December 2006
These Release Notes contain important information available at the time of release of Version 6.0 Service Pack (SP) 11 of Sun ONE ™ (Open Net Environment) Web Server. Known issues and limitations, and other information are addressed here. Read this document before you begin using Web Server 6.0 SP11.
Web Server 6.0 SP11 supports the following platforms: AIX, HP-UX, Red Hat Linux and Red Hat Linux Advanced Server 2.1, Sun Linux, Windows and Solaris™ Operating Environment (Solaris OE). For operating system version details, refer to the section Web Server 6.0 SP11 Supported Platforms in these release notes.
Check the Web site prior to installing and setting up your software, and then periodically thereafter to view the most up-to-date release notes and manuals.
These release notes contain the following sections:
Features Supported in Web Server 6.0 SP11
Required Patches
Impact of US DST Changes 2007
JRE/JVM Versions
Installation, Upgrade, and Migration Information
Resolved Issues
Known Problems and Solutions
Platform-Specific Information
Corrections to Documentation
How to Report Problems and Provide Feedback
Additional Sun Resources
Third-party URLs are referenced in this document and provide
additional, related information.
Note: Sun
is not responsible for the availability of third-party Web sites
mentioned in this document. Sun does not endorse and is not responsible
or liable for any content, advertising, products, or other materials
that are available on or through such sites or resources. Sun will not
be responsible or liable for any actual or alleged damage or loss
caused by or in connection with the use of or reliance on any such
content, goods, or services that are available on or through such sites
or resources.
Web Server 6.0 SP11 offers the following features:
JDK™ Software Support
Sun™ ONE Active Server Pages Support
NSS 3.3.4.8 Support
NSPR 4.1.6 Support
LDAP SDK Support
VeriSign Support
Support for Sun Linux
Sun™ ONE Studio 3.0 Support
magnus.conf Directive Enhancement
Keep-Alive Subsystem Enhancement
Virtual Server Report Generation
Web Application Deployment and Management User Interface
Role Mapping Support
web-apps.xml Data Type Descriptor
Single Sign-on Across Multiple Web Applications with FORM Login
Localized Version Support
Support for Arbitrary Custom Headers
Support for Response Header Encoding
PHP Compatibility
Changing HTTP Versions
Modifying the Maximum Upload Size while Deploying a WAR File from a Remote Machine
Setting Up Java HotSpot™ Server Virtual Machine With JDK 1.3.1
Securing Access Control With Distributed Administration
This section outlines the JDK software support on Web Server 6.0 SP11.
Web Server 6.0 SP11 supports the 32-bit JDK 1.4.2_04 (supported via binary compatibility) software on the following platforms:
For details, see JRE/JVM Versions.
Web Server 6.0 SP11 supports the 32-bit JDK 1.4.1 software on the following platforms:
For details, see JRE/JVM Versions.
Web Server 6.0 SP11 supports the 32-bit JDK 1.4.0 software on the following platforms:
The specific version is indicated in brackets. See JRE/JVM Versions for more details.
For details, see JRE/JVM Versions.
For either JDK version, ensure that all the jar files specified in the default bootclasspath are included in the server-root /https-admserv/start-jvm file.
The default bootclasspath settings for different platforms are listed below:
For more information, see the Note on bootclasspath settings.
Web Server 6.0 SP11 supports JDK 1.4.1 or JDK 1.4.0 on AIX 5.1.
On AIX 5.1, you have to modify the start-jvm
due to changes in IBM JDK 1.4.0 and 1.4.1.
In the in server-root/https-admserv/start-jvm
change the line that reads:
NSES_JDK_RUNTIME_CLASSPATH=${NSES_JRE}/lib/ext/iiimp.jar:${NSES_JRE}/lib/i18n.jar:${NSES_JRE}/lib/rt.jar:${NSES_JDK}/lib/tools.jar:${NSES_JDK}/lib/dt.jar;export
NSES_JDK_RUNTIME_CLASSPATH
to the following:
For JDK 1.4.0:
NSES_JDK_RUNTIME_CLASSPATH=${NSES_JRE}/lib/ext/iiimp.jar:${NSES_JRE}/lib/charsets.jar:${NSES_JRE}/lib/core.jar:${NSES_JRE}/lib/graphics.jar:${NSES_JRE}/lib/security.jar:${NSES_JDK}/lib/xml.jar:${NSES_JRE}/lib/server.jar:${NSES_JDK}/lib/tools.jar:${NSES_JDK}/lib/dt.jar;
export NSES_JDK_RUNTIME_CLASSPATH
For JDK 1.4.1:
NSES_JDK_RUNTIME_CLASSPATH=${NSES_JRE}/lib/ext/iiimp.jar:${NSES_JRE}/lib/charsets.jar:${NSES_JRE}/lib/core.jar:${NSES_JRE}/lib/graphics.jar:${NSES_JRE}/lib/security.jar:${NSES_JRE}/lib/server.jar:${NSES_JDK}/lib/tools.jar:${NSES_JDK}/lib/dt.jar;
export NSES_JDK_RUNTIME_CLASSPATH
Note:xml.jar
should not be included in theNSES_JDK_RUNTIME_CLASSPATH
for JDK 1.4.1. If you includexml.jar
, server fails to start on JDK 1.4.1
JDK 1.4 is not supported on AIX 4.3.3
Sun™ ONE Active Server Pages (formerly, Sun™ Chili!Soft ASP) version 3.6.2 now supports the Web Server on the Solaris, Windows, Linux, and HP-UX platforms. Sun ONE Active Server Pages software is a server-side scripting and runtime environment for the cross-platform deployment of Active Server Pages (ASP or .asp) Web sites and Web applications.
Web Server 6.0 SP11 bundles Sun ONE Active Server Pages 3.6.2 on the following platforms:
A license is not required for Sun ONE Active Server Pages if you are installing to the Web Server.
The Sun ONE Active Server Pages installer is available in the /plugins/chilisoft directory in the Web Server 6.0 SP11 download. When you install Web Server 6.0 SP11, the Sun ONE Active Server Pages installer is written to the directory:
server_root/plugins/chilisoft/
NSS support in Web Server 6.0 SP11 is upgraded from NSS 3.3.4.7 to 3.3.4.8. NSS is a set of libraries designed to support cross-platform development of security-enabled server applications.
NSPR support in Web Server 6.0 SP11 has been upgraded to NSPR 4.1.6.
Web Server 6.0 SP11 supports Lightweight Directory Access Protocol (LDAP) Software Development Kit (SDK) version 5.08.
Web Server 6.0 SP11 supports VeriSign, the Certificate Authority (CA) system for issuing digital certificates throughout the enterprise. VeriSign, which uses the VICE protocol for simplifying the certificate request process, has the advantage of being able to return their certificate directly to your server.
Web Server 6.0 SP11 supports the Sun Linux 5.0 platform on Sun Linux systems. For more details, see Installation, Upgrade, and Migration Information.
Web Server 6.0 SP11 supports Sun™ ONE Studio 3.0 (formerly, Forte™ for Java™ 3.0). Forte for Java™ technology is Sun's powerful, extensible, integrated development environment (IDE) for Java technology developers. It is based on NetBeans™ software, and it is integrated with the Sun ONE platform.
Sun ONE Studio 3.0 support is available on the following platforms:
To use Sun ONE Studio 3.0 to debug remote Servlets on Solaris OE and Linux, make the following changes:
Solaris:
1) Edit the server-instance/start file to specify the following:
PRODUCT_BIN=ns-httpd
2) Edit the <server-id>/https-admserv/start-jvm file to point the NSES_JRE_RUNTIME_LIBPATH variable to ${NSES_JDK}/lib/sparc.
Linux:
1) Edit the <server-instance>/start file to specify the following:
PRODUCT_BIN=ns-httpd
2) Edit the <server-id>/https-admserv/start-jvm file to point the NSES_JRE_RUNTIME_LIBPATH variable to ${NSES_JDK}/lib/i386.
For information on remote debugging on the Windows platform, see iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets. For more information and documentation on using Sun ONE Studio 3.0, see http://www.sun.com/software/sundev/previous/ffj.
