Sun Java System Application Server 7 Update 11 Release Notes

Server Administration

This section addresses the following areas:

Command Line Interface (CLI)

This section describes the known command-line interface issues and associated solutions.




CLI command overflows in single-mode if the command is more than 256 characters long.

On UNIX(R), when executing a CLI command in single-mode that contains more than 256 characters, the command fails with this error: ...Command Not Found...

This is a terminal restriction, not a CLI restriction. 


create-jdbc-connection-pool --instance server4 --datasourceuser admin --datasourcepassword adminadmin --datasourceclassname test --datasourceurl test --minpoolsize=8 --maxpoolsize=32 --maxwait=60000 --poolresize=2 --idletimeout=300 --connectionvalidate=false --validationmethod=auto-commit --failconnection=false --description test sample_connectionpoolid)


  1. For commands that require more than 256 characters, use CLI multi-mode.

  2. If you must use single-mode, run the command using OpenWin cmdtool.


After configuring an instance to use SSL, the administrator cannot access the Admin Server from either the CLI or browser clients.


Import the Sun Java System Application Server certificate into each client that is to use SSL to access the Admin Server, and indicate that servers with such a certificate are to be trusted. How to do this on a browser is browser-specific; consult your browser’s online help to see how to import a certificate to be trusted. 

For the CLI, if the server’s certificate is in some servercert.cer file, and the installation directory is /INSTALL, the command is:

keytool -import -file servercert.cer -alias server -keystore /INSTALL/jdk/jre/lib/security/cacerts

NOTE: To avoid this problem in the future, ensure that the Admin Server certificate is installed in both the server and the client(s) before configuring the Admin Server to use SSL.


Using the asterisk (*) character in single-mode CLI command results in unexpected behavior and/or error messages.

The asterisk character is being expanded by the underlying shell into a list of names, and it is this list of names that is being seen by the command-line interface (CLI) command. Putting quote marks around the asterisk prevents the shell from expanding the asterisk, and thus the CLI gets to see the asterisk itself. 


Use quote characters (either single or double quotes) around the asterisk. 


Repeated changes applied to any instance eventually results in an out of memory error.

The Admin Server keeps a record of all changes performed to the system, which requires memory. This change record (but not the changes themselves) is discarded during a reconfiguration, thus releasing the memory for use. 


Use the asadmin reconfig command periodically to discard old change records.


Cleanup does not happen when a call to create a duplicate domain fails.

When a domain that already exists is created, an appropriate error message is generated. However, a directory specified by the -path option in the create-domain command is created if it did not exist earlier. This should be removed since the command failed.


Remove any additional empty directory specified that might be created after the -path option is used.


Cannot monitor the default (pointbase) connection-pool JDBC resources.

The JDBC connection pools are created dynamically on demand, which means that a pool is created the first time it is used. If the pool has not been created (not used), monitoring is not possible. 


Create the desired connection pool to allow monitoring. 


Monitoring: Execution times of less than 1 millisecond cannot be measured.

When an entity bean method is monitored, the execution-time-millis attribute shows -1. For example, when running the command:

iasadmin>get -m server1.application.usecase1app.ejb-module.UseCase1Ejb_jar.entity-bean.BeanOne.bean-method.method_create0.*

The following attributes are returned: 

Attribute name = total-num-errors Value = 0Attribute name = method-name Value = public abstractcom.iplanet.ias.perf.jts.UseCase1.ejb.BeanOneRemotecom.iplanet.ias.perf.jts.UseCase1.ejb.BeanOneHome.create() throwsjavax.ejb.CreateException,java.rmi.RemoteExceptionAttribute name = total-num-calls Value = 0Attribute name = total-num-success Value = 0Attribute name = execution-time-millis Value = -1

Before monitoring is started, the default value for execution-time-millis is set to -1 to indicate that the value for that attribute is invalid at that moment. A default value of 0 would give a false impression that the execution time has been measured, and that it has turned out to be a very small value.




Verifier error reported in Administration interface when viewing Persistence Manager Factory resource created from command-line interface.

When a Persistence Manager Factory resource is viewed in the Administration interface, the following error is reported for the resource when it is created from the command-line interface: 

ArgChecker Failure: Validation failed for jndiName: object must be non-null




On Solaris, the flexanlg command causes open failure when used on Sun Java System Application Server that is integrated into Solaris.

If you are running a version that is integrated into the Solaris operating environment, and you use the flexanlg command from /usr/appserver/bin, an open failure error is displayed. /usr/appserver/bin/flexanlg: fatal: open failed: No such file or directoryKilled


Complete these steps. 

  1. Add the following entry to LD_LIBRARY_PATH file:


  2. Then run the flexanlg command.

    % /usr/appserver/bin/flexanlg


Some CLI commands do not work on the target Admin Server.

The create, delete, or list commands do not work in the CLI on the target Admin Server for creating/deleting/listing new elements (such as SSL, mime, profiler, resources, and so on) in the server.xml file of the Admin Server.


Use the Akministration Console to create, delete, and list elements in the Admin Server. 

Administration Infrastructure

This section describes the known administration infrastructure issues and associated solutions.




*~ wildcard pattern does not work as documented.

The wildcard pattern with tilde in the ppath does not work as documented.


Add one of the following to the obj.conf file.

  • <Object ppath="/test[^h].html"> PathCheck fn="htaccess-find" filename=".htaccess"</Object>

  • <Object ppath="*~*(.testh.html|.testh.html/)">PathCheck fn="htaccess-find" filename=".htaccess" </Object>

  • <Object ppath="*~*.testh.html*"> PathCheck fn="htaccess-find" filename=".htaccess" </Object>


If htaccess is used, JSP files in the docroot cannot be protected. 

HTML files are treated with the complete URL, whereas JSP files have a relative url. The current webcore implementation has no scope for protecting JSP files. 


None as yet. 


On Microsoft Windows 2000, cannot create JVM when JVM heap size is set to a large value.

If you try to set a larger JVM heap size on Windows 2000, you might get the following error message: 

Error occurred during initialization of VM, Could not reserve enough space for object heap Internal error: unable to create JVM


To configure the Sun Java System Application Server with a larger JAVA heap size on Windows 2000, it is necessary to rebase the Sun Java System Application Server DLLs. 

The Rebase utility, which comes both with Microsoft Framework SDK and Microsoft Visual Studio, allows you to set optimal base addresses for a number of DLLs starting from some address and thereby increasing JVM heap availability. The SDK Help Rebase topic recommends using address 0x60000000. For more details on rebase utility:


  • Window 2000 system with 2-4 GB memory

  • Visual Studio/Microsoft Framework SDK Rebase utility

To apply rebase to Application Server dynamic libraries do the following: 

  1. cd into install_dir\bin

  2. rebase -b 0x6000000 *.dll

  3. cd ..\lib

  4. rebase -b 0x6600000 *.dll


HTTP Quality of Service limits are not enforced.

Quality of Service (QOS) includes a means of specifying the maximum number of HTTP connections and the bandwidth limit. When these attributes are exceeded, a 503 error should be returned to the client. However, after enabling QOS through the Administration interface, the server does not enforce the QOS limits. 


To fully enable QOS features, you must manually add an AuthTrans fn=qos-handler line to the top of the default object in the obj.conf file of the virtual server. The qos-handler Server Application Function (SAF) and obj.conf configuration file are described in the Developer’s Guide to NSAPI.


Restarting an instance in debug mode seems to fail if the instance is originally running in non-debug mode.

If an instance is started without checking/selecting the ’Start/Restart in debug mode’ check box, subsequent settings of this check box do not work. In the Administration interface, the Debug Enabled check box appears unchecked, even though it has been checked. The server.xml file also shows debug-enabled=false.




On Microsoft Windows 2000, deployment fails for EAR files if total length of the path to a generated file during deployment exceeds 260 characters.

On the Windows 2000 platform, the Java Virtual Machine (JVM) is limited to 260 characters for path names to generated files. This is a problem with Microsoft Windows support in the JVM, and is likely to be fixed in the J2SE 1.5 release. 


When deploying an application, use a path and file name that are less than 260 characters combined. 


On Solaris, server fails to restart when converting to an SSL-enabled environment.

If you attempt to restart the Sun Java System Application Server after installing a certificate and enabling security, the restart fails. A message is displayed indicating that the server failed to receive a password. A second click of the Start button starts the server. When SSL is not enabled, passwords are not cached which results in the failure of restart. The restart command does not support the transition from non-SSL to SSL enabled mode. 

NOTE: This problem only occurs the first time the server is restarted. Subsequent restarts work fine. 


If you have encountered this problem: 

Click Start. 

To avoid this problem, perform the following steps instead of clicking the Restart button. 

Click Stop. Click Start. 


Cannot start Admin Server if the domain is created in another system.

  • If the domain is created on a PCNFS mounted drive, the Admin Server and any instances within such domains cannot be started due to a known Microsoft issue involving PCNFS drives.

  • If the domain is created in the same local drive as the product installation but in a different directory path, the instances and the Admin Server work as expected, and are fully operational.




On Microsoft Windows 2000, the console is sometimes disabled.

Sometimes (rarely) the Admin Server or Application Server instance hangs during deployment or when commands are run. This can happen when some of the text from the console log is selected. If you deselect the text on the console log, the process continues. 


Disable automatic creation of the console for server1 instance by setting log-service create-console attribute to false. Clicking the mouse or pressing Enter on the console log might also solve this problem.


After a secure HTTP listener has been removed from a server, the administrator is still prompted for the (no longer needed) password.


Remove the entire server and then add it again. 

NOTE: To avoid the problem in the future—Before removing the httplistener, disable security using the following command: 

/export2/build/bin/> asadmin set --user admin --password adminadminserver1.http-listener.http-listener-1.securityEnabled=falseAttribute securityEnabled set to false./export2/build/bin/> asadmin delete-http-listener --user admin --password adminadmin ls2Deleted Http listener with id = ls2


On Microsoft Windows 2000, corrupt messages display on the console.

On Windows 2000, for a non-English locale (such as Japanese) you might see corrupted messages displayed on the console. 


Use the Admin interface to view the log messages. 


A partially-deleted instance causes incorrect responses from some CLI commands.

If a server instance is partially deleted, the following problems are known to occur with some CLI commands (solutions are provided with each problem description): 

  1. The create-instance command in local mode reports that the instance exists even if there are no sub-directories under the instance folder.


    Manually remove the leftover instance directory, then run the create-instance command.

  2. The list-instances command in local mode includes the partially-deleted instance name and status.


    Manually remove the leftover instance directory, then run the list-instances command.

  3. On Microsoft Windows 2000, the start-instance command in remote mode displays a null string.


    Manually remove the leftover instance directory, create a new instance, then run the start-instance command.

  4. On Microsoft Windows 2000, the stop-instance command in both local and remote modes reports incorrect exceptions. In local mode, the command displays an incorrect message stating that the instance is not running. In remote mode, the command displays a null string.

    On Solaris, the stop-instance command in local mode incorrectly reports that the user does not have permission to access the instance’s config directory although the config directory does not exist.


    Manually remove the leftover instance directory.


Deletion of a virtual server fails if the default web module referred to by the virtual server does not exist or has been undeployed.


Set the Default Web Module field of the virtual server to None Selected, click OK to save the changes, then delete the virtual server. 


SNMP: END OF MIB is returned when adding and starting a new instance server.

If you add and start a new instance without shutting down the instance server and subagent, an END OF MIB message is returned.


  1. To view a new instance, make sure the subagent and all the instance server processes are shut down. Under each server ->Monitoring -> "Enable SNMP Statistics Collection: on", apply the change, then restart each instance server, and start only one subagent process again.

  2. If the subagent is already running, don’t start any extra subagent processes in any instance. There can only be one master agent and one subagent for a Sun Java System Application Server installation (common for all domains/instances).


License expired message does not appear at Microsoft Windows Services or at the DOS prompt.

When starting servers from Windows Services or from the DOS prompt command (startserv.bat) after license expiration, appropriate license expiration messages are not shown


Start servers from CLI (asadmin) or from Sun program icon 


Existence of multiple obj.conf files causes confusion.

Upon creation of a new Sun Java System Application Server instance, the instance-dir/config/ directory will contain two obj.conf files, one named obj.conf and the other named virtual-server-name-obj.conf, where virtual-server-name is the same value as the instance name for the virtual server that is created automatically during instance creation. The documentation refers to “modification of the obj.conf file” when it should refer to “modification of the obj.conf file associated with the virtual server of interest.”

