2 Known Issues

This chapter describes known issues and limitations in Oracle iPlanet Web Server 7.0 release.

The issues are grouped under the following sections:

Web Server Administration Issues

Table 2-1 lists the known issues in the administration of Web Server.

Table 2-1 Known Issues in Administration

Problem ID	Description
6944873	On AIX with IBM JDK 6, user authentication fails if the UID contains double quotation marks and Web Server is configured to use the LDAP realm. This issue arises due to a bug in the IBM JDK.
6364924	A node can be registered to multiple administration servers, which may cause a configuration conflict. It is possible to register a node to a second administration server without canceling the registration with the first administration server. However, this leads to the nodes being inaccessible to both the administration servers. Workaround: On each registration, restart the administration node. The administration node will be available to the most recent administration server, to which it is registered.
6379125	wadm command allows connecting to a node, shows a certificate and then throws an 'HTTP 400' error. When an administration node receives a connection, it does not check that the connection is from the administration server before proceeding. It not only prints an inappropriate error message, but also prompts the user to enter the password.
6327352	Session replication enabled instances does not come up normally if other instances in the cluster are not started.
6393534	After migrating the Java keystore keycerts using the migrate-jks-keycert command, trying to list the migrated jks keycerts using the list-certs command, displays the CN, org and other information instead of the certificate nickname.
6407486	While setting the SSL property using the wadm set-ssl-prop command, the server-cert-nickname property accepts any certificate nickname, instead of accepting only the server certificate nickname.
6443742	The set-session-replication-prop CLI command does not work if the 'node' option is provided with a qualified domain name. Workaround: Use the output of the `list-nodes` command for the valid names of the nodes in the `set-session-replication-prop` command.
6468570	Specifying "yes" at the wadm prompt terminates the CLI.
6469676	When you try to connect to the administration server after the administration certificates have expired, an incorrect error message is displayed.
6480600	The register-node command gives an incorrect error message when the administration server runs out of disk space.
6495446	If no disk space is available on the device, wadm throws an incorrect error message "Unable to communicate with the administration server".
6502800	Executing the migrate-server command with both "--all" and "--instance" options does not result in an error. A warning or an error message should be displayed indicating that the user is attempting to set mutually exclusive options.
6416328	The Start Instances button in the Admin Console is enabled for an instance that is already running. The buttons should be enabled or disabled based on the status of the instance.
6418312	wadm allows you to define duplicate user properties. Adding duplicate user properties does not show an error message; however, a new user property is not created.
6421740	There is no provision to create an access control list (ACL) file using the Admin Console or the CLI.
6423432	On Windows, using an existing configuration, repeating the process of adding and removing the registered nodes causes validation failure.
6430417	MIME types allows MIME value with multibyte characters.
6442081	Text in the Access Control List page is not formatted.
6442172	User can be switched between `available' and `selected' lists in ACE even though the user is deleted from the authentication database.
6446162	No warning is issued before the deletion of key or the digest file authentication database.
6448421	The administration interface allows you to create a user with multibyte user ID in the key-file authentication database.
6455827	User and Group table in the Admin Console displays the entire result in a single page.
6461101	Labeling of the Request Certificate and Install buttons on the Create Self-Signed Certificate page of the Admin Console needs to be revised.
6462057	Add and Remove buttons are enabled in new ACE window even if no items are present in the `Available' list.
6464891	Admin Console truncates the display of server logs at 50 lines or 2 pages.
6465382	No validation exist to check the entry of wrong country code in the certificate request wizard.
6465421	In the Admin Console, no text field description is provided for virtual-server, authdb, dav collection, and event fields .
6466336	Admin Console shows wrong JDK version while creating a new configuration. The JDK version displayed in the Admin Console is 5.0 u6 instead of 5.0 u7.
