Sun ONE logo    
Release Notes for Sun ONE Web Server 6.0 Service Pack 4 - AIX Platform
816-6372-10
Updated: December 16, 2002



Release Notes for Sun(TM) Open Net Environment (Sun ONE) Web Server- AIX Platform

Version 6.0 SP4

This release of Sun™ Open Net Environment (Sun ONE) Web Server 6.0 Service Pack 4 can be installed on the AIX platform. It contains a host of new features, and two important security vulnerability fixes. All users of iPlanet™ Web Server (iWS) version 4.1 are strongly encouraged to migrate to Sun ONE Web Server, Enterprise Edition 6.0 SP4 immediately.

For operating system version details, refer to the table Sun ONE Web Server 6.0 SP4 Platform Support for AIX in these release notes.

These release notes contain the following sections:

New Features in Sun ONE Web Server, Enterprise Edition Version 6.0 SP4

Sun ONE Web Server, Enterprise Edition 6.0 SP4 offers the following new features:

Performance Enhancements

Sun ONE Web Server, Enterprise Edition 6.0 SP4 has enhanced performance in the following areas:

  • Keep-alive handling — The keep-alive subsystem has been enhanced to now handle thousands of persistent connections.

  • File caching — File caching support now provides improved performance and scalability.

Security Enhancements

Sun ONE Web Server, Enterprise Edition 6.0 SP4 includes security enhancements described in the following sections:

SSL

Sun ONE Web Server, Enterprise Edition 6.0 SP4 features improved SSL performance and simplified server certificate acquisition from VeriSign.

Digest Authentication

Added support for digest authentication as defined in RFC 2617. Digest authentication is used in conjunction with the iPlanet Directory Server 5.0 as an access authentication method that avoids passing the user name and password over the network in an unencrypted form.

Sun ONE Web Server currently provides support for Quality of Protection (QOP)= auth and algorithm = MD5 only.

Single Sign-on Across Multiple Web Applications with FORM Login

Sun ONE Web Server, Enterprise Edition 6.0 SP4 allows single sign-on across multiple web applications using FORM login configuration. You can enable this feature in two ways.

Configuring a session manager at the virtual server level

This is the easiest approach, but the session and session attributes are shared across all applications. Example:

<vs>
<!-- configure a VS-level session manager -->               <session-managerclass='com.netscape.server.http.session.IWSSessionManager'>
<init-param>
<param-name>maxSessions</param-name>
<param-value> 1024 </param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value> 8 </param-value>
</init-param>
<init-param>
<param-name>timeOut</param-name>
<param-value> 300 </param-value>
</init-param>
</session-manager>
</vs>

Configuring a virtual-server form-login session manager in a separate HTTP session

In this case, all form-login sessions are created using this VS-wide form-login session manager, and the container uses a separate cookie to track the sessions. These sessions are available across all applications within the virtual server.

The VS-wide form-login session manager is created when a form-login-session element is present under the vs element in the server-id/config/web-apps.xml file. You can customize the underlying session manager, cookie name, and the session timeout using the form-login-session element. Example:

<vs>
<!-- configure form login session timeout to 300 secs (5 min), with
MMapSessionManager -->
<form-login-session timeOut="300">
<session-managerclass='com.netscape.server.http.session.MMapSessionManager'>
<init-param>
<param-name>maxSessions</param-name>
<param-value>10000</param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>8</param-value>
</init-param>
</session-manager>
</form-login-session>
</vs>

The advantages of configuring a virtual-server form-login session manager in a separate HTTP session are:

  • The form-login session manager can be different from the per-web application or VS-wide session manager.

  • Session data is not shared across web applications when single sign-on is enabled, since a separate session manager is used for FORM login.

  • The user principal is not available as a session attribute, since it is stored in a private session.

The drawbacks of configuring a virtual-server form-login session manager in a separate HTTP session are:

  • Session tracking via URL does not work; only cookie tracking is supported.

  • Per-web application session timeout and session cookie configuration are not supported by the form-login session

    • You cannot implement logout using session.invalidate().

Enhanced Virtual Server Support and Virtual Server Report Generation

Sun ONE Web Server, Enterprise Edition 6.0 SP4 now has full support for host-based ("software") and IP-based ("hardware") virtual servers. You can mix and match SSL and non-SSL virtual servers within a server instance, and a given virtual server can accept both SSL and non-SSL connections simultaneously. These virtual servers can have their own ACL files, user databases, and log files. Virtual server classes facilitate the administration of a large number of virtual servers that share the same configuration.

Sun ONE Web Server, Enterprise Edition 6.0 SP4 also provides a user interface that allows you to generate reports for specific virtual servers. You can access this page from the Logs tab of the Virtual Server Manager.