A number of enhancements are made to the magnus.conf directives to provide greater control over Web Server 6.0 SP11. Edit the magnus.conf file for the following:
Tuning keep-alive Subsystem Performance
Changing the Server Header in a Response
Setting an Upper Limit to the Time Slept After Polling keep-alive Connections
Handling Standard Output and Error Log Messages
The magnus.conf directive KeepAliveQueryMeanTime can be used to tune keep-alive subsystem performance. KeepAliveQueryMeanTime specifies the desired keep-alive latency in milliseconds. The default value of 100 is appropriate for almost all installations. Note that the CPU usage will increase with lower KeepAliveQueryMeanTime values.
A magnus.conf directive ServerString is added to enable you to change the Server header in a response. The value none will not send the header at all. For example:
ServerString
"My Server ver. 1.0"
ServerString none
A new magnus.conf directive KeepAliveQueryMaxSleepTime has been added to set an upper limit to the time slept after polling keep-alive connections for further requests. Values can range from 0 to 5000 milliseconds. If you do not specify a value, by default, the value of KeepAliveQueryMaxSleepTime is set to the value of the KeepAliveQueryMeanTime directive. The default value is recommended for most real-world use cases.
Web Server 6.0 SP11 introduces four new magnus.conf directives that determine how the server handles standard output and error messages, including System.out and System.err messages from Java programs. The directives are described in the following table:
The keep-alive subsystem is enhanced to handle thousands of persistent connections.
This user interface allows you to generate reports for specific virtual servers. You can access this page from the Logs tab of the Virtual Server Manager page.
You can deploy Web applications from the user interface as well as from the command line using wdeploy. New user interfaces are added to the Server Manager to facilitate:
Web Server 6.0 SP11 supports roles if the underlying LDAP server supports roles. If you wish to authenticate roles for Web applications, add the following to the server-id /config/web-apps.xml file:
<role-mapping map-to=”role”/>
For more information about role authentication provided by Directory Server 5.0 SP1, see iPlanet Directory Server Administrator's Guide.
Web Server 6.0 SP11 allows you to enable or disable a Web application. You can do so in either of the following ways:
For example:
<web-app
uri="/catalog" dir="/export/apps/catalog" enable="false">
</web-app>
For more information on Web Server 6.0 DTD, see http://developer.sun.com/.
Web Server 6.0 SP11 allows single sign-on across multiple Web applications using form-Login configuration. You can enable this feature in two ways.
This is the easiest approach, but the session and session attributes are shared across all applications.
For example:
<vs>
<!-- configure a VS-level session manager -->
<session-managerclass='com.netscape.server.http.session.IWSSessionManager'>
<init-param>
<param-name>maxSessions</param-name>
<param-value> 1024 </param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value> 8 </param-value>
</init-param>
<init-param>
<param-name>timeOut</param-name>
<param-value> 300 </param-value>
</init-param>
</session-manager>
</vs>
In this case, all form-login sessions are created using this virtual server-wide form-login Session Manager, and the container uses a separate cookie to track the sessions. These sessions are available across all applications within the virtual server.
The virtual server-wide form-login session manager is created when a form-login-session element is present under the vs element in the server-id/config/web-apps.xml file. You can customize the underlying session manager, cookie name, and the session timeout using the form-login-session element.
For example:
<vs>
<!-- configure form login session
timeout to 300 secs (5 min), with
MMapSessionManager -->
<form-login-session timeOut="300">
<session-managerclass='com.netscape.server.http.session.MMapSessionManager'>
<init-param>
<param-name>maxSessions</param-name>
<param-value>10000</param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>8</param-value>
</init-param>
</session-manager>
</form-login-session>
</vs>
The advantages of configuring a virtual server-wide form-login session manager in a separate HTTP session are:
The disadvantages of configuring a virtual server-wide form-login session manager in a separate HTTP session are:
If you are running a localized version of Web Server 6.0, you can take advantage of existing localization features by installing Web Server 6.0 SP11 over the existing server. Web Server 6.0 SP11 is localized in Japanese on Solaris, HP-UX, and Windows NT.
Note: Sun recommends you to use JDK 1.4.1 or higher version if you are running the Japanese or Chinese locales with Sun ONE Web Server.
In Web Server 6.0 SP11, the set-variable SAF (Server Application Function) can be used to add custom headers to the server's HTTP responses. For example, consider the following obj.conf directive:
AuthTrans
fn="set-variable"
insert-srvhdrs="P3P:policyref="http://hostname/P3P/policy.xml""
This directive instructs the server to add the following HTTP header to each response:
P3P:policyref="http://hostname/P3P/policy.xml"
Web Server 6.0 SP11 supports two byte character response header encoding in HTTP header and plug-in programs.
Web Server 6.0 SP11 is compatible with PHP version 4.3.x or 4.3.8, the versatile and widely-used Open Source general-purpose Web scripting language that allows server-side scripting, command line scripting, and client-side GUI scripting. PHP runs on all major operating systems. The following section tells you where you can find PHP-specific installation and configuration information:
For platform-specific installation instructions, refer to the following sites:
For general installation instructions, see http://www.php.net/manual/en/installation.php.
For installation and configuration information that is specific to
the Web Server installs of PHP, refer to
http://www.php.net/manual/en/install.netscape-enterprise.php.
Note: The
configuration information in the site http://www.php.net/manual/en/install.netscape-enterprise.php,
is accurate for iPlanet Web Server 4.x. For Sun ONE Web Server 6.0 and
above however, you need to make the specified changes to the Init
function in the server-id/config/magnus.conf file, and not
the server-id/config/obj.conf file.
For more information on PHP, see the following sites:
Use the following methods to downgrade the HTTP version to 1.0:
AuthTrans fn="match-browser" browser="*MSIE*" http-downgrade="1.0"
HttpVersion 1.0
When you deploy a Web application using the Administration Server from a remote machine, by default the maximum upload size is 10 MB. This can be changed by editing the install-root/bin/https/webapps/instance-app/WEB-INF/web.xml file. In the Servlet webappdeploy, insert an init-param named maxUploadSize with a value in bytes specifying the maximum upload size.
Example:
<init-param>
<param-name>maxUploadSize</param-name>
<param-value>90000000</param-value>
</init-param>
If you choose to use the JDK 1.3.1 server JVM, you must change the path order of NSES_JRE_RUNTIME_LIBPATH in the server-id /https-admserv/start-jvm file, otherwise the default client JVM will be invoked even if you have set the value of jvm.option to -server in the jvm12.conf file. To configure the server so that the server JVM is loaded, edit the server-id /https-admserv/start-jvm file, so that the line ${NSES_JRE}/lib/sparc/server occurs before the line ${NSES_JRE}/lib/sparc.
This section lists the additional tasks you need to perform to secure access control with Web Server 6.0 SP11, after enabling distributed administration. The related problem identifiers are 4650463, 4744325, and 4536739.
The order in which the PathCheck directive occurs in the https-server-id object tag in the generated.https-server-id.acl file might grant undesired access to resources. To prevent this, edit the <server-root>/generated.https-server-id.acl file, specifying a comma-separated list of program groups for which access control is required, as shown below:
Below the line:
allow (all)
user=<username> and program=<program group, program group...>;
add the following line:
deny absolute (all)
user=<username> and program!=<program group, program group...>;
To configure Web Server 6.0 SP11 to control access to server instances, edit the <server-root>/httpacl/*.https-admserv.acl files to specify the user to whom you want to grant access control privileges.
Example:
acl "https-<instance>";
authenticate
(user,group) {
database = "default";
method =
"basic";
};
deny absolute (all) user != "UserA";
If the access control entry that refers to the ip attribute is located in the Administration Server related ACL files (gen*.https-admserv.acl), then complete steps (1) and (2) below.
acl
"https-admserv";
authenticate (user,group) {
database = "default";
method = "basic";
};
deny absolute (all) ip !=" ip_for_which_access_is_allowed ";
Example:
acl
"https-admserv";
authenticate (user,group) {
database = "default";
method = "basic";
};
deny absolute (all) ip !="205.217.243.119";
Required patches are listed for the following platforms:
If you are using a JRE that is different from the one that is bundled with Web Server 6.0 SP11, or if you are using a JDK, you might need additional patches.