6471171	Style formatting is lost after restarting the administration server from Nodes -> Administration Server General tab.
6471367	Attempting to access the Admin Console in another tab of the same browser does not work.
6471792	View Log displays result in a single page. Although the search criteria selected for record size is 25 log entries, the log displays the results in one single page even if there are more than 50 log entries.
6472932	Token mismatch error is displayed when you remove the token password and then reset it in the Common tasks -> Select configuration -> Edit configuration -> Certificates -> PKCS11 Tokens page.
6486037	The Virtual Server Management->Content Handling->Document Directories->Add should have a browse option to choose the path of a additional document directory.
6492906	Message displayed about WebDAV collection locks in the Admin Console is misleading. If you specify the time-out value for the WebDAV collection as `infinite`, the Common Tasks->Select Configuration ->Select Virtual Server->Edit Virtual Sever ->WebDAV->Select collection page displays the message `DOES NOT EXPIRE`. What it actually means is that the lock does not expire automatically after a specified time or the time-out is infinite.
6498484	Incorrect error message is displayed on setting empty token password using the `Set passwords' button.
6500157	Instance fails to restart if you try to edit a token password and deploy a configuration on an instance which is already running.
6502287	The Admin Console displays an exception when you delete a configuration and click the Migrate button.
6502374	The Admin Console Review screen in wizards should only show fields that have values.
6502793	During migration, the log-dir path permission is not validated.
6266358	Cannot log in through the Admin CLI if the administration password has extended ASCII characters.
6361329	The error-response file name should be validated.
6367282	The administration server starts with expired certificate; wadm should warn about expired certificates.
6375505	The unregister-node command should also clean up certificates on the administration node.
6408169	WebDAV lock CLIs do not work in a cluster environment.
6408186	Multiple installations of the administration nodes on the same node that is registered to the same administration server should be not be allowed.
6416369	Accessing the administration node URL results in Page Not Found error. As the administration node does not have a GUI, accessing the administration node URL results in `Page Not Found` error.
6422936	No validation for class path prefix and suffix, and native library path in JVM Path Settings in Java.
6423310	The server.xml elements should be grouped based on functionality.
6441773	On Windows, the administration server moves the Web application files physically before stopping the Web application.
6462515	The Admin Console misleads user with "Instance modified" message when runtime files get created in the config directory.
6462579	Trust store does not deleted on uninstalling the administration node after unregistering it with the administration server.
6468330	Changes made to the JavaHome property does not get saved after restarting the instance.
6491749	Need better validation in certain text fields to prevent obj.conf file corruption. Most of the functional validation of the data in a form is done in the back end. The GUI has only minimal checks such as empty fields, integer values, and ASCII values. Hence, the GUI stores the data in the `obj.conf` when parsed gets corrupted .
6497213	Executing the restart-admin command followed by the stop-admin command throws exception in administration error logs.
6587832	On Windows, the Admin Console intermittently fails to come up. Workaround: This problem is seen on Windows 2003 if you have "Internet Explorer Enhanced Security Configuration" enabled. To access the Admin Console without disabling Enhanced Security feature, include the site in the list of trusted sites explicitly on the browser. To disable Internet Explorer enhanced security configuration, go to Control Panel > Add/Remove Programs > Add/Remove Windows Components. Deselect the check box next to Internet Explorer Enhanced Security Configuration. Restart the browser.
6746045	Once config changes are made it is found that file ownership changes in docs directory When a user creates a directory, adds some files and deploys them under the docs directory, the ownership of all files under this directory, changes to the owner who installed Web Server. Workaround: The user directories should not be created under docs directory.
6750708	Web Server 7.0 Admin CLI does not accept multibye characters as input. Admin CLI does not accept input strings which has multibyte or non-ASCII characters. For example, if you are entering an input value containing a non-ASCII character (Felhasználók) along with the command, the input value will be garbled as follows: wadm> set-authdb-prop --config=test --authdb=sajit url=ldap://test.example.com:389/ou=Felhaszn??l??k,dc=india,dc=example,dc=com Workaround: While modifying the `server.xml` file manually, to enter base DN value, you must enter the URL encoded sequence as input instead of multibyte characters. For example, enter: "Felhaszn%C3%A1l%C3%B3k" instead of "Felhasználók"
6722375	The administration server throws an error as the postpatch script for patches 125437-14 and 125438-14 are not Alternate Root compliant. Workaround: Boot the alternate boot operating system after adding the patch to the alternate boot environment. Start the administration server. The administration server fails to start and throws the following error message: java.lang.NoClassDefFoundError: com/sun/scn/client/comm/SvcTagException Edit the Web Server `postpatch` script to define the `ROOTDIR` value as `/` or `/space`, where JES base path is given. bash-3.00# cat postpatch #!/bin/ksh # Copyright (c) 2007 by Sun Microsystems, Inc. # All rights reserved # PATH="/bin:/usr/bin:/sbin:/usr/sbin:$PATH" export PATH ROOTDIR=/ BASEDIR="`pkgparam -R $ROOTDIR SUNWwbsvr7 BASEDIR 2>/dev/null`" if [ -n "$BASEDIR" ] then INSTALL_DIR="$ROOTDIR$BASEDIR/SUNWwbsvr7"; PERLDIR="$INSTALL_DIR/lib/perl" if [ -f "$INSTALL_DIR/lib/wsenv" ] then . "$INSTALL_DIR/lib/wsenv"; WS_IS_JES=1; export WS_IS_JES .... bash-3.00# Run the script to complete the upgrade. bash-3.00# ksh /tmp/postpatch "//opt/SUNWwbsvr7/lib/perl/perl" -I "//opt/SUNWwbsvr7/lib/perl" -I "//opt/SUNWwbsvr7/lib/perl/lib" -I "//opt/SUNWwbsvr7/lib/perl/lib/site_perl" "//opt/SUNWwbsvr7/lib/upgradeServer.pl" bash-3.00# The administration server starts without any error.
6784450	Unable to login to the administration server using Mozilla Firefox 3.0 Workaround: On the Solaris 10 platform, Mozilla Firefox 3.0.4 browser, go to Edit-> Preferences-> Advanced-> Encryption-> Server tab. Click Add Exceptions... Enter the address of the web site you want to access in the text area and click Allow
6820164	OpenSolaris 2008.11 Bug 4788 causes a serious impact on Web Server. Web Server's certificates are affected during deployment of Web Server on OpenSolaris 2008.11, with the following warning: root# /opt/webserver7/admin-server/bin/startserv Oracle iPlanet Web Server 7.0U4 B12/02/2008 02:49 warning: CORE1235: SSL server certificate Admin-Server-Cert is not yet valid. ... An OpenSolaris Bug 4788, with time, causes this problem. For more information, see `http://defect.opensolaris.org/bz/show_bug.cgi?id=4788`. Workaround: Reboot your server after deploying OpenSolaris 2008.11 and correct the server time.
6842383	FastCGI `suid` environment for Red Hat Enterprise Linux To get the FastCGI `suid` environment to work on Red Hat Enterprise Linux, perform the following steps: `cd` `<webserver_install>/plugins` `chown webservd fastcgi` `cd fastcgi` `chmod 4755 Fastcgistub` Add the following lines in `/etc/ld.so.conf` <webserver_install>/lib <webserver_install>/jdk/jre/lib/i365/server Run `ldconfig` Restart Web Server Note: The file system where Web Server is installed and the `/tmp` directory should have permission to run the `suid` program, The file system should not be mounted with the `nosuid` option.
6893239	JDK 1.6.0 and JDK 1.5.0 logger are not working properly.
12303923	Do not navigate to the other pages while generating a CSR In the Web Server 7 Administration GUI, when you generate a CSR using the CSR wizard window, do not navigate to the main window or other pages to perform different operations. For example, Nodes-CA list, CRL, and Certificate details. If you browse other pages during the CSR generation process, the configuration switches from web instance to admin-server unexpectedly in the CSR wizard window. This development may cause no private key problems when you install the SSL certificate into the web instance. Make sure to complete all the transactions in the CRS wizard window before navigating to the administration GUI main window for other operations.
12721207	After creating service through Administration GUI, the instance does not start up with system reboot due to Bug#12657657 To enable the instance to start up successfully, follow these steps: After creating the service, import the manifest file. `svccfg import /var/svc/manfest/network/http.xml` `svcadm enable` <`your instance`> or click the start button of the instance in the Administration GUI. Reboot the system `/usr/sbin/shutdown -g0 -y -i6` Verify the instance status. Steps 2 and 3 are required to complete the SMF configuration. While working on the CLI, follow these steps: `#wadm` create-service #`svcadm enable svc:/network/http:https-<instance>` #`svccfg validate /var/svc/manifest/network/http.xml` #`svccfg import /var/svc/manifest/network/http.xml` #`/usr/sbin/shutdown -g0 -y -i6` Verify the instance status. Step 3 is required to validate the manifest file.

Web Server Core Issues

The following table lists the known issues in the core of Web Server.

Table 2-2 Known Issues in Core

Problem ID	Description
6944895	jsessionid is missing when ntrans-j2ee NameTrans precedes reverse-proxy-/ NameTrans If the `obj.conf` contains `NameTrans` directives such that `ntrans-j2ee` precedes `reverse-proxy-/`, the `jsessionid` is lost. Workaround Reorder the `NameTrans` directives such that `reverse-proxy-/` precedes `ntrans-j2ee`; for example: NameTrans fn="map" from="/" name="reverse-proxy-/" to="http:/" NameTrans fn="ntrans-j2ee" name="j2ee"
6948770	On 64-bit Linux, cannot distinguish between 32-bit and 64-bit Web Server The `wadm -version` command does not indicate whether Web Server is 32-bit or 64-bit. Workaround Enter the following command in a terminal window: file install-dir/lib/webservd
6955106	On Linux, exception at startup due to a non-existent jhall.jar link During startup, Java throws a `FileNotFoundException` exception that specifies `jhall.jar` as the missing file. This situation arises after `sun-javahelp-2.0-fcs` has been uninstalled, because the uninstallation leaves a link to `jhall.jar` in `/usr/java/packages`. Workaround Remove the link to `jhall.jar`; for example: rm -f /usr/java/packages/jhall.jar
6785490	Any URI that does not end with the "real" file name fails to execute properly, resulting in a "No input file specified" error. For PHP users: Web Server 7.0 Update 4 populates the environment variables `REQUEST_URI` and `SCRIPT_FILENAME` for FastCGI and CGI applications. The introduction of the `SCRIPT_FILENAME` variable causes PHP to display a `No input file specified` PHP error for scripts that are mapped to virtual URIs, that is, URLs ending with `/` instead of `/index.html` or URLs making use of Web Server 7.0's URI rewriting feature. The affected PHP versions are 5.2.5 through 5.2.9. For more information, see `http://bugs.php.net/bug.php?id=47042`. Workaround: If a PHP application is mapped to a virtual URI, then `cgi.fix_pathinfo` should be set to `0` in the `php.ini` file. This setting is required for many popular PHP applications like Drupal, Wordpress, and Joomla. However, this setting will cause PHP applications that rely on `path-info` like `/foobar.php/baz/` to return a `No input file specified` PHP error. If a PHP application relies on `path-info`, then `cgi.fix_pathinfo` should not be disabled.
6296993	When there is an error executing an obj.conf directive, the filename and line number where the offending directive was found are not logged.
6365160	When server.xml schema validation fails due to a data type constraint violation, it displays an error message that does not describe the set of valid values for the element.
6378940	All HTTP header parsing error are not logged with the client IP and a description of the error.
6470552	set-variable SAF could not set predefined variable.
6489220	Server treats non-interpolated strings that contain $$ character constants as interpolated. When a parameter value contains a `$$ escape`, the server constructs a `PblockModel` for the parameter block. This is unnecessary because `$$` is a constant.
6977268	HTTP Header field names are case-insensitive and all HTTP header field names will change to lowercase
6996370	WebServer 7.0 startup error when obj.conf has valid <If> fn="rewrite" <Else> inside Sample <If> rule in obj.conf: <If $path eq "/known.html"> </If> <Else> NameTrans fn="rewrite" path="/unknown.html" </Else> The `<If>` rules added to `obj.conf` interfere with the behavior of the server. The startup error occurs when the servlet/JSP container attempts to parse a web application's `web.xml` file. When seeking a file-system resource, `obj.conf` directives are processed (to pick up alternate document directories and so on). The rules added to `obj.conf` change every request to either `known.html` or `unknown.html`, so instead of `web.xml`, the servlet container tries to parse `unknown.html` as a `web.xml` file, resulting in the error. In addition, even if no `web.xml` exists, the `<If>` rules added to `obj.conf` change the request to `unknown.html`. Resolution: Prefix the `<If>` rules in `obj.conf` with `<If not internal and not restarted>`. Example: <If not internal and not restarted> <If $path eq "/known.html"> </If> <Else> NameTrans fn="rewrite" path="/unknown.html" </Else> </If>
12354092	Remove HttpOnly from the Set-Cookie header value. Workaround: Add a conditional statement in `obj.conf` file: <If defined $srvhdrs{'set-cookie'} and $srvhdrs{'set-cookie'} =~ "(.*); HttpOnly"> Output fn="set-variable" $srvhdrs{'set-cookie'}="$1" </If>

Web Server FastCGI Issues

The following table lists the known issues in the FastCGI.

Table 2-3 Known Issues in FastCGI

Problem ID Description

Problem ID	Description
6485248	The fastcgi stub does not properly close all the processes when reuse-connection is set to true. Configure Web Server 7.0 to work with PHP as a FastCGI plug-in and set `reuse-connection=true`. When you shutting down the server or reconfiguring the server, the `fastcgi()` process and its child processes are left behind and not killed properly.

6485248

The fastcgi stub does not properly close all the processes when reuse-connection is set to true.

Configure Web Server 7.0 to work with PHP as a FastCGI plug-in and set reuse-connection=true. When you shutting down the server or reconfiguring the server, the fastcgi() process and its child processes are left behind and not killed properly.

Web Server Installation Issues

The following table lists the known issues in the installation of Web Server.

Table 2-4 Known Issues in Installation

Problem ID	Description
6948019	On UNIX, if any directory in the installation path lacks the appropriate execute privilege, server startup fails If any of the directories in the installation path does not provide execute privilege to the `webservd` user, the Web Server instance fails to start. Workaround Use the `chmod o+x directory` as needed to change execute permissions to the directories in the installation path.
6414539	Uninstalling the administration node does not delete itself from the administration server node. After installing the administration node and registering it with the administration server in the Node tab, the administration node is listed in the Node tab. When the administration node is uninstalled, the administration node entry remains in the Node tab.
6287206	Cannot install if the setup is started from a shared folder on the network. On the Windows platform, unable to install the product when the installer `setup.exe` is started from a shared network folder on another machine.
6311607	On Windows, installer crashes in CLI mode, if the administration password is >= 8 characters. If the administration user password is greater than eight characters, then any invalid input to the administration port, Web Server port, or the administration user ID crashes the installer. Workaround: When installing Web Server 7.0 on the Windows platform using the command-line interface (CLI), the administration password must be set to less than (<) eight characters.
6408072	On Windows, need icons for objects in Programs folder. The objects in the Web Server 7.0 folder on Windows are created with default Windows program icons and do not have specific icons that denote Sun programs.
6492144	The CLI installer does not handle ctrl+c while entering the password. The installer does not accept `ctrl+c` and hence the terminal becomes unusable.
6710925	RH5.1 user cannot install Web Server 7.0 Update 3 using GUI mode Workaround To overcome this failure: Use the CLI based installer. Create a symbolic link to the `xdpyinfo` command. For example, [root@server bin]# ln -s /usr/bin/xdpyinfo /usr/X11R6/bin/xdpyinfo
6717123	Registration Options panel UI sometimes is not displayed properly The 'Registration Options' GUI in the installer is not displayed properly sometimes. Workaround: Resize the installer window.
12306018	`.exe` files cannot be downloaded properly in Web Server 7 default configuration. Workaround: Go to the instance configuration and edit the `mime.types` file. Before editing the `mime.types` file, it is displayed as: type=application/octet-stream exts=bin type=magnus-internal/cgi exts=cgi,exe,bat After editing the `mime.types` file, it is displayed as: type=application/octet-stream exts=bin,exe type=magnus-internal/cgi exts=cgi,bat Use `wadm` `pull-config` or Administration GUI to synchronize the manual change to the Administration Server. Restart the Web Server and download with the `.exe` file type.
19826946	Windows patch requires VC9 runtime libraries. The Oracle iPlanet Web server 7.0.20 Windows patch requires the VC9 runtime libraries.

Web Server Migration and Upgrade Issues

The following table lists the known issues in the migration and upgrade areas of Web Server.

Table 2-5 Known Issues in Migration and Upgrade

Problem ID	Description
6932016	Verisign EV certificate chain issue with new built-in CA root. If you are using 2048-bit SSL web server certificates, some older browsers might give a `Certificate Authority Not Trusted` warning after you upgrade from an earlier version of Web Server 7.0 to Web Server 7.0 Update 6 or later. Workaround Stop Web Server. Change to the `config` directory of the Web Server instance. cd instance-dir/config List the Root Certs module. modutil -list -nocertdb -dbdir . Delete the Root Certs module. modutil -dbdir . -delete 'Root Certs' Confirm that the Root Certs module is deleted. modutil -list -nocertdb -dbdir . Start Web Server. Note: This workaround is also applicable to any new configuration that is designed to use 2048-bit SSL web server certificates.
6914893	Not all properties from 6.0 jvm12.conf file are migrated to 7.0 server.xml file When migrating from Sun iPlanet Web Server 6.0 to Oracle iPlanet Web Server 7.0, properties in the 6.0 `jvm12.conf` file of the form `name = value` are not migrated as JVM options to the 7.0 `server.xml` file. Only the properties listed in jvm12.conf Parameter Reference in iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets are migrated. Workaround Migrate these properties' values manually. To do so, use Elements in server.xml in Oracle iPlanet Web Server 7.0.9 Administrator's Configuration File Reference to locate the `server.xml` element or subelement that corresponds to the `jvm12.conf` property you are migrating, and transfer the value to the `server.xml` file.
6407877	Incorrect migration occurs while migrating from Web Server 6.0 to 7.0 if the installed.pkg file is not found. In Web Server 6.0 to 7.0 migration, if the `installed.pkg` file is missing, Web Server incorrectly migrates the `NSServlet` entries in the `magnus.conf` file.
6490124	6.x -> 7.0: Migrated scheduled events still points to 6.x paths in the server.xml file.
6502529	6.1->7.0: Migration does not handle relative path set for search-collection-dir correctly. During instance migration, specifying a relative path for the target path into which the search collections should be copied, results in the search collection directory being created with respect to the `config-store`. When the instance is instantiated, the indexes are created without properly migrating the search collections.
6502769	6.x->7.0: Migration ignores any "document-root" NameTrans specified in the obj.conf file.
6498806	On Windows, Web Server Admin Console does not appropriately warn users during migration. The administration server does not detect if the selected new configuration or the service name already exists on Windows and hence does not appropriately warn the users to select a different configuration name or suggest a different configuration name as default.
6500509	Web Server 7.0 migration tool cannot successfully migrate from Web Server 6.1 if it has Root Certs installed in it.
6747123	The request processing behavior has changed in Web Server 7.0 Update 2 release. This change does not manifest while using Web Server 7.0 Update 2 RPP. A modification in Web Server's request processing engine to fix a significant error in Web Server, has changed the order in which Web Server processes objects and directives in the server's `obj.conf` file. This correction now guarantees that the following rules are applied while processing a request: All `ppath` objects that apply to a request are evaluated If there is a named object that applies to a request, it will take precedence over any `ppath` objects in cases where the two conflict. If your `obj.conf` file contain `ppath` objects, evaluate them to determine if your `obj.conf` file requires any modification. As a consequence of this change in the request processing behavior, when you upgrade previous Web Server versions to Web Server 7.0 Update 2, or later, you may have to make minor changes to the `obj.conf` files, as described after this table.

Handling the request processing behavior change in Web Server 7.0 Update 2

As a consequence of the change to the request processing behavior, when you upgrade previous Web Server versions to Web Server 7.0 Update 2 or later, you may have to make minor changes to the obj.conf files, as follows:

Using IF directive

In the following example, directives contained in theppath objects will not be invoked when an explicit JSP extension is found in the request URI, as the ntrans-j2ee NameTrans SAF will apply to a JSP extension and cause the object named j2ee to be evaluated next. The WebLogic proxy service used here to forward requests to the WebLogic server is no longer invoked, although there are no modifications made to theobj.conf file. As a result, Web Server sends the request to it's own web container, instead of the WebLogic proxy, resulting in failure of the request.

In theobj.conf file, default object, add a conditional statement to thentrans-j2ee service with the problem URIs, as follows:
```
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
#
#Adding <IF...> and </IF> bracketing to compensate
 for change in ppath processing
#
<IF $uri !~ ".*WebApp/.*" >
NameTrans fn="ntrans-j2ee" name="j2ee"
PathCheck fn="find-index-j2ee"
ObjectType fn="type-j2ee"
Error fn="error-j2ee"
</IF>
....
....
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>

<Object ppath="*/examplesWebApp/*" >
Service fn=wl_proxy WebLogicHost=jwsse10.red.iplanet.com WebLogicPort=7001
</Object>

<Object ppath="*/ejemploWebApp/*">
Service fn=wl_proxy WebLogicHost=jwsse10.red.iplanet.com
 WebLogicPort=7002
</Object>
</Object>
```
This allows thentrans-j2ee to be executed only when the URI's do not match.

Usingassign-name NameTrans

In simple scenarios, you can changeppath objects toname objects by usingassign-name in the default object. This allows theassign-name to be executed ahead ofntrans-j2ee.

<Object name="default">
NameTrans fn="assign-name" from="/examplesWebApp/*" name="examples_proxy"
NameTrans fn="assign-name" from="/ejemploWebApp/*" name="ejemplo_proxy"
NameTrans fn="ntrans~j2ee" name="j2ee"
....
....
</Object>

<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>

<Object name="examples proxy" >
Service fn=wl_proxy WebLogicHost=jwsse10.red.iplanet.com WebLogicPort=7001
</Object>

<Object name="ejemplo proxy">
Service fn=wl_proxy WebLogicHost=jwsse10.red.iplanet.com WebLogicPort=7002
</Object>

Disabling

Turning off Java Web container support on Web Server will ensure that the JSPs will be handled by WebLogic proxy function. However, this is only suggested when you do not intend to host Java content in the proxying tier.

Web Server Sample Applications Issues

The following table lists the known issues in Sample Applications of Web Server.

Table 2-6 Known Issues in Sample Applications

Problem ID Description

Problem ID	Description
6472796	sendmail.jsp shows incorrect file to be edited to specify resource.host for javamail sample application. Workaround To set `javamail.resource.host`, edit the `javamail.build.properties` and not the `build.xml` as specified in install-dir`/samples/java/webapps/javamail/src/docroot/sendmail.jsp`.

6472796

sendmail.jsp shows incorrect file to be edited to specify resource.host for javamail sample application.

Workaround

To set javamail.resource.host, edit the