J2EE™ Web Container Support

Sun ONE Web Server, Enterprise Edition 6.0 SP4 is fully compliant with Java™ 2 Platform, Enterprise Edition (J2EE™ platform), with support for:

  • Full JSP 1.1 and Servlet 2.2 compliance

  • WAR file deployment

  • Standard and custom tag libraries

  • JSP pre-compilation

Support for Session-Aware Load Balancing and Failover

Sun ONE Web Server, Enterprise Edition 6.0 SP4 provides improved service availability to server farm (or cluster) configurations with off-the-shelf, session-aware front-end load balancers and session data failover.

  • Session-Aware Load Balancing

    • You can implement sticky sessions by prefixing the name of the server host that generated the session to the JSESSIONID (the Servlets 2.2 API standard session cookie name). This enables the front-end load balancer to do sticky load balancing, such as forwarding future requests to the same host that generated the session.

  • Session-Aware Failover

    • You can configure Sun ONE Web Server, Enterprise Edition 6.0 SP4 so the session data and attributes are persistent on a backend store. This improves availability by enabling an alternate server to take over requests. Sun ONE Web Server, Enterprise Edition 6.0 SP4 includes two kinds of persistent stores that help session fail-over:

    • JdbcStore

    • FileStore

Improved User Interface

Sun ONE Web Server, Enterprise Edition 6.0 SP4 provides an improved user interface with the following features:

  • Magnus Editor

    • The Magnus Editor allows you to edit server-wide initialization parameters in the magnus.conf file through the user interface. The Magnus Editor is located on the Preferences tab in the Server Manager.

  • Class Manager

    • The new Class Manager interface allows you to configure virtual servers and classes of virtual servers. You can bring up the Class Manager page in two ways:

    • Selecting the Class Manager link at the top of the Server Manager page.

    • Selecting the Virtual tab in the Server Manager, selecting the Edit a Class page, and selecting a class from the list.

      • After changing a configuration in the Class Manager, you can apply the changes without restarting the server (see New Dynamic Reconfiguration).

  • .htaccess Configuration

    • You can now configure .htaccess  from the user interface. Additional improvements include:

    • Custom authentication modules supported

    • <LimitExcept> tag support added

    • Network mask handling improved

    • Custom HTTP methods supported

Web Application Deployment and Management

You can deploy web applications from the user interface as well as from the command line using wdeploy. New user interfaces have been added to the server manager to facilitate:

  • Web application deployment on a local machine or remote server machine

  • Web application editing for a virtual server

Enhanced Configuration Setup

Sun ONE Web Server, Enterprise Edition 6.0 SP4 simplifies configuration tasks, and provides greater configuration control. It includes the following enhancements:

server.xml

The new server.xml  file records virtual server configuration information in an XML format. Listen sockets, virtual server classes, and virtual servers, and the relationships between them, are all defined in server.xml.

New Dynamic Reconfiguration

Dynamic reconfiguration is a new feature in Sun ONE Web Server, Enterprise Edition 6.0 SP4 that allows you to make configuration changes to a live web server without having to stop and restart the web server for the changes to take effect. You can dynamically change all configuration settings and attributes in server.xml  and its associated files without restarting the server. To install a new configuration dynamically, click the Apply link and then click the `Load Configuration Files' button on the Apply Changes Page. If there are errors in installing the new configuration, the previous configuration is restored.

magnus.conf Directive Enhancement

The magnus.conf directive KeepAliveQueryMeanTime can be used to tune keep-alive subsystem performance. KeepAliveQueryMeanTime specifies the desired keep-alive latency in milliseconds. The default value of 100 is appropriate for almost all installations. Note that CPU usage will increase with lower KeepAliveQueryMeanTime  values.

A magnus.conf directive ServerString has been added to allow administrators to change the Server  header in a response. An empty string, "", will cause the header to not be sent at all. Example:

ServerString "My Server ver. 1.0"

web-apps.xml Data Type Descriptor

Sun ONE Web Server, Enterprise Edition 6.0 SP4 allows you to enable or disable a web application. You can do so in either of the following ways:

  • Using the Application GUI: If you have already deployed a web application, select the Virtual Server instance that is running the application, and click Manage. Select the Web Applications tab, and click Edit Web Applications. From the Web Application State drop-down menu, choose from the options provided: Enable, Disable, and Delete.

  • At the web-apps level: By default, an application is automatically enabled with the value set to true in the server-id/config/web-apps.xml file. You can disable the application by setting the value to false.