The following patches are recommended for Solaris OE users of Web Server. In addition, you should have the latest patches in Sun's recommended patch list. For Sun's recommended patch list, see http://sunsolve.sun.com/pubpatch. You can download the patches from http://sunsolve.sun.com.
For each patch, use the listed revision or a higher revision. For example, if you need patch 111111-01, the later revision 111111-03 will also work.
The following patch is required to run Web Server 6.0, on Solaris 2.6 OE:
Use the latest Solaris patches for Solaris 7 OE.
Patch 108727-05 is required for Solaris 8 OE users with NFS volumes.
No patches required.
The following Solaris 2.6 OE patch is recommended when using the CC 4.2 compiler:
The following HP-UX 11i Patches are required for Web Server 6.0:
In addition to using the General-Release Patch Bundles (XSWGR1100), the following operating system patch (applicable and specific to HP-UX 11i, 11.11 only) must be installed: PHNE_23645.
You can find a list of patches for Java 1.2.2.07 at http://us-support.external.hp.com/.
Ensure that you are running a complete installation of AIX, including the latest update and maintenance patches.
Daylight Savings Time (DST) will start in U.S.A from the 2nd Sunday of
March and end on the 1st Sunday of November. This will impact the date
and time rules of the operating system and JDK/JRE.
To make sure that log files contain the correct time in US time zones,
and that Admin Server and Java Web Applications are not impacted by this
change,Sun recommends you to do the following:
1) Download and use the appropriate operating system patches.You can
download the Solaris patches from
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102775-1.
For other platforms, download similar DST compatible patches from
operating system vendor's web site.
2) Upgrade the JRE. To make sure that Admin Server and Java Web
Applications are not impacted by this change, JRE upgradation is also
needed. Download and use the appropriate JRE that has the fix for DST
changes. The bundled JRE 1.2.2 does not have the DST compatible patch
on any platform. The recommended JRE versions for the supported
platforms are as follows:
Solaris: 1.4.2_13
Windows: 1.4.2_13
Linux: 1.4.2_13
HP-UX: 1.4.2_11
AIX: 1.3.1 SR 10
Note: AIX only - Web Server 6.0
is not supported with JRE 1.4.x on
AIX 4.3.3. It is also not supported for JRE 1.4.2.x on AIX 5.1. The DST
compatible JRE supported for AIX is 1.3.1 Service Release 10.
Known issue: Though JRE 1.3.1 SR 10 on AIX works for 2007 dates, it does
not work as expected for certain dates of 2006 like April 2nd and
October 30th. It shows results applying new rules which is applicable
only from 2007. JRE 1.3.1_19 has the same issue for other platforms, but
this issue is resolved with above certified versions (1.4.2.x) on those
platforms.
The following versions of JRE and JVM are bundled with Web Server 6.0
SP11:
Comment out -Xrs flag in config/jvm12.conf to generate stack traces. For JVMPI based profiling or debugging purposes (such as with hprof or dbx) purposes, use the reference implementation. Note: To run JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, and JDK 1.4.1_01 on Solaris OE, you must edit the magnus.conf file to include the following immediately after the line that specifies the RqThrottle value: Supported JDK software versions: JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01, 1.4.2_04* *Supported via binary compatibility. |
||
Sun ONE Web Server 6.0 SP11 is certified to work with Sun Linux 5.0 using JDK1.2.2_10 and JDK 1.2.2_013 Supported JDK software versions: JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01 RED HAT LINUX 6.2, 7.1, and 7.2 Supported JDK software versions: JDK 1.2.2_010, JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01 Note: For optimal performance, use JDK 1.3.1 RED HAT LINUX ADVANCED SERVER 2.1 JDK 1.2.2_010, JDK 1.3.1, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01, JDK 1.4.2_02 Note: The JDK mentioned above refers to Sun's JDK. |
||
Supported JDK software versions: JDK 1.2.2_010, JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01, , JDK 1.4.2_02* *Supported via binary compatibility. |
||
Java version 1.2.2 Classic VM (J2RE 1.2.2 IBM build ca122-20001206 (JIT enabled: jitc)) |
Supported JDK software versions: JDK 1.3.1 (Developer Kit, Java 2 Technology Edition, Version 1.3.1, 32-bit version for POWER for AIX) |
|
Java version 1.2.2.10 HotSpot VM (1.0.1fcs, mixed mode, PA2.0 build 1.2.2.10-01/09/14-PA_RISC2.0) |
The Sun ONE Web Server 6.0 SP11 download also contains Java version 1.2.2.10 Classic VM. (build 1.2.2.10-01/09/14-PA_RISC2.0, native threads, HP) For more information on the HotSpot VM, see http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/license_sdk_1-2-2-10.html Supported JDK software versions: JDK 1.3.1_02, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.2_02* *Supported via binary compatibility. |
http://java.sun.com/j2se/1.4.2/download.html
For more information about JVM/JRE version 1.2.x for Solaris OE, go to http://www.sun.com/software/solaris/java/download.html.
This section includes information for installing, upgrading, and
migrating your Web Server.
Note: When
you install Web Server 6.0 SP11 over an existing installation of Sun
ONE Web Server, the installer automatically detects and carries out the
upgrade.
The following table summarizes the supported platforms for Web Server 6.0 SP11. To successfully run Sun ONE Web Server 6.0 SP11 on Windows 2000, at least 512 MB of memory and 2 GB of disk space are required.
Windows 2000 SP4 (for both Server, Advanced Server, and Professional Edition) |
||
*Supported via binary compatibility.
**As of Web Server 6.0, older SPARC CPUs are not supported. Web
Server 6.0 SP11 continues to support the UltraSPARC architecture.
Note: If
you are running Web Server 6.0 SP11 on Red Hat Linux 7.2 or above, for
optimal performance, you must tune kernel initialization parameters
after you install the server.
If you are running a 4.x version of iPlanet Web Server, to move to Web Server 6.0 SP11 you must migrate your existing server. However, if you have a 6.x version of Web Server, you can directly upgrade to Web Server 6.0 SP11.
This section contains list of issues resolved in the following service pack releases:
This section lists issues resolved in Web Server 6.0 SP11.
Administrative GUI does not monitor the Administration Server if you turn off the Monitor Web Server Statistics option.
This section lists issues resolved in Web Server 6.0 SP10.
The timeout value in seconds for ldapsession bind and ldap search can be set in server_root/userdb/dbswitch.conf. By default, there is no timeout. Sample dbswitch.conf:
default:binddn cn=Directory Manager
default:encoded bindpw
Odg4ODg4ODg=
default:timeout 60
This section lists issues resolved in Web Server 6.0 SP9.
This section lists issues resolved in Web Server 6.0 SP8.
uxwdog
process crashes on multiple CPUs machine during shut down. compat=5
option.To resolve this issue, libCld.so has to be LD_PRELOAD. For this, add the following line to the start script for that instance:
LD_PRELOAD=${SERVER_ROOT}/bin/https/lib/libCld.so; export
LD_PRELOAD
Replace with the directory where the Web Server is installed and restart the server.
jvm.trace=7
does not send exception
details to client browser. getContextPath()
call violates servlet
2.2 spec in default root context. *
for UID
in basic authentication. htconvert
not converting wildcard
patterns correctly. SSLCacheEntries
, SSLSessionTimeout
,
and SSL3SessionTimeout
accept negative values. htconvert
perl script does not
parse obj.conf
and document-root
path
properly. KeepAliveTimeout
,
MaxKeepAliveConnection
, and KeepAliveThreads
error. obj.conf
processing in NameTrans.When a Servlet is accessed for the first time, it is processed through the ServletByExtNameTrans. However, subsequent request goes through servlet NameTrans.