When the Sun Java System Application Server is installed, the obj.conf and server1-obj.conf files exist under the /domains/domain1/server1/config/ directory. The content in the file named obj.conf is overridden by the content of the server1-obj.conf file specified at the virtual server level. In effect, the file named obj.conf is not used by the Sun Java System Application Server instance.

For example, if you modified the file named obj.conf while configuring the Sun Java System Application Server web server plug-in, your pass through settings will not take effect because the wrong obj.conf file has been modified.


If and when you need to modify the obj.conf file for an instance, modify the file prefixed with the virtual server name of interest.


Errors when using SSL and web server (reverse proxy) plug-in.

502 errors occur when using SSL and the web server plug-in 


Set the keepAliveTimout value to the same value in both the Sun Java System Web Server magnus.conf file and the Sun Java System Application Server’s init.conf file. If these values are different the connection may be closed when the Application Server connects to the Web Server or the Web Server connects to the Application Server. If the connection is already closed, you see a 502 error.


When running the web server (reverse proxy) plug-in with Sun Java System Web Server 6.1 on Intel-based hardware (such as Solaris x86, Linux, or Microsoft Windows) the Sun Java System Web Server may experience crashes and restarts under heavy loads.


To correct this problem, make the following configuration change to the magnus.conf file and restart the web server instance:

KernelThreads 1

RqThrottle 1

These changes cause Sun Java System Web Server 6.1 to use native OS threads on the Intel platform hardware, rather then creating NSCP threads, which do not scale well on Intel based hardware. 

These settings are not needed for other hardware platforms, such as Sun Solaris SPARC. 


On UNIX platforms, users in the same group as the “sysuser” of the Sun Java System Application Server’s domain and instances do not have write access to deployed applications.


To avoid this problem: 

  1. Create the domain with the -sysuser option.

  2. As the system user, change the user mask to 2 by running umask 2 at the command prompt. This change turns on the group write permissions for all files created by the Sun Java System Application Server.

  3. Restart the Admin Server.

  4. Grant group write permissions to the server instance’s applications directory by executing chmod -R 775 applications in the instance directory.

    Files of deployed applications will now have group write permissions. For additional background and more information, see Info Doc 77800.

Administration Interface

When using Administration interface, make sure that the browser is configured to check for newer versions of pages from the server, instead of picking these from cache. Generally, default browser settings would not cause problems.

This section describes the known Sun Java System Application Server 7 administration graphical user interface issues, and the associated solutions.




On Microsoft Windows 2000, cannot edit or remove entries within a newly created mime file that omits the .types extension.

On Windows 2000, the MIME file must have the .types extension following the file name in order for modifications to entries in the file. For example, mime2.types and not mime2


Use the .types extension for any mime file name.


External certificate nickname doesn’t display on the Administration Console Nickname list.

When you install an external certificate through the Sun Java System Application Server Administration interface, a problem is encountered when you attempt to enable SSL for the http-listener by using the certificate that is installed on the external cryptographic module. Although the installation of the certificate is successful, the certificate nickname does not display in the Administration interface. 


  1. Log in to the system where the Sun Java System Application Server software is installed as an Administrative User.

  2. Link the http-listener to the certificate installed on the external cryptographic module. Execute the asadmin command. For more information on the asadmin command, see the asadmin(1M) man page.

    /sun/appserver7/bin/asadmin create-ssl --user admin --password password --host host_name --port 8888 --type http-listener --certname nobody@apprealm:Server-Cert --instance server1 --ssl3enabled=true --ssl3tlsciphers +rsa_rc4_128_md5 http-listener-1

    This command establishes the link between the certificate and the server instance; it does not install the certificate (which was done using the Administration Console). Even though the certificate is linked with http-listener, the http-listener will be listening in non-SSL mode.

  3. Enable the http-listener to listen in SSL mode by using the following CLI command.

    /sun/appserver7/bin/asadmin set --user admin --password password --host host_name --port 8888 server1.http-listener.http-listener-1.securityEnabled=true

    This command switches the server instance listening state from non-SSL to SSL.

    After completing the preceding steps, the certificate is displayed in the Admin Console.

  4. You can now use theAdmin Console to edit the http-listener as needed.


When creating a new virtual server and a value is given for the location of the log file, a File Not Found" error is reported.

In the Administration interface, the log file field cannot be used to add any values. 


Delete the virtual server just created, create the needed file, then recreate the virtual server. 

NOTE: To avoid the problem in the future—Always create the log file first, before attempting to create the new virtual server. 


On Solaris 9 update 2, default browser is incompatible with Sun Java System Application Server 7.

When you attempt to use the Sun Java System Application Server Administrative interface with the Solaris 9 4/03 operating environment default browser, the following error message is displayed: 

Unsupported Browser: Netscape 4.78.

It is recommended that you upgrade your browser to Netscape 4.79 or Netscape 6.2 to run the Sun Java System Application Server UI. Those who choose not to continue and not upgrade might notice degraded performance and/or unexpected behavior.

NOTE: If you are running the version of the Sun Java System Application Server Administration interface that is included in the Solaris 9 4/03 operating environment, you will need to use Netscape 4.79 or Netscape 7.0. 


  • For Sun Java System Application Server 7 standalone, upgrade to Netscape 4.79 or Netscape 6.2— Use /usr/dt/bin/netscape6 instead of /usr/dt/bin/netscape.

  • For Sun Java System Application Server 7 bundled with Solaris, upgrade to Netscape 4.79 or Netscape 7—Use /usr/dt/appconfig/SUNWns/netscape instead of /usr/dt/bin/netscape.


Access Control List (ACL) editing is not supported on some versions of Netscape Navigator.

If you attempt to edit ACL entries while using either Netscape Navigator, versions 6.x or 7.x, you might encounter intermittent problems, such as the browser disappearing or the ACL edit screen never displays. 


Choose one of the following workarounds. 

  • Use the supported 4.79 version of Netscape Navigator.

  • Manually edit the ACL file. For details on ACL file formatting, see the Sun Java System Application Server Administration Guide.


Netscape 4.8 produces warning message on Administration interface.

When using Netscape 4.8 to access the Administration interface, a warning appears indicating Netscape 4.8 is an unsupported browser. Although no issues have been identified when using Netscape 4.8 to run the Administration interface, more thorough testing needs to be completed on this version of the Netscape browser. 


Select the Continue hyperlink from the warning message to continue using the Administration interface. 

Use Netscape 4.79, or upgrade to Netscape 6.2. 


An invalid Help button appears in the Install Certificate screen.

In the Install Certificate screen, which displays all the certificate information entered, an invalid Help button is present in the Admin Console. If you click this button, an error message is displayed indicating the help page was not found. Context-sensitive help is only available by clicking the Help link on the top frame of any page. 


Click the Help link in the top pane for context-sensitive help. 


SSL: A self-signed certificate generated by certutil is not displayed on the Certificate Nickname list.

A self-signed certificate is generated by the certutil and Certificate Nickname is not displayed on the Admin Console.


To use a self-signed certificate, you must manually edit the server.xml file.


Error occurs accessing the Admin Console if the browser uses a proxy server.

If your browser is set to use a proxy server and the proxy server is not configured to ignore localhost, an error occurs when you choose Start Admin Console from the Start menu. 


Disable the proxy server. 


Include localhost in the list of domains to be ignored by their proxy server. 


On Red Hat Enterprise Linux you get the message: Failed to add MIME type.

When you attempt to add a MIME type to a MIME types file through the Administration interface, an error appears to prevent accessing the Global MIME Types page. 


This problem happens because the default locale is set to en_US.UTF-8 instead of en_US. The workaround is to set export LANG=en_US, then restart the Admin Server.


On Solaris x86, HTTP listener and IIOP listener pages in the Administration interface give errors.


The problem is caused by certain versions of jss3.jar. Two workarounds exist:

  1. For patch levels 115924-03, 115925-03, 115926-03, 115927-03, upgrade the SUNWjss package with a later version.

  2. Remove the path to jss3.jar from the server’s classpath. To remove it, open server.xml for editing. Remove usr/share/lib/mps/secv1/jss3.jar from the classpath. This is the first entry in the classpath unless you have explicitly modified it. Save server.xml and run asadmin reconfig. Before starting your server instance, you also need to rename jss3.jar.