbsvr7x> partially failed.

This issue is observed in the following platforms: 

  • SPARC Platform - Solaris 10 with patch 119254-40 through 119254-47 and without 119254-48

  • x86 - Solaris 10 with patch 119255-40 through 119255-47 and without 119255-48


  1. Avoid installing the above listed affected patches. If these patches are already installed, you can remove them by using the patchrm(1M) command to return to a safe patch level.

  2. Avoid installing patches with Japanese locale.

    For more information, see

  3. Apply patch 119254-48 or higher on Solaris 10 SPARC platform and patch 119255-48 or higher on Solaris 10 x86 platform.

Java Enterprise System

The following table lists the known issues in the Java Enterprise System (Java ES).

Table 16 Known Issues in Java ES

Problem ID 



Sun Java System Portal Server search throws exception after Web Server upgrade.

Portal Server search functionality throws exception when upgrading Web Server from Java ES 4 to Java ES 5.  


Note –

Move the existing and library files to an appropriate location, somewhere outside the Web Server's private directories. Once the Portal Server libraries are in a suitable location, that path must be specified for the < path>:< path> in the following commands.

On Solaris platform, perform the following steps: 

  1. Copy the and files from Web Server 6.1 lib directory to an appropriate location.

    Note –

    For HP-UX, the files are and For windows, the files are libdb-3.3.dll and libdb_java-3.3.dll.

    Caution – Caution –

    Do not copy the library files to Web Server 7.0 private directories (For example, lib directory).

  2. Create a directory (mkdir) by name /portal_libraries. Copy the library files and to /portal_libraries.

  3. Use the wadm command to inform the Web Server about the location of the library files.

  4. Get the current native library path setting by typing the following administration CLI command:

    get-jvm-prop -user=admin --config=hostname native-library-path-prefix

    Save the output.

  5. Append the copied and path to the existing native library path by typing the following administration CLI command.

    set-jvm-prop --config=hostname native-library-path-prefix=<existing native library-path>:</portal-libraries-path>

    where, portal-libraries-path is the location of where you copied the and files in Step 1.

    If you do not get any results or output for the get-jvm-prop command, at the command prompt, set the native-library-path-prefix:


  6. Note –

    For Windows platform, use ';' as the separator for native-library-path-prefix parameter as follows:

    native-library-path-prefix=<existing native libarary path>;<portal-libraries-path>

    For non-Windows platform, use the ':' as the separator for native-library-path-prefix parameter as follows:

    native-library-path-prefix=<existing native libarary path>:<portal-libraries-path>

  7. Deploy the modified configuration by typing the following command:

    deploy-config [--user=admin-user] config-name


Migration logs reports a bogus "root is not a valid user" message on Java ES 5.

While migrating from Java ES 4 to Java ES 5 on UNIX platforms, the migration log file reports WARNING: "root is not a valid user". This is incorrect as the "root" user is valid on that host.


A lot of warnings/info messages displayed at Web Server startup on the standard output instead of routing these messages to the log file.