<Object name="default">
NameTrans from="/*"
fn="assign-name" name="WSL-Protect"
NameTrans
fn="NSServletNameTrans" name="servlet"
NameTrans
fn="pfx2dir" from="/servlet"
dir="/space/iws/41sp11/docs/servlet" name="ServletByExt"
==================== access /servlet/TestRequestObject
[09/Dec/2002:09:04:18] info (22539): for host 129.158.224.47 trying
to GET /servlet/TestRequestObject,
printer reports: printing
location : I am in ServletByExt
[09/Dec/2002:09:04:18] info
(22539): for host 129.158.224.47 trying to GET
/servlet/TestRequestObject,
printer reports: printing location : I
am in WSL-Protect
[09/Dec/2002:09:04:18] info (22539): Internal
Info: loading servlet /servlet/TestRequestObject
[09/Dec/2002:09:04:18] info (22539): /servlet/TestRequestObject:
init
==================== shift + reload /servlet/TestRequestObject
[09/Dec/2002:09:04:27] info (22539): for host
129.158.224.47 trying to GET /servlet/TestRequestObject,
printer
reports: printing location : I am in servlet
[09/Dec/2002:09:04:27]
info (22539): for host 129.158.224.47 trying to GET
/servlet/TestRequestObject,
printer reports: printing location : I
am in WSL-Protect
NameTrans fn="pfx2dir" from="/servlet" ... name="ServletByExt"
comes before
NameTrans fn="NSServletNameTrans" name="servlet"
This section lists issues resolved in Web Server 6.0 SP7.
A problem has been identified in the implementation of the SSL protocols used by the Web Server that may be exploited as a Denial Of Service attack. Web Server 6.0 SP7 fixes this problem. If you use the Web Server to host sites that utilize SSL version 3 or TLS, you are strongly encouraged to install this Service Pack.
Error pages in Sun ONE Web Server are customizable and may be configured in the WEB-INF/web.xml file. In previous versions of the Web Server, invoking a customized error page could sometimes lead to a File Not Found error. As of Web Server 6.0 SP7, this problem has been fixed.
Web Server 6.0 SP7 fixes problems related to IP-based access control. Enabling IP-based access control on a server instance requires no additional configuration steps. However, if you use distributed administration, you would need to perform certain additional configuration tasks. For more information about what you need to do, refer to Securing Access Control With Distributed Administration.
This section lists issues resolved in Web Server 6.0 SP6.
If you add more than 22 language tag entries in the accept-language header, an HTTP 400 error message is generated by the Web server.
If you are running the Web Server on either the Solaris 8 OE with the Patch-ID# 111297-01 (SunOS 5.8: /usr/lib/libsendfile.so.1 patch) installed or the Solaris 9 OE, the ns-httpd process continues to hold files until the server is restarted. To avoid this, set the value of the TransmitFile parameter to false in the nsfc.conf file, as shown below:
TransmitFile=false
The ACL_LDAPSessionAllocate method did not work in previous releases of the Web server. The problem is resolved in Web Server 6.0 SP6. Further, the dbname parameter in the ACL_LDAPSessionAllocate method corresponds to the id attribute of the USERDB element in the server.xml file. For more information, see the install-dir/plugins/nsacl/api-notes.html file.
The DN attribute Serial Number was not being recognized by previous releases of the Web server due to the version of NSS used. (Note that Web Server 6.0 SP9 uses NSS version 3.3.4.5.)
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
Sun ONE Web Server does not support the use of shared ClassCache directories. Each instance directory, including the ClassCache directory, must be created on a local file system and not on an NFS volume.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.
This upgrade fixes the problem reported at on Vaudenay Timing Attack on CBCmode block ciphers.
This section lists issues resolved in Web Server 6.0 SP5.
If your browser uses a Java plugin supporting JRE 1.3 or higher (for example, Netscape Navigator™ 6.0 and above, or Internet Explorer configured with JRE 1.3 and above) to run applets, then, while accessing an applet, you will be prompted for your user name and password by the browser. This is because of extra security checks performed by JRE 1.3 and above.
If you are running version 6.x of Netscape Navigator browser on Windows, the browser might crash when you perform certain operations using the Restrict Access page. This is not the case with the 7.x version of Netscape Navigator browser. The problem is due to a browser-related issue that is more fully documented in the Release Notes for Netscape 6 Review Release 1.
Web Server 6.0 SP5 supports custom methods used by WebDAV clients. In case of problems with the OPTIONS method, edit the obj.conf file to set method="*" in the Service directive, as follows:
Service method="*" fn="NSServletService"
or
Service method="*" fn="NSServletService" servlet=<servletname>
This is applicable only in the case of web applications and not in the case of legacy servlets.
As of Web Server 6.0 SP5, the ClassLoader has been modified so that a client call to the getResources function returns all available URLs for a resource.
As of Web Server 6.0 SP5, an additional parameter content-type has been added to the SHTML tag in the #config directive. By configuring the #config directive, you can now specify the content-type a .shtml file will return. Example:
<!--#config content-type="text/vnd.wap.wml"-->
As of Web Server 6.0 SP5, the problem of URL forwarding when "/" is used for redirection, is resolved.
If you are running Web Server 6.0 SP5 on a secured server (with SSL), you can start the server only if you have logged in as a user with Local System Account (Administrator) privileges.
As of Web Server 6.0 SP5, in the case of web applications, the web-apps.xml file can be edited to set the value of the configuration parameter redirect-to-absolute-url to either true or false. When the value is set to true, the absolute path is appended to the URI for the location parameter in the response header. Example:
<config-param>
<param-name>redirect-to-absolute-url</param-name>
<param-value>true</param-value>
</config-param>
Note that this fix does not apply to legacy servlets.
As of Web Server 6.0 SP5, this issue is resolved on Internet Explorer 5.0 SP2, and on Internet Explorer 5.5 and above.
This issue is resolved as of Web Server 6.0 SP5. For more details, see magnus.conf Directive Enhancement.
As of Web Server 6.0 SP5, the bootclasspath setting can be changed by editing the config/jvm12.conf file to set the value of jvm.option to the following:
Example:
Here <path...> specifies the path that will override the runtime classpath in start-jvm.
Here <path...> specifies the path that is to precede the runtime classpath in start-jvm or the overridden bootclasspath in (1).
Here <path...> specifies the path that is to be appended to the runtime classpath in start-jvm or the overridden bootclasspath in (1).
The recommended order is as follows:
jvm.option=-Xbootclasspath:<path...>
(If not specified, the runtime classpath in start-jvm is taken by default)
jvm.option=-Xbootclasspath/p:<path...>
jvm.option=-Xbootclasspath/a:<path...>
In Sun ONE Web Server, the magnus.conf directive AcceptTimeout achieves the functionality of what has been documented as the IOTimeout directive. For more details, see the Note in the Corrections to Documentation section.
Duplicate group IDs within a defined scope could lead to the logging of internal errors if the group occurs in an ACL.
The Administration Server and the cron daemon must be run as root for cron-based log rotation to function properly.
As of Web Server 6.0 SP5, this authentication-related security issue for users of Directory servers has been resolved.
This section lists issues resolved in Web Server 6.0 SP4.
As of Web Server 6.0 SP4, you cannot use the search pattern “..” in either a URL or in the path of a pattern file.
The security problem due to buffer overflow with chunked encoding has been resolved in Web Server 6.0 SP4.
This section lists issues resolved in Web Server 6.0 SP3
The runtime error message was specific to Internet Explorer 5.5, which is no longer available for download. It does not appear with IE 5.5 Service Pack 2 or any other version of Internet Explorer.
As of Web Server 6.0 SP3, even if access control is disabled at the server level, virtual servers irrespective of what class they are under, function properly.
As of Web Server 6.0 SP3, if the CA certificate is properly installed, Distributed Administration works smoothly with LDAP over SSL. For more information on installing the CA certificate, see iPlanet Web Server, Enterprise Edition Administrator's Guide.
As of Web Server 6.0 SP3, you can add a server to the cluster under SSL.
Web Server 6.0 SP3 enables proper monitoring of the current activity of SSL-enabled servers.
As of Web Server 6.0 SP3, you can enable response header encoding at either the web-app level or the virtual server level by setting the value of the configuration parameter use-responseCT-for-headers to any of the values, yes, true, or on, in the server-id/config/web-apps.xml file. The web-app setting overrides the virtual server level setting.