    • Example:

    <web-app uri="/catalog" dir="/export/apps/catalog" enable="false">

    </web-app>

    For information on Sun ONE Web Server, Enterprise Edition 6.0 DTD, see:

    http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd

Templatized Installation for Multiple Machines

You can install Sun ONE Web Server, Enterprise Edition 6.0 SP4 on multiple machines using templatized installation. To use templatized installation, enter the installation settings for each remote machine in a template file called template.inf. You can then use the template to install the web server on multiple machines from a single session on your local machine. The template.inf file is found in the same directory as the setup program.

To set up templatized installation on AIX, make sure that the rsh service is running on the destination machine, and do the following:

  1. Login as root.

  2. Launch the system administration screen by typing the following command at the command line:

    3. smitty

  3. Select Communications Applications and Services -> NFS -> Network File System (NFS) -> Add a Directory to Exports List, and enter the pathname of the directory to be exported.

  4. You now need to add a file system for mounting. To do so, select Communications Applications and Services -> NFS -> Network File System (NFS) -> Add a File System for Mounting, and edit the following entries:

    • pathname of mount point

    • pathname of remote directory

    • host where remote directory resides

  5. Edit the template.inf file in the directory where setup resides, to configure the setup location and other installation details.

  6. Start templatized installation by running the Installation Wrapper that is bundled with Sun ONE Web Server, by executing the following command:

    7. ./installWrapper -f template.inf

For more details on templatized installation, see the iPlanet Web Server, Enterprise Edition 6.0 Installation and Migration Guide.

JDK™ 1.3.1 Support

Sun ONE Web Server, Enterprise Edition 6.0 SP4 works with JDK™ 1.3.1 on AIX.

Command Line Administration Tools

Sun ONE Web Server, Enterprise Edition 6.0 SP4 offers command line support for:

  • Virtual server administration

  • Certificate and key management

  • Web application deployment

Role Mapping Support

Sun ONE Web Server, Enterprise Edition 6.0 SP4 supports roles if the underlying LDAP server supports roles. If you wish to authenticate roles, you need to add the following to the server-id/config/web-apps.xml file:

<role-mapping map-to="role"/>

For more information about role authentication provided by iPlanet Directory Server 5.0 SP1, see:

http://docs.sun.com

Support for Arbitrary Custom Headers

In Sun ONE Web Server, Enterprise Edition 6.0 SP4, the set-variable SAF (Server Application Function) can be used to add custom headers to the server's HTTP responses. For example, consider the following server-id/config/obj.conf directive:

AuthTrans fn="set-variable"
insert-srvhdrs="P3P:policyref=\"http://hostname/P3P/policy.xml\""

This directive instructs the server to add the following HTTP header to each response:

P3P:policyref="http://hostname/P3P/policy.xml"

Support for Response Header Encoding

Sun ONE Web Server, Enterprise Edition 6.0 SP4 supports two byte character response header encoding in HTTP header and plugin programs.

Sun™ ONE Studio 3.0 Support

Sun ONE Web Server 6.0 SP4 supports Sun ™ ONE Studio 3.0 (formerly, Forte™ for Java™ 3.0). Sun ONE Studio 3.0 software is Sun's powerful, extensible, integrated development environment (IDE) for Java technology developers. It is based on the NetBeans™ Tools Platform, and it is integrated with the Sun Open Net Environment (Sun ONE). For more information and documentation on using Sun ONE Studio 3.0, please visit:

http://www.sun.com/software/sundev/previous/ffj/

PHP Compatibility

Sun ONE Web Server 6.0 SP4 is compatible with PHP, the versatile and widely-used Open Source general-purpose Web scripting language that allows server-side scripting, command line scripting, and client-side GUI scripting. PHP runs on AIX and all other major operating systems. The following section provides PHP-specific installation and configuration information:

Installation Instructions

For installation and configuration information that is specific to the Sun ONE Web Server installs of PHP, refer to the following:

http://www.php.net/manual/en/install.netscape-enterprise.php

For general installation instructions, see:

http://www.php.net/manual/en/installation.php


Note

To configure PHP smoothly on the AIX platform, complete the following steps:

  1. Ensure that the location of the compiler file makeC++SharedLib on your system matches the path specified in the relink_36plugin  script, available in the following location: <server-root>/plugins/nsapi/examples/relink_36plugin

  2. Relink the <server-root>/bin/libphp4.so  file using the relink_36plugin  script. This will create a file named libphp4.so.new

  3. Rename the newly created libphp4.so.new  file to libphp4.so

  4. Make the necessary configuration changes to the magnus.conf, obj.conf  and  mime.types  files as specified in http://www.php.net/manual/en/install.netscape-enterprise.php

    5. Note that the configuration information in this site is accurate for iPlanet Web Server 4.x. For iPlanet Web Server 6.0 and above however, you need to make the specified changes to the Init function in the server-id/config/magnus.conf file, and not the server-id/config/obj.conf file

  5. Restart the server instance.

For more information on PHP, see the following sites:

Changing HTTP Versions

Use the following methods to downgrade the HTTP version to 1.0:

  • To downgrade requests for Microsoft Internet Explorer to HTTP/1.0 version, add the following to the obj.conf file:

    • AuthTrans fn="match-browser" browser="*MSIE*" http-downgrade="1.0"

  • To downgrade all requests to HTTP/1.0 version, add the following to the magnus.conf  file:

    • HttpVersion 1.0

Required Patches

Ensure that you are running a complete installation of AIX, including the latest update and maintenance patches.

  • AIX 4.3.3: Patches 01 to 08 are required.

  • AIX 5.1: Patches 01 to 02 are required.

JRE/JVM Versions

The following versions of JRE and JVM for AIX are bundled with Sun ONE Web Server, Enterprise Edition 6.0 SP4:

Table 1    JRE and JVM Information

Platform

JRE /JVM /JIT Version

Comments

AIX

Java version 1.2.2 Classic VM (J2RE 1.2.2 IBM build ca122-20001206 (JIT enabled: jitc))

None

Installation and Migration Information


Note

When you install Sun ONE Web Server 6.0 SP4 over an existing installation of Sun ONE Web Server, the installer automatically detects and carries out the upgrade.

The following table summarizes the platform support for AIX:

Table 2    Sun ONE Web Server 6.0 SP4 Platform Support for AIX

Vendor

Architecture

Operating System

IBM

PowerPC

IBM AIX 4.3.3, 5.1*

* supported via binary compatibitity. For more information on binary compatibility issues, see:

http://www-1.ibm.com/servers/aix/os/compatibility/index.html

Migration Issues

AIX users must migrate their existing 4.x version of iPlanet Web Server to Sun ONE Web Server, Enterprise Edition 6.0 SP4.

Resolved Issues

This section lists issues resolved in this release of Sun ONE Web Server, Enterprise Edition 6.0 SP4.

Problem 4713024. Search engine arbitrary file disclosure vulnerability.

As of Sun ONE Web Server, Enterprise Edition 6.0 SP4, you cannot use the search pattern ".." in either a URL or in the path of a pattern file.

Problem 4707395. DOS:Transfer encoding bug.

The security problem due to buffer overflow with chunked encoding has been resolved in Sun ONE Web Server, Enterprise Edition 6.0 SP4.

Problem 4638330. Possible vulnerabilities reported on security advisor on SNMP.

Sun ONE Web Server 6.0 SP4 has been enhanced to provide robust and secure SNMP trap handling and request handling support. For more details, see the following Cert Advisory number:

CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP).

Problem 4674755. Buffer overflow issues with iws6.x.

Buffer overflow issues with the Search functionality have been resolved in Sun ONE Web Server 6.0 SP4.

Known Problems and Solutions

This section lists known problems with this release of Sun ONE Web Server, Enterprise Edition 6.0 SP4. Information is organized into the following areas:

General

Problem 4693559. Invalid "Feedback" link in instance default home page.

Workaround

Send feedback on Sun ONE Web Server, Enterprise Edition 6.0 SP4 to:

http://www.sun.com/service/support/software/iplanet/index.html

Problem 4652585. Enabling distributed admin disables the local admin user in 6.0.x.

Workaround

Before enabling distributed administration, create a user with the name and password of the local superuser (the user name and password you specified during installation), and add it to the distributed administration group.

Problem 4659434. web-apps allows URI to be created as /search.

Workaround

Do not use reserved URIs to deploy web applications; for example, because /search is a reserved URI, do not use it as a URI for deployment, otherwise you will not be able to access the Search functionality. For a list of reserved URIs, see the obj.conf  file directives in the iPlanet Web Server 6.0 NSAPI Programmer's Guide.

Problem 4658415. Large stack size causing problems with JVM in JDK 1.3.

Workaround.

Because stack size requirements of different JDK versions are different, if you are using a JDK version that is different from the default JDK bundled with Sun ONE Web Server, Enterprise Edition 6.0 SP4, you might experience stack overflow problems. In case you do, edit the StackSize directive in the server-id/config/magnus.conf  file to modify the stack size for the request handling thread. The stack size limits for JDK 1.3.1 are as follows:

  • JDK 1.3.1

    • Minimum allowed stack: 64 k

    • Default stack size: 512 k

Problem 4618374. iWS unnecessarily decodes cookies passed between the client and the server.

Workaround

To prevent default cookie encoding, change the value of the context.global.enableCookieEncoding property in the server-root/server-instance/config/contexts.properties file to false.

Problem 4637844. Cannot login to admin server, when run as non-root.

Workaround

If you need to run the admin server with a non-root userid, invoke setup with the same userid.

Problem 4551032. LDAP auth succeeds but ACL fails when presented credentials contain whitespace.

Workaround

During login, ensure that your username does not contain any white spaces, otherwise the authentication attempt will fail and an error will be logged in the server's /logs/errors  file.

Problem 554092. VS Command line: Should Add an Option for Accept Lang on/off When Creating VS CLASS.

A new optional parameter, acptlang, has been added for creating a virtual server class. You must add [-acptlang] to the command line to enable accept language header parsing for your server. The default is `off' if this parameter is not added.

Problem 549203 (Unix only). Setuid Cgistub Shouldn't Allow Execution of Root-owned Binaries.

The set-user-ID-on-execute (suid) Cgistub  will not allow a non-root user to execute programs owned by root. This change enhances the security of the suid Cgistub system.

Workaround

Log in as `root' and perform the following steps from a command line to modify the suid Cgistub for instance https-instance in server root server_root:

  1. Change to the instance directory:

    2. cd server_root/https-instance

  2. Stop the server

    3. ./stop

  3. Change to Cgistub's private directory

    4. cd private

  4. Allow root to write to the private directory

    5. chmod 700

  5. Tell Cgistub to trust programs owned by user 0 (root)

    6. ./Cgistub -s "trusted_uid 0"

  6. Disallow writes to the private directory

    7. chmod 500

  7. Change to the instance directory

    8. cd ..

  8. Restart the server

    9. ./start

Loading More Than 1000 Virtual Servers Slows Performance.

Adding more than 1000 software virtual servers under one class slows the loading of the Class Manager Members page.

Problem 517789. Deleting Class From Virtual Server Does Not Delete Entry From obj.conf File.

When a virtual server class is deleted from the Server Manager, Virtual Server Class, the obj.conf file still shows the deleted class. However, the class is removed from the user interface and from the server.xml file.

Workaround

Manually remove the deleted class from the obj.conf file.

Problem 538947. Use of conf_getglobals() in NSAPI Init Functions.

The following is an issue for NSAPI plug-in developers or for users of third party NSAPI plug-ins that have not been certified with iWS 6.0 by their developers.

  1. If you are the developer of an NSAPI Init function, here is the technical information needed to check if your plug-in suffers from this problem and if so, how to correct it:

    2. The use of the NSAPI conf_getglobals() function, or the various macros in the nsapi.h header file that refer to conf_getglobals(), is not recommended within NSAPI Init functions in iWS 6.0. conf_getglobals() can only return the properties of a single virtual server. In iWS 6.0, a single web server may have many virtual servers defined with completely distinct properties, such as port, hostname, and security. Also, the configuration of any virtual server in iWS 6.0 can dynamically change over time. Therefore, a plug-in should not attempt to retrieve and store the server configuration information during NSAPI Init time, but rather retrieve the configuration in an ephemeral way during request processing time, when the server configuration information is actually needed (e.g., to build links in a dynamic web page).

    The default behavior of conf_getglobals(), if called during Init in iWS 6.0 is to leave the following fields initialized with a default value (e.g., 0 , NULL): Vport, Vaddr, Vserver_hostname, Vsecurity_active, Vssl3_active, Vssl2_active, and Vsecure_auth. If your Init function relies on the values of these global fields but does not have error checking, it could crash and prevent the web server from coming up; or it could cause crashes at a later time if these null values are saved and later reused in other plug-in functions.

    If you are currently calling conf_getglobals() in your Init function, you should modify your code to eliminate any such calls. This will ensure proper operation of your plug-in in iWS 6.0 when multiple virtual servers exist. The conf_getglobals() NSAPI function will only return the proper values corresponding to the connection and virtual server on which the request was made if called during an NSAPI request processing phase - e.g., during an NSAPI AuthTrans, NameTrans, Service, or other NSAPI request processing phases.

    iWS 6.0 supports a compatibility mode for older plug-ins suffering from this problem. As noted in the user section, it requires the NSAPI Init functions to be marked as LateInit. When called from a LateInit  Init function, conf_getglobals()  will return the properties of the default virtual server of the default connection group of the legacy listen socket. In terms of the new XML configuration attributes, this means that conf_getglobals()  now returns the properties of the defaultvs  of the defaultgroup  of the legacyls  of the SERVER. It is recommended that the server should only have that single virtual server defined in this case to ensure consistent server and plug-in operation.

  2. If you are the user of an NSAPI Init function of a plug-in developed by a third party, you should contact the plug-in developer to find out if it is compatible with iWS 6.0 based on the technical information for developers stated in 1. Many Init functions will not be affected and are expected to continue to function unmodified with iWS 6.0, however, the determination of compatibility and possible need for an update should be made by the plug-in developer.

    3. If your plug-in vendor does not certify their Init function for use with iWS 6.0, and the function is found to suffer from the specific programming problem described in 1., you may work around the problem if:

    • you only have a single listen socket, connection group, and virtual server in your iWS instance.

    • you configure the problem Init function as LateInit in magnus.conf. This is done by adding the LateInit = yes argument to the Init line.

    • you do not dynamically reconfigure the server after it is started.

    If the above conditions are met, the Init function will be executed in an NSAPI context compatible with previous releases of iWS where only a single virtual server exists, and where this problem will not occur.

Problem 540506. TempDir Must be on Local File System.

For the magnus.conf TempDir directive, the TempDir directory must be located on a local file system in order for the server to function correctly. If the TempDir directory is on an NFS mount, the server may fail to function correctly.

Problem 542243. Couldn't Update Latest Data on UI Using IE 5.0.

When using Micosoft's Internet Explorer web browser, version 5.0 is supported for end users only. For administrators, changes to the Sun ONE Web Server Administration Server configuration can be saved only when using Internet Explorer version 5.5.

Problem 544452. A Change Made to Edit Listen Sockets Groups page Does not Allow Another Change to the Edit Listen Sockets Page.

When editing a Connection Group Settings value from the Edit Listen Sockets Groups Page, a server update occurs when the OK button is pressed. Following this, if you go to Edit Listen Sockets page again and change another property, such as the Security value from Off to On, then click OK, an error message may appear that states, `Please refresh your screen, data update by another user.' The Security value has not changed.

Workaround

To change a property on the Edit Listen Sockets page after changing a property on the Edit Listen Sockets Groups page, click the OK button twice to effect the change.

Problem 544504. Load Configuration Files Button Should be Disabled When There are Changes in magnus.conf.

After administrative actions lead to changes in magnus.conf (e.g., enabling Search capabilities), the Load Configuration Files button cannot be used.

Workaround

Use the Apply Changes button to load the changes applied to magnus.conf.

Problem 545420. Add Certificate (or Replace Certificate) Page Help Button is Linked Incorrectly.

After installing a certificate and clicking OK, the Add Certificate page (or Replace Certificate page) appears. Clicking the Help link here takes you to the wrong area: Add Certificate Revocation List Page, instead of Add Other Certificate page.

Problem 545727. Help Button from Compromised Key List (CKL) Page is Linked to Help for Certificate Revocation List (CRL) Page.

From the add CRL/CKL link, you can select the CKL file to display the ADD Compromised Key List page. The Help button on this page is linked to help for the CRL page.

Workaround

Scroll down the help window until you see the help for `Add CRL.'

Problem 560821 (NT only). SSL: ncipher GUI Does Not Show on Admin UI Under Security Section.

This problem shows up inconsistently and will be addressed in a future release.

Java and Java Servlets

Problem 556917. JSP: <jsp:include page="*.html" flush="true" /> Throws Exception If Using With POST Method.

Workaround

POST method is permitted on static content by default.

Problem 555814. Web Deploy GUI: Internal Error When User Re-enters "empty" for URI.

If you have only one web application deployed, and you are trying to edit the URI, the URI cannot be empty.

Problem 548362. JDK1.3.1:jvm12.conf: Server Doesn't Start with Default Min/MaxHeapSize.

Workaround:

Set the minHeapSize to 3.5 M and maxHeapSize to 64M.

Problem 552063. (NT and W2K only) wdeploy: Can't Run wdeploy Command.

Workaround

Ignore the following error message when using the commandline tools wdeploy and HttpServerAdmin: "A nonfatal internal JIT (3.10.107(x)) error 'Relocation error: NULL relocation target' has occurred in: 'org/apache/crimson/parser/Parser2.maybeComment (Z)Z': Interpreting method. Please report this error in detail to:

http://java.sun.com/cgi-bin/bugreport.cgi.

Problem 547740. JDK1.3.1: Configuring iWS for Debugging Servlets and JSPs.

Workaround:

Please refer to JDK 1.3.1 debugging documentation:

You will need to configure Sun ONE Web Server 6.0 SP4 to use JDK instead of JRE before you can debug.

On Unix platforms only, make the following changes to the start-jvm script in the https-admserv directory:

  1. Add ${NSES_JDK}/lib/$arch substituting $arch with the appropriate string corresponding to the machine you are running on, for example sparc for SPARC boxes, to the end of the NSES_JRE_RUNTIME_LIBPATH variable.

  2. Make the following changes have to jvm12.conf:

    1. jvm.enableDebug=1

    2. java.compiler=NONE

    3. jvm.option=-classic

    4. jvm.option=-Xnoagent

    5. jvm.option=-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=<port> where <port> should be replaced by an arbitrary unused port number to which the debugger will connect, such as address=5000

  3. Start the iPlanet Web Server.

  4. Connect to the web server using jdb specifying the port number configured above.

    5. jdb -attach <port>

    for example: jdb -attach 5000

You are now ready to debug your servlet or JSP.

AIX-Specific Information

This section describes platform-specific known problems and workarounds for the AIX platform.

To monitor server activity with the Simple Network Management Protocol (SNMP) on Sun ONE Web Server 6.0 SP4, use the native SNMP master agent available on the AIX platform, and not the SNMP master agent that is bundled with Sun ONE Web Server 6.0 SP4.

Refer to the section Reconfiguring the SNMP Native Agent in the iPlanet Web Server, Enterprise Edition Version 6.0 Administrator's Guide, for more information on running SNMP on AIX.

Corrections to Documentation

Problem 4607112. After Cipher Default, SSL2, or SSL3 alg selection, web server won't start.

The "Selecting Ciphers" section of the iPlanet Web Server Administrator's Guide Version 6.0 omits to mention that irrespective of any changes made to the security settings of the Listen Socket, clicking the Cipher Default link configures the server with default cipher settings.

Problem 4629790. ADM:i18n: Latin1(ISO-8859-1) instance names are not displaying properly on JA-NT.

The Server Identifier used by the Administration Server to identify a server instance must be specified using ASCII and not Latin-1 characters.

Problem 4622241. DOC: admin and iWS do not require the same group.

The user you use to run the Sun ONE Web Server should, but not necessarily must, be in the same group as the user you use to run the Administration Server. The iPlanet Web Server 6.0 Installation and Migration Guide incorrectly specifies this as a mandatory requirement.

Problem 4550934. importCore doesn't migrate Init directives that span lines.

The iPlanet Web Server 6.0 Installation and Migration Guide omits to mention that during migration, multi-line Init directives are compressed to single-line directives in the server-id/config/magnus.conf file

Problem 4535864. Chapter 15 Deploying Web Applications doc error.

In Chapter 15 of the iPlanet Web Server Administrator's Guide Version 6.0, Step 5 under the section "Deploying Web Applications" should read as follows:

"Enter the absolute path to the directory on the server machine into which the contents of the WAR file will be extracted. If the directory does not exist, one will be created."

In the same chapter, the command parameter incorrectly specified as idirectory should read directory.

Problem 4537301. DOC: Steps for using the Solaris Network Cache and Accelerator fails.

In the iPlanet Web Server 6.0 Performance Tuning, Sizing, and Scaling Guide, the section "Using the Solaris Network Cache and Accelerator" omits to mention that if you are using a version of Solaris that is lower than Solaris 8 Update 5, you would need the following additional patches:

  • The recommended patch cluster for Solaris 8

  • Patch 109472-07

  • Patch 109234-05

Problem 4537391. NSAPI Programmer's Guide net_read documentation error.

The documentation for the net_read function in the iPlanet Web Server 6.0 NSAPI Programmer's Guide should read as follows: "The net_read function returns the number of bytes read, which will not exceed the maximum size, sz. A negative value is returned if an error has occurred."

Problem 4537696. Admin:Global|SNMP MA Community|Help: Wrong Operation Title.

In the online help, operations allowed for the SNMP Master Agent Community should read as follows: "Allow ALL Operations", "Allow GET Operations", and "Allow SET Operations."

Problem 4536922. With IE 5.x, clicking the Help button, in some cases, incorrectly links to the top of the help page.

Problem 4543590. DOC: Errors in Help file on Dynamic config.

The <Limit> directive in the section titled "Example of a .htaccess File" of the iPlanet Web Server Administrator's Guide Version 6.0 has been incorrectly documented. The text should read <Limit GET POST> instead of <Limit> GET POST, and <Limit PUT DELETE> instead of <Limit> PUT DELETE.

Problem 4651997. Docs imply that Microsoft FrontPage `00/'02 Server Extensions are supported.

The iPlanet Web Server Administrator's Guide Version 6.0 incorrectly states that the Sun ONE Web Server can be extended to support Microsoft FrontPage webs. Third-party server extensions that extend server-side support for Microsoft FrontPage webs are not supported by Sun ONE Web Server.

Problem 4682979. Cluster Management - Documentation for using variables in file transfer is inadequate.

The "Adding Variables" section in the chapter "Managing Server Clusters" in the iPlanet Web Server Administrator's Guide Version 6.0 does not adequately describe how variables are transferred within a cluster. The paragraph at the end of the specified section should read as follows:

"The variable must also be added to the server's configuration file you are transferring to the slave. For example, if you are transferring the variable port, the variable should be declared in a server configuration file, say server.xml, as shown below:

<SERVER legacyls="ls1" qosactive="no" qosmetricsinterval="30" qosrecomputeinterval="100" >

...

<LS id="ls1" ip="0.0.0.0" port="$port" security="off" acceptorthreads="1" blocking="no">

...

</SERVER>

You can set variables with different values for each slave in the configuration file. Once added, variables can also be edited and deleted using the drop-down Option list in the Add Variables page."

Problem 4687544. Cannot enable remote servlet debugging with JDK 1.3.1.

The instructions for remote servlet debugging as documented in the iPlanet Web Server 6.0 Enterprise Edition Programmer's Guide to Servlets require the use of JDK 1.2.

Problem 4691967. obj.conf mis-spelled as obj.con in the Cluster management help page.

The configuration file obj.conf has been incorrectly spelled as obj.con in the online help page for Cluster Management | Cluster Control.

Incorrect SNMP Configuration Instruction in Administrator's Guide.

In the iPlanet Web Server Enterprise Edition Version 6.0 Administrator's Guide, the section "Reconfiguring the SNMP Native Agent" in the chapter "Monitoring Servers" contains an incorrect configuration instruction intended for the snmpd.conf file. The instruction should read as follows:

smux ".1.3.6.1.4.1.1450" IP_address net_mask

Problem 560092. Correction to NSAPI Programmer's Guide.

By default, the server sends the requested file to the client by calling the send-file function. The directive that sets the default should read:

Service method="(GET|HEAD)" type="*~magnus-internal/*" fn="send-file"

Problem 555648. Core: Restore Configuration Fails to Restore web-apps version .1 and server.xml version.1 file.

Removal of the web-apps.xml column of Restore Configuration page in the Server Manager causes the online help for that page to be inaccurate.

Problem 555725. Changed Web Applications: No Clear Indication If Application is Enabled or Disabled.

A new column for `State' has been added to the `Edit Web Application' page of the Virtual Server Manager, which displays whether the installed application is `Enabled' or `Disabled', depending on the enable value (enable=TRUE/FALSE) in the web application file for that application (URI). This screen change is not reflected in the Administrator's Guide or online help.

Problem 556074. A Bug Against the Programmer's Guide.

The default value for StrictHttpHeaders  was changed from `on' to `off' in SP2b.

Problem 551651. A Bug Against the Programmer's Guide to Servlets.

Numerous chapters refer to themselves as "in this appendix."

Problem 555993. Incorrect Parameter Naming in Programmer's Guide to Servlets.

jvm.compiler found twice on page 52 under `Debugging Servlets and JSPs' is not a recognized parameter in VM. jvm.compiler  should read java.compiler.

Problem 556431. Duplication of Content in Administrator's Guide.

In the iPlanet Web Server Enterprise Edition Version 6.0 Administrator's Guide, the steps on page 234 `Configuring the SNMP Master Agent' are a duplication of `Installing the SNMP Master Agent' on page 230, and are inaccurate. The steps should read `Configuring the SNMP Subagent':

  1. From the Administration Server, select the server instance and click Manage.

  2. Select the Monitor tab.

  3. Select SNMP Subagent Configuration.

  4. (Unix only) Enter the name and domain of the server in the Master Host field.

  5. Enter the Description of the server, including operating system information.

  6. Enter the Organization responsible for the server.

  7. Enter the absolute path for the server in the Location field.

  8. Enter the name of the person responsible for the server and the person's contact information in the Contact field.

  9. Select On to Enable the SNMP Statistics Collection.

  10. Click OK.

  11. Click Apply.

  12. Select Apply Changes to restart your server for changes to take effect.

How to Report Problems

If you have problems with Sun ONE Web Server, Enterprise Edition 6.0 SP4 release, contact the following customer support site:

http://www.sun.com/service/support/software/iplanet/index.html

So that customer support can best assist you in resolving problems, please have the following information available:

  • Description of the problem, including where the problem occurs and its impact on your operation

  • Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem

  • Detailed steps on the methods you have used to reproduce the problem

  • Any error logs or core dumps

For More Information

For more information, refer to the following Internet locations:


Copyright 2002 Sun Microsystems, Inc. All rights reserved.