Sun Java System Web Server 7.0 Update 1 Release Notes


The following table lists the known issues in the administration of Web Server.

Table 4 Known Issues in Administration

Problem ID 



A node can be registered to multiple administration servers which may cause a configuration conflict.

It is possible to register a node to a second Administration Server without canceling the registration with the first Administration Server. However, this leads to the nodes becoming inaccessible to both the Administration Servers. 


On each registration, restart the administration node. The administration node will be available to the most recent Administration Server it has registered to. 


wadm command allows connecting to a node, shows a certificate and then throws a 'HTTP 400 Error'.

When an administration node receives a connection, the administration node does not check the connection is from the Administration Server before proceeding. It not only prints an inappropriate error message, but also prompts the user to enter the password.  


Cannot access shell/system variables from wadm.


wadm does not inherit the shell environment variables. However, to make the shell variables it available to wadm, use

"java::call System getenv env_var_name

For example: 

For accessing the shell environment variable MAIL from within wadm, type the following command at the wadm prompt:

wadm> java::call System getenv "MAIL"


User and password dialog presented instead of directory index.

By default, Web Server 7.0 does not send a directory index unless the user has been authenticated. Attempting to access a directory prompts the user to enter a user name and password. This occurs because the default Access Control List (ACL) in Web Server 7.0 grants the list access right only to authenticated users. 


You can grant the list access right to unauthenticated users using the Admin Console or by editing the default.acl file. For more information on how to grant list access right, see Configuring Access Control in Sun Java System Web Server 7.0 Update 1 Administrator’s Guide.


Session replication enabled instances does not come up normally, if other instances in the cluster are not started.


After migrating the Java keystore keycerts using the migrate-jks-keycert command, trying to list the migrated jks keycerts using the list-certs command, displays the CN, org and other information instead of the certificate nickname.


While setting the SSL property using the wadm set-ssl-prop command, the server-cert-nickname property accepts any certificate nickname, instead of accepting only the server certificate nickname.


The set-session-replication-prop CLI command does not work if the 'node' option is provided with a qualified domain name.


Use the output of the list-nodes command for the valid names of the nodes in the set-session-replication-prop command.


Setting digestauthstate property through the set-authdb-prop CLI does not validate the value and allows to set junk value for this property.


Specifying "yes" at the wadm prompt crashes the CLI.


When you try to connect to the Administration Server after the administration certificates have expired, an incorrect error message is displayed.


The register-node command gives an incorrect error message when the Administration server runs out of disk space.


If no disk space is available on the device, wadm throws an incorrect error message "Unable to communicate with the administration server".


Executing the migrate-server command with both "--all" and "--instance" options does not result in an error.

A warning or an error message should be displayed indicating that the user is attempting the set mutually exclusive options. 


The Start Instances. button in the Admin Console is enabled for instance which is already running.

The buttons should be enabled or disabled based on the status of the instance. 


wadm allows you to define duplicate user properties.

Adding duplicate user properties does not show an error message; however, a new user property is not created. 


There is no provision to create new Access Control List (ACL) file using the Admin Console or the CLI.


On Windows, using an existing configuration, repeating the process of adding and removing the registered nodes causes validation failure.


Clicking on the Version button in the Admin Console result in “file not found” warning in Administration error logs.


MIME Types allows MIME value with multibyte characters.


Text in Access Control List page is not formatted.


User can be switched between `available' and `selected' lists in ACE even though the user is deleted from the authentication database.


No warning is issued before the deletion of key or the digestfile authentication database.


When a single user in group is deleted, an incorrect message “Group Saved Successfully" is displayed.


Administration Interface allows you to create a new user with multi-byte User ID in the keyfile authentication database.


User and Group table in the Admin Console displays the entire result in a single page.


Labeling of the Request Certificate and Install buttons in the Admin Console Create Self-Signed Certificate page needs to be revised.


Add and Remove buttons are enabled in new ACE window even if no items are present in the `Available' list.


Admin Console truncates the display of server logs at 50 lines or 2 pages.


No validation exist to check the entry of wrong country code in the certificate request wizard.


In the Admin Console, no text field description is provided for virtual-server, authdb, dav collection, and event fields .


Admin Console shows wrong JDK version while creating a new configuration.

The JDK version displayed in the Admin Console is 5.0 u6 instead of 5.0 u7. 


Style formatting is lost after restarting the Administration Server from Nodes -> Administration Server General tab.


Attempting to access the Admin Console in another tab of the same browser does not work.


View Log displays result in a single page.

Although the search criteria selected for record size is 25 log entries, the log displays the results in one single page even if there are more than 50 log entries. 


Token mismatch error is displayed when you remove the token password and then reset it in the Common tasks -> Select configuration -> Edit configuration -> Certificates -> PKCS11 Tokens page.


The Virtual Server Management->Content Handling->Document Directories->Add should have a browse option to choose the path of a additional document directory.


Message displayed about WebDAV collection locks in the Admin Console is misleading.

If you specify the time-out value for the WebDAV collection as infinite, the Common Tasks->Select Configuration ->Select Virtual Server->Edit Virtual Sever ->WebDAV->Select collection page displays the message DOES NOT EXPIRE. What it actually means is that the lock does not expire automatically after a specified time or the time-out is infinite.


Incorrect error message is displayed on setting empty token password using the `Set passwords' button.


Admin Console displayed incorrect failure messages on certificate creation and deletion.


Instance fails to restart if you try to edit a token password and deploy a configuration on an instance which is already running.


The Admin Console displays an exception when you delete a configuration and click on the Migrate button.


The Admin Console Review screen in wizards should only show fields that have values.


During migration, the log-dir path permission is not validated.


The Results page in all Admin Console wizards should be aligned properly.


Cannot log in through the Administration CLI if the administration password has extended ASCII characters.


The error-response file name should be validated.


Inconsistent behavior while starting an unregistered administration node.


Administration server starts with expired certificate; wadm should warn about expired certificates.


The create-instance command fails on remote node intermittently and logs HTTP 400 error.


The unregister-node command should also clean up certificates on the administration node.


WebDAV lock CLIs do not work in a cluster environment.


Multiple installations of the administration nodes on the same node that is registered to the same administration server should be not be allowed.


Accessing the administration node URL results in Page Not Found error.

As the administration node does not have a GUI, accessing the administration node URL results in Page Not Found error.


The default server.xml should not contain the <stack-size> element.


No validation for class path prefix and suffix, and native library path in JVM Path Settings in Java.


The server.xml elements should be grouped based on functionality.


Exception in administration error logs on creating new configuration with instance.


Web Server should store its pid file and UNIX domain sockets in /var/run instead of /tmp.


On Windows. Administration server moves the Web application files physically before stopping the Web application.


Executing the create-instance command immediately after starting a remote node fails on the remote node.


View server logs page throws error if the access log format is not in Common Log Format (CLF).


The Admin Console misleads user with "Instance modified" message when runtime files gets created in the config directory.


Trust store does not deleted on uninstalling the administration node after unregistering it with the administration server.


The list-cert command does not list the certificates if the certificate nickname contains a colon.


Changes made to the JavaHome property does not get saved after restarting the instance.


<pkcs11> element not removed from server.xml even when child elements are absent.


<pkcs11/> added to server.xml when token pin is set.


No obvious way to reset the administration server password.


  1. Comment out the security-constraint in install_dir/lib/webapps/jmxconnectorapp/WEB-INF/web.xml.

  2. Restart the Administration Server.

    This action turns off the authentication on the administration server.

  3. Set the administration password by using the set-admin-prop command.


[JESMF CONFORM] CP when stopping should call MfManagedElementServer_stop().


Need better validation in certain text fields to prevent obj.conf file corruption.

Most of the functional validation of the data in a form is done in the back end. The GUI has only minimal checks such as empty fields, integer values, and ASCII values. Hence, the GUI stores the data in the obj.conf when parsed gets corrupted .


Admin Server does not time-out if the server instance restart does not respond.

On UNIX systems, the Administration Server waits until the server instance is restarted when the restart-instance command is executed. If the instance is not successfully restarted, the Administration Server does not respond to requests.


Executing the restart-admin command followed by the stop-admin command throws exception in administration error logs.


SNMP master agent process fails to start on Web Server


Changing the tcp_xmit_hiwat value to a higher value like 262144 , peer SNMP master agent functions properly. Type the following command to change the tcp_xmit_hiwat value.

# ndd -set /dev/tcp tcp_xmit_hiwat 262144


Cannot edit WebDAV collection properties through the Admin Console

When a configuration is deployed on multiple nodes, the lockdb path must be a shared location mounted on the same path on all the nodes. Additionally, to list or expire locks in the lockdb from the Admin Console, the same path must be writable from the Administration Server.


On Windows, wdeploy command fails if older version of libnspr4.dll is found in the system32 directory.


Before calling Java, edit the wdeploy.bat file that is available in install_dir/bin directory. Change the path of the Java directory to install_dir/lib directory. This modification makes Windows look for libnspr4.dll in the install_dir/lib directory before it looks in system32 directory.


The add-webapp command when used with JSP pre-compilation option does not delete the previously precompiled JSP files.


The Admin Console or the Admin CLI does not provide support to add CA certificates to the Administration Server.


On Windows, the Admin Console intermittently fails to come up.


  1. This problem is seen on Windows 2003 if you have "Internet Explorer Enhanced Security Configuration" enabled.

  2. To access the Admin Console without disabling Enhanced Security feature, include the site in the list of trusted sites explicitly on the browser.

  3. Go to Control Panel > Add/Remove Programs > Add/Remove Windows Components.

  4. Deselect the check box next to Internet Explorer Enhanced Security Configuration.