In the following example, response header encoding is disabled at the web-app level by setting the parameter value to false:
<vs>
<config-param>
<param-name>use-responseCT-for-headers</param-name>
<param-value>on</param-value>
</config-param>
<web-app uri="/jakarta"
dir="/export/home/ramach/Rtm1026/ns/server/work/B1/Sun
OS5.6_DBG.OBJ/docs/jakarta" enable="true">
<config-param>
<param-name>use-responseCT-for-headers</param-name>
<param-value>false</param-value>
</config-param>
</web-app>
</vs>
Note: If you are using legacy servlets, to enable response header encoding, set the value of the parameter context.global.use-responseCT-for-headers to true in the server-id/config/context.properties file. To disable this feature, set the parameter value to false.
Due to a browser issue, when you use the Korean character set, a version 4.7 or later Netscape browser, on Solaris 2.8 fails to display characters properly in the “File Save” dialog box. A bug has been filed with Netscape Communications Corporation.
As of this release, setting the value of the urlencoding parameter in the function index-common in the server-id/config/obj.conf file to off, enables index listing of encoded directories. Example:
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common urlencoding="off"
If your Sun ONE Web Server installation is configured to use an SSL LDAP server, you must also ensure that it has at least one of the following:
As of Web Server 6.0 SP3, in case of a bind failure, you will receive an LDAP bind error message.
As of Web Server 6.0 SP3, the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide contains a new section titled “Changes to Function Flow” which discusses conditions that cause changes in the normal request handling process. Additionally, the section on the request data structure in the appendix on data structures has been updated.
As of Web Server 6.0 SP3, if you do not specify the name of a web-apps file associated with a web application, when you delete the web application, the corresponding web-apps file is automatically deleted, and its associated entry in the server.xml file removed. Before deletion, however, you must ensure that no other server instance is referencing the web-apps file associated with the application you want to delete.
As of Web Server 6.0 SP3, in a .htaccess file, if the number of require directives exceeds 50, or if the number of entries under the allow or deny directives exceeds 50, subsequent entries are ignored, and an error is logged in the error log file located in https-server_name/logs/errors in the server root directory.
As of Web Server 6.0 SP3, the values allowed for the jvm.verboseMode parameter are gc, class and jni, with the default being gc. Please note that the parameter values are case-sensitive.
If Web Server 6.0 SP3 is running on a Windows system using the multibyte character set, when you specify a URI, ensure that the path component of the URI (that is, the path, the filename, and the path-info, but not including the query) is less than or equal to 257 bytes.
For example, in the URI /cgi-bin/printenv.pl/foo/bar?name=value, the path to the resource (/cgi-bin/printenv.pl) and the path-info (/foo/bar) together must not exceed 257 bytes.
As of Web Server 6.0 SP3, the parameter jvm.stickyAttach is by default set to 1 in the jvm12.conf file, and the memory footprint growth is under control.
Web Server 6.0 SP3 has been enhanced to provide robust and secure SNMP trap handling and request handling support. For more details, see the following Cert Advisory number:
CA-2002-03: Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP).
Buffer overflow issues with the Search functionality have been resolved in Web Server 6.0 SP3.
This section lists issues resolved in Web Server 6.0 SP2.
As of Web Server 6.0 SP2, latencies under very light load have been reduced while increasing throughput under very heavy load. For more details, see Release Notes for iPlanet Web Server, Enterprise Edition Version 6.0SP2.
As of Web Server 6.0 SP2, the <Client> tag can be used in obj.conf files to customize behavior for specific browsers. For example, the following obj.conf directives instruct Web Server to serve different content based on whether the user is using a Microsoft Internet Explorer (MSIE) browser:
<Client browser="*MSIE*">
NameTrans
fn="document-root" root="$docroot/MSIE"
</Client>
NameTrans fn="document-root"
root="$docroot"
The way Microsoft Internet Explorer (MSIE) handles SSL version 3 (SSLv3) and Transport Layer Security (TLS) keep-alive connections causes interoperability problems with non-Microsoft web servers such as Web Server. When accessing a web server over SSL (https://) connections, Internet Explorer may inappropriately display error messages or blank pages.
Web Server 6.0 SP2 introduces new functionality to work around this problem. Two remedies are possible:
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
This line instructs the server to not send a close_notify alert when it closes SSLv3 connections from MSIE browsers. The close_notify packet is a required component of the SSLv3 and TLS specifications, but it is misinterpreted by MSIE.
Note that the close_notify packet is used in SSLv3 and TLS connections to inform the other party in the transaction that the connection is being closed. Instructing Web Server to not send the close_notify packet may make MSIE vulnerable to a truncation attack.
AuthTrans fn="match-browser" browser="*MSIE*" keep-alive="disabled"
This line instructs the server to disable keep-alive connections for Internet Explorer browsers. Disabling keep-alive connections may decrease your server's performance.
This section lists issues resolved in Web Server 6.0 SP1.
In previous versions of the server, CGI programs that wanted to redirect a browser to another location were forced to supply a URL, for example, http://server/index.html, or an absolute URI, such as /index.html. Starting with SP1, relative URIs, such as index.html are also accepted.
Prior to SP1 there was no way to log time the server spent processing requests. A new flex-log format variable, %duration%, has been added. %duration% records the time in microseconds the server spent handling the request. Statistics must be enabled for the server instance before %duration% can be used. See the iPlanet Web Server, Enterprise Edition Administrator's Guide for information on enabling statistics. For more information on log file formats, refer to the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide and the iPlanet Web Server, Enterprise Edition Administrator's Guide.
Prior to SP1 there was no way to track when the keep-alive subsystem was full. The server now tracks the number of times a connection was not added to the keep-alive subsystem because the keep-alive subsystem was full. This information is presented as KeepAliveRefusals in .perf output. For more information on .perf, refer to the iPlanet Web Server 6.0 Performance Tuning, Sizing, and Scaling Guide.
Prior to SP1 it was not possible to use an arbitrary server resource, such as a JSP or SHTML page, as the error page. As of SP1, the parameter uri has been added to the send-error Error SAF. uri specifies the URI of a resource to use when an error is encountered.
Consider the following line from obj.conf:
Error fn="send-error" reason="Not Found" uri="/notfound.jsp" path="/usr/iplanet/servers/docs/notfound.html"
This line instructs send-error to behave as though the client had requested /notfound.jsp when the client requests a URI that does not exist. If an error is encountered when accessing /notfound.jsp, the HTML file at /usr/iplanet/servers/docs/notfound.html will be displayed instead. For more information on the send-error Error SAF, refer to the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide.
This section lists known problems. Information is organized into the following areas:
While installing Web Server 4.1, if you select 1,2, and 8 options (that is, not select Java support), jvm12.conf, rules.properties, and servlets.properties files will not be created.
If you migrate this instance to Web Server 6.0, the migrated server will also not get these files. Web Server 6.0 does not support this configuration (without Java support).
If you install Web Server 4.1 without Java and then migrate to Web Server 6.0, copy the three files (jvm12.conf, rules.properties, and servlets.properties) from the Web Server 60 instance to the migrated server.
Errors are logged from NSS after the DBM's in-memory cache reaches the maximum allowable size. When this behavior happens, DBM will try and create temporary files in order to expand its memory space. If it fails to create temporary files, it starts logging the following errors:
[11/Dec/2003:10:52:54]
failure (20073): Error receiving connection (SEC_ERROR_BAD_DATABASE -
Problem using certificate or key database)
[11/Dec/2003:10:52:54]
failure (20073): Error receiving connection (SEC_ERROR_BAD_DATABASE -
Problem using certificate or key database)
[11/Dec/2003:10:52:54]
failure (20073): Error receiving connection (SEC_ERROR_BAD_DATABASE -
Problem using certificate or key database)
This in turn results in the SEC_ERROR_BAD_DATABASE
errors.
Set $TMP in the start script of Web Server to point to a file system (dir) writable by Web Server user.
According to the Sun ONE Web Server 6.1 Administrator's Guide, the list right is required to obtain directory listings from directories that do not contain an index file. However, it is possible to obtain a directory listing even if the applicable ACLs deny the list right. For this reason, if you need to restrict directory indexing, it is recommended that you do so by disabling indexing as documented in the Content Management chapter of the Administrator’s Guide, apart from or in addition to, denying the list right.
Access control applets do not work on browsers on the Mac OS as the LiveConnect feature, which allows Java methods to be invoked from JavaScript™ methods, is not supported. This is due to an inherent problem in the browser plug-ins bundled with the Mac OS. To use the Administration Server user interface to perform restrict access operations, you must use a browser on a different platform.
Certificate migration from Netscape Enterprise Web Server 3.6 to Sun ONE Web Server 6.x is not supported.
Edit the install-dir/plugins/search/common/style/pdf/style.ddd file in the following way:
The Web Server file that defines international character encoding is named i18n.jar in the JDK 1.4. However, this file is named charsets.jar. Because of this discrepancy, the character encoding of Web resources cannot be resolved against the correct file.
Rename the file i18n.jar, located in the <install-dir>/https-admserv/start-jvm directory to charsets.jar, and restart the server.
The server-id/https-admserv/start-jvm file bundled with Web Server 6.0 SP5 allows you to configure JVM environment settings. The server assumes that any file in the server-id/https-admserv directory with a name that begins with start- is a configuration file. So, for custom configuration activity you can add more configuration files to the server-id/https-admserv directory by ensuring that the file names begin with start-.
To enable perfdump, ensure that the .perf Nametrans directive is specified before the document-root Nametrans directive in the default object. Example:
NameTrans fn=assign-name from="/.perf" name="perf"
NameTrans fn=document-root root=/usr/server1/docs
As of Web Server 6.0 SP5, if you are writing an NSAPI program that reads binary data, using the netbuf_getc function would cause a significant performance overhead in case of network error. You can use the netbuf_getbytes function instead to read binary data.
Syntax:
NSAPI_PUBLIC int netbuf_getbytes(netbuf *buf, char *buffer, int size)
Returns:
The total number of bytes read from a network buffer. If an error occurs, it returns NETBUF_EOF or NETBUF_ERROR.
Parameters:
netbuf *buf: the network buffer from which to retrieve bytes.
char *buffer: the character array from where to retrieve bytes.
int size: the initial size of the character array.
As of Web Server 6.0 SP5, when you re-configure the server dynamically either by executing the reconfig command on the command line or by applying the Load Configuration option through the Administration Server, additional informational messages appear on the console. These messages are identified by the prefix info: and can be safely ignored.
If you are using the Cisco Content Services Switch (CSS) with Sun ONE Web Server and have set the value of the sticky bit setting in CSS to on, the following error is logged periodically in the error logs:
failure ( 2210): Error accepting connection -5928, oserr=130 (Connect aborted)
This is caused not by a defect in Sun ONE Web Server but by the setting of the sticky bit in CSS. To avoid the error logging, set the value of the sticky bit in CSS to off.
As of Web Server 6.0 SP5, to index a new document root directory, use the Administration Server to go to <server instance>Virtual Server Class> Default Class>Content Mgmt>Additional Document Directories and create a mapping for the new directory. The new directory will now appear in the Search>New Collection directory index options.
Before enabling distributed administration, create a user with the name and password of the local superuser (the user name and password you specified during installation), and add it to the distributed administration group.
Do not use reserved URIs to deploy web applications. Because /search is a reserved URI, do not use it as a URI for deployment. For a list of reserved URIs, see the obj.conf file directives in the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide.
Stack size requirements of different JDK versions are different. If you are using a JDK version that is different from the default JDK bundled with Web Server 6.0 SP5, you might experience stack overflow problems. In such cases edit the StackSize directive in the server-id/config/magnus.conf file to modify the stack size for the request handling thread. The stack size limits for JDK 1.2.2 (for Solaris) and JDK 1.3.1 are as follows:
To prevent default cookie encoding, change the value of the context.global.enableCookieEncoding property in the server-root/server-instance/config/contexts.properties file to false.
If you need to run the Administration server with a non-root user ID, invoke the setup with the same user ID.
During login, ensure that your user name does not contain any white spaces, otherwise the authentication attempt will fail and an error will be logged in the server's /logs/errors file.
A new optional parameter acptlang has been added for creating a virtual server class. You must add [-acptlang] to the command line to enable accept language header parsing for your server. The default is off if this parameter is not added.
As of SP1, the set-user-ID-on-execute (suid) Cgistub will not allow a non-root user to execute programs owned by root. This change enhances the security of the suid Cgistub system.
If you require pre-SP1 functionality, log in as root and perform the following steps from a command line to modify the suid Cgistub for instance https-instance in server root server_root:
cd server_root/https-instance
./stop
cd private
chmod 700
./Cgistub -s "trusted_uid 0"
chmod 500
cd ..
./start
Adding more than 1000 software virtual servers under one class slows the loading of the Class Manager Members page.
Files are transferred by the master of the cluster requesting the remote machine's admin to run clxfer. The clxfer process of the remote machine requests the master to transfer the file, and the master runs clxfer to return the file. The master receives the host name of remote machine from the request, and finds the required file in /cluster/hostname/instance-names. If, for example, a remote machine named charis is added to a cluster named charis.india.sun.com, the request header with charis as host name will fail to find the file in cluster/charis. The remote machine will receive a 0 (zero) byte file due to the error.
Ensure that all machines have the full name. To do that go to Control Panel>System Network Identification>Property in your Remote Machine. Enter the primary DNS suffix to match the master machine.
Init fn="load-modules" funcs="my-plugin" shlib="myplugin.so"
shlib_flags="(default|parent|group)"
Doing this will place your plug-in in its own dynamic link group. As a result, it will also be necessary to explicitly specify all your plug-in's shared object dependencies at link time. For example, your plug-in's CC command line might look like this:
CC -G -lCrun -lm -DXP_UNIX -I/usr/iplanet/servers/plugins/include
-o myplugin.so myplugin.cpp
The following is an issue for NSAPI plug-in developers or for users of third party NSAPI plug-ins that have not been certified with iWS 6.0 by their developers.
The use of the NSAPI conf_getglobals() function, or the various macros in the nsapi.h header file that refer to conf_getglobals(), is not recommended within NSAPI Init functions in iWS 6.0. conf_getglobals() can only return the properties of a single virtual server. In iWS 6.0, a single web server may have many virtual servers defined with completely distinct properties, such as port, hostname, and security. Also, the configuration of any virtual server in iWS 6.0 can dynamically change over time. Therefore, a plug-in should not attempt to retrieve and store the server configuration information during NSAPI Init time, but rather retrieve the configuration in an ephemeral way during request processing time, when the server configuration information is actually needed (for example, to build links in a dynamic web page).
The default behavior of conf_getglobals(), if called during Init in iWS 6.0 is to leave the following fields initialized with a default value (for example, 0 , NULL): Vport, Vaddr, Vserver_hostname, Vsecurity_active, Vssl3_active, Vssl2_active, and Vsecure_auth. If your Init function relies on the values of these global fields but does not have error checking, it could crash and prevent the web server from coming up; or it could cause crashes at a later time if these null values are saved and later reused in other plug-in functions.
If you are currently calling conf_getglobals() in your Init function, you should modify your code to eliminate any such calls. This will ensure proper operation of your plug-in in iWS 6.0 when multiple virtual servers exist. The conf_getglobals() NSAPI function will only return the proper values corresponding to the connection and virtual server on which the request was made if called during an NSAPI request processing phase, for example, during an NSAPI AuthTrans, NameTrans, Service, or other NSAPI request processing phases.
iWS 6.0 supports a compatibility mode for older plug-ins suffering from this problem. As noted in the user section, it requires the NSAPI Init functions to be marked as LateInit. When called from a LateInit Init function, conf_getglobals() will return the properties of the default virtual server of the default connection group of the legacy listen socket. In terms of the new XML configuration attributes, this means that conf_getglobals() now returns the properties of the defaultvs of the defaultgroup of the legacyls of the SERVER. It is recommended that the server should only have that single virtual server defined in this case to ensure consistent server and plug-in operation.
If your plug-in vendor does not certify their Init function for use with iWS 6.0, and the function is found to suffer from the specific programming problem described in 1., you may work around the problem if:
If the above conditions are met, the Init function will be executed in an NSAPI context compatible with previous releases of iWS where only a single virtual server exists, and where this problem will not occur.
For the magnus.conf TempDir directive, the TempDir directory must be located on a local file system for the server to function correctly. If the TempDir directory is on an NFS mount, the server may fail to function correctly.
When using Micosoft’s Internet Explorer web browser, version 5.0 is supported for end users only. For administrators, changes to the Sun ONE Web Server Administration Server configuration can be saved only when using Internet Explorer version 5.5.
When editing a Connection Group Settings value from the Edit Listen Sockets Groups Page, a server update occurs when the OK button is pressed. Following this, if you go to Edit Listen Sockets page again and change another property, such as the Security value from Off to On, then click OK, an error message may appear that states, ‘Please refresh your screen, data update by another user.’ The Security value has not changed.
To change a property on the Edit Listen Sockets page after changing a property on the Edit Listen Sockets Groups page, click the OK button twice to effect the change.
After administrative actions lead to changes in magnus.conf (for example, enabling Search capabilities), the Load Configuration Files button cannot be used.
Use the Apply Changes button to load the changes applied to magnus.conf.
After installing a certificate and clicking OK, the Add Certificate page (or Replace Certificate page) appears. Clicking the Help link here takes you to the Add Certificate Revocation List page instead of the Add Other Certificate page.
From the add CRL/CKL link, you can select the CKL file to display the ADD Compromised Key List page. The Help button on this page is linked to help for the CRL page.
Scroll down the help window until you see the help for ‘Add CRL.’
This problem shows up inconsistently and will be addressed in a
future release.
POST method is permitted on static content by default.
If you have only one web application deployed and you are trying to edit the URI, the URI cannot be empty.
Set the minHeapSize to 3.5M and maxHeapSize to 64M.
Ignore the following error message when using the command line tools wdeploy and HttpServerAdmin: “A nonfatal internal JIT (3.10.107(x)) error 'Relocation error: NULL relocation target' has occurred in: 'org/apache/crimson/parser/Parser2.maybeComment (Z)Z': Interpreting method. Please report this error in detail to: http://java.sun.com/cgi-bin/bugreport.cgi.
The version 6.0 SP1 release of Web Server supports JDK 1.3.1. Use /usr/lib/lwp threads for Java applications on Solaris 8. Most JVM and heap tuning are application specific.
jvm.option=-XX:MaxNewSize=512m
jvm.option=-XX:NewSize=512m
For more details about these flags, see:
http://java.sun.com/docs/hotspot/VMOptions.html
http://java.sun.com/docs/hotspot/gc/
Some of GC tuning flags are applicable to JDK1.2.2_07 as well.
Please refer to JDK 1.3.1 debugging documentation:
You will need to configure Web Server 6.0 SP5 to use JDK instead of JRE before you can debug.
On UNIX platforms only, make the following changes to the start-jvm script in the https-admserv directory:
jdb -attach <port>
for example: jdb -attach 5000
You are now ready to debug your Servlet or JSP.
JSP compilation errors, such as incorrect JSP syntax, have resulted in an increase in memory (heap memory) on Solaris.
Pre-compile JSPs offline to catch such errors, or remove the offending JSP if the error logs contain compilation error messages for that JSP.
HP-UX operating system has two cache spaces called Page Cache and Buffer Cache for accessing files. Normally, when the application performs the mmap function, the file is mapped to Page Cache. However, currently the operating system has no responsibility to synchronize the date between the Page Cache and Buffer Cache, if the mmap is performed as PRIVATE option. Even if you copy the file, the operating system refreshes the cached data only in the Buffer Cache.
Use a vi editor to update the contents each time.
This section describes platform-specific known problems and workaround for the following platforms:
If you are running Web Server 6.0 SP10 on Windows 2000, we recommend that you have the Windows Service Pack 3 installed on your system.
It is recommended that you use the Internet Explorer 5.X browser with Windows 2000 SP2 or later Server Edition.
If you are migrating a 4.x version of the Web Server to version 6.0 or a Service Pack release of version 6.0, ensure that the newly migrated instance has a unique name. If the migrated instance has the same name as the older instance of the server, ensure not to delete either of the two instances; deleting any one instance would disable the other.
When using Cluster Management on Web Server 6.0 SP5 on the Windows 2000 SP2 platform, the master Administration server hangs during file transfer. (See also the description of Problem 4552549.)
To resolve this problem, perform the following tasks:
KernelThreads on
If you are using CGIs on the Windows platform, edit the magnus.conf file to set the KernelThreads parameter to 1, as follows:
KernelThreads 1
For more information, see http://docs.sun.com/source/816-5686-10/07_magnu.htm#17315.
To monitor server activity with the Simple Network Management Protocol (SNMP) on Web Server 6.0 SP6, use the native SNMP master agent available on the AIX platform, and not the SNMP master agent that is bundled with Web Server 6.0 SP6. Refer to the section Reconfiguring the SNMP Native Agent in the Administrator's Guide, for more information on running SNMP on AIX.
This problem does not occur on Solaris 2.8 with the following patches installed:
However, it does occur on Solaris 2.6 because the corresponding patch for Solaris 2.6 is not available. To avoid the problem, you must upgrade to Solaris 2.8.
The Search page cannot be accessed in a localized installation of Sun ONE Web Server 6.x on the HP-UX platform.
On Windows, the Web Server installation overwrites Sun ONE Directory Server .dll files. This is due to the cohabitation issues with Directory Server 5.x.
The default value of ConnQueueSize is 4096.
A note is added in the Sun ONE™ Web Server Release Notes 6.0 SP10 to clarify JDK vendors for Linux.
The iPlanet Web Server, Enterprise Edition Programmer's Guide documents an invalid keyword in dbswitch.conf. The valid keyword is sessions.
JDK support information for HP-UX is rectified in Sun ONE™ Web Server Release Notes 6.0 SP10.
The last line of the first paragraph says "To change
thread pool settings once you've added the pool, edit obj.conf
."
The instructions should specifymagnus.conf
instead ofobj.conf
.
web-apps.xml
web-app
element's uri
attribute. The uri
attribute of the web-app entry in
the web-apps.xml Element Reference
section in "Chapter 2, Web Applications," of the iPlanet
Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets
should read as follows: “ The URI that clients use to access the web
application.”
Web Server 6.0 SP5 does not support the magnus.conf directive chroot on the server instance.
The online help for the Edit Access Control Page does not include a description of the up arrow and down arrow glyphs that are used to swap access control restrictions. Clicking on the up arrow glyph swaps the access control restriction with the access control restriction preceding it. Clicking on the down arrow glyph swaps the access control restriction with the access control restriction succeeding it.
In the iPlanet Web Server, Enterprise Edition Administrator's Guide, the section titled Installing the SNMP Master Agent states that you cannot use the Server Manager to install and start the master SNMP agent unless the server is running as root. This is incorrect and should read as follows:
“To configure the SNMP master agent you must install the Administration Server instance as the root user. However, even a non-root user can accomplish basic SNMP tasks, such as MIB browsing, on a Web Server instance by configuring the SNMP sub-agent to work with the master agent.”
In the online help for Sun ONE Web Server 60 SP5, the online help page for server-id>Class Manager>Content Management>URL Forwarding incorrectly states that the URL Prefix setting forwards requests to a URL prefix, keeping the absolute path, and substituting one prefix for another. In fact, if the URL prefix you specify is /info and the forwarded URL Prefix is www.sun.com, then /info/movies gets redirected to www.sun.com/movies.
Step 6 in the section titled Exporting with pk12util in the iPlanet Web Server, Enterprise Edition Administrator's Guide contains an error in the example that illustrates the use of the pkutil command in UNIX. The command should read as follows:
pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host-]
The iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets incorrectly states that the iwsstats.xml file that reports server performance statistics is written to disk at the following location:
server_root/https-server_id/stats-xml/iwsstats.xml
The iwsstats.xml file is not written to disk but is dynamically generated only for URL access at the following URL:
http://server_id:port/stats-xml/iwsstats.xml
The Error Responses Page in the Web Server 6.0 SP5 online help is ambiguous about the conditions under which the Web Server returns the “Unauthorized” and “Forbidden” error responses.
The “Unauthorized” error response occurs if the client fails to send certain authorization headers that the server needs for authenticating the client against the access control rules. It also occurs if the user name and password details sent by the client are incorrect. The “Forbidden” error response occurs when the client requests a resource that is denied access due to access control restrictions. It may also occur because the server does not have permission to access the requested resource.
In the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets, the section that describes remote debugging, Using Forte For Java to Debug Servlets and JSPs, incorrectly states that the jvm.conf file must be edited differently if JDPA is installed on the system. Irrespective of whether JDPA is installed, Step 7 in this section should read as follows:
Edit the jvm12.conf file to enable remote debugging. Add the following lines:
jvm.enableDebug=1
jvm.compiler=NONE
jvm.option=-classic
jvm.option=-Xnoagent
jvm.option=-Xrunjdwp:transport=dt_socket,server=y,suspend=n
The online help for the Performance Settings>Magnus Editor page does not contain a description of the User parameter. For a complete description of the User parameter, see Table 2-1 (magnus.conf directives) in the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets.
The online help for the Administration Server’s Restrict Access Page incorrectly refers to the help instructions for restricting access on the instance server. The correct instructions can be found at the following location on your machine: http://hostname.domain-name:administration_port/https-admserv/manual/ag/esprefs.htm#1006194.
The online help for the Class Manager>Manage Virtual Server>Styles>Edit a Style page incorrectly lists Cache Control, Require Stronger Security, Restrict Access, Dynamic Configuration, and Symbolic Links as style configuration categories supported by Sun ONE Web Server while the option for .htaccess configuration is not documented.
The Selecting Ciphers section of the iPlanet Web Server, Enterprise Edition Administrator's Guide does not mention that irrespective of any changes made to the security settings of the Listen Socket, clicking the Cipher Default link configures the server with default cipher settings.
The Server Identifier used by the Administration Server to identify a server instance must be specified using ASCII and not Latin-1 characters.
The user you use to run the Sun ONE Web Server should, but not necessarily must, be in the same group as the user you use to run the Administration Server. The iPlanet Web Server, Enterprise Edition Installation Guide incorrectly specifies this as a mandatory requirement.
The iPlanet Web Server, Enterprise Edition Installation Guide omits to mention that during migration, multi-line Init directives are compressed to single-line directives in the server-id/config/magnus.conf file
In Chapter 15 of iPlanet Web Server, Enterprise Edition Administrator's Guide, Step 5 under the section “Deploying Web Applications” should read as follows:
“Enter the absolute path to the directory on the server machine into which the contents of the WAR file will be extracted. If the directory does not exist, it will be created.”
In the same chapter, the command parameter incorrectly specified as idirectory should read directory.
In iPlanet Web Server 6.0 Performance Tuning, Sizing, and Scaling Guide, the section “Using the Solaris Network Cache and Accelerator” does not mention that if you are using a version of Solaris that is lower than Solaris 8 Update 5, you would need the following additional patches:
The documentation for the net_read function in the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide should read as follows: “The net_read function returns the number of bytes read, which will not exceed the maximum size, sz. A negative value is returned if an error has occurred.”
In the online help, operations allowed for the SNMP Master Agent Community should read as follows: “Allow ALL Operations”, “Allow GET Operations”, and “Allow SET Operations.”
The Limit directive in the section titled “Example of a .htaccess File” of the iPlanet Web Server, Enterprise Edition Administrator's Guide has been incorrectly documented. The text should read <Limit GET POST> instead of <Limit> GET POST, and <Limit PUT DELETE> instead of <Limit> PUT DELETE.
The iPlanet Web Server, Enterprise Edition Administrator's Guide incorrectly states that the Sun ONE Web Server can be extended to support Microsoft FrontPage webs. Third-party server extensions that extend server-side support for Microsoft FrontPage webs are not supported by Sun ONE Web Server.
The “Adding Variables” section in the chapter “Managing Server Clusters” in the iPlanet Web Server, Enterprise Edition Administrator's Guide does not adequately describe how variables are transferred within a cluster. The paragraph at the end of the specified section should read as follows:
“The variable must also be added to the server’s configuration file you are transferring to the slave. For example, if you are transferring the variable port, the variable should be declared in a server configuration file, say server.xml, as shown below:
<SERVER legacyls="ls1" qosactive="no"
qosmetricsinterval="30" qosrecomputeinterval="100">
...
<LS id="ls1"
ip="0.0.0.0"
port="$port" security="off" acceptorthreads="1"
blocking="no">
...
</SERVER>
You can set variables with different values for each slave in the configuration file. Once added, variables can also be edited and deleted using the drop-down Option list in the Add Variables page.”
The instructions for remote Servlet debugging as documented in the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets require the use of JDK 1.2.
The configuration file obj.conf has been incorrectly spelled as obj.con in the online help page for Cluster Management>Cluster Control.
By default, the server sends the requested file to the client by calling the send-file function. The directive that sets the default should read:
Service method="(GET|HEAD)" type="*~magnus-internal/*" fn="send-file"
Removal of the web-apps.xml column of Restore Configuration page in the Server Manager causes the online help for that page to be inaccurate.
A new column for State has been added to the Edit Web Application page of the Virtual Server Manager. This displays whether the installed application is enabled or disabled depending on the enable value (enable=TRUE/FALSE) in the web application file for that application (URI). This screen change was made after Web Server 6.0 SP1, and is not reflected in the Administrator’s Guide or online help.
The AIX platform is listed as a supported platform in some documents; however, it is not supported at the time of the Web Server 6.0 SP1 release.
The default value for StrictHttpHeaders was changed from on to off in SP2b.
Numerous chapters refer to themselves as “in this appendix.”
The jvm.compiler found twice on page 52 under ‘Debugging Servlets and JSPs’ is not a recognized parameter in VM. jvm.compiler should read java.compiler.
The steps on page 234 ‘Configuring the SNMP Master Agent’ are a duplication of ‘Installing the SNMP Master Agent’ on page 230, and are inaccurate. The steps should read ‘Configuring the SNMP Subagent’:
If you have problems with Sun ONE Web Server, contact Sun customer support using one of the following mechanisms:
Sun Software Support services online at http://www.sun.com/service/sunone/software.
This site has links to the Knowledge Base, Online Support Center, and Product Tracker, as well as to maintenance programs and support contact numbers.
The telephone dispatch number associated with your maintenance contract
So that we can best assist you in resolving problems, please have the following information available when you contact support:
Description of the problem, including the situation where the problem occurs and its impact on your operation
Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem
Detailed steps on the methods you have used to reproduce the problem
Any error logs or core dumps
Useful Sun ONE information can be found at the following Internet locations:
Documentation for Web Server 6.0 and Service Packs
http://docs.sun.com/app/docs/coll/S1_ipwebsrvree60_en
Sun ONE Documentation
http://docs.sun.com/prod/sunone
Sun ONE Professional Services
http://www.sun.com/service/sunps/sunone
Sun ONE Software Products and Service
http://www.sun.com/software
Sun ONE Software Support Services
http://www.sun.com/service/sunone/software
Sun ONE Support and Knowledge Base
http://www.sun.com/service/support/software
Sun Support and Training Services
http://www.sun.com/training
Sun ONE Consulting and Professional Services
http://www.sun.com/service/sunps/sunone
Sun Developer Support Services
http://www.sun.com/developers/support
Sun ONE Software Training
http://www.sun.com/software/training
Sun Software Data Sheets
http://www.sun.com/software
Copyright © 2006 Sun Microsystems, Inc. All rights reserved.
Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
SUN PROPRIETARY/CONFIDENTIAL.
U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.
Use is subject to license terms.
This distribution may include materials developed by third parties.
Portions may be derived from Berkeley BSD systems, licensed from U. of CA.
Sun, Sun Microsystems, the Sun logo, Java and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries.
Copyright © 2006 Sun Microsystems, Inc. Tous droits réservés.
Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés à l'adresse http://www.sun.com/patents et un ou les brevets supplémentaires ou les applications de brevet en attente aux Etats - Unis et dans les autres pays.
Propriété de SUN/CONFIDENTIEL.
L'utilisation est soumise aux termes du contrat de licence.
Cette distribution peut comprendre des composants développés par des tierces parties.
Des parties de ce produit pourront être dérivées des systèmes Berkeley BSD licenciés par l'Université de Californie.
Sun, Sun Microsystems, le logo Sun, Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays.
Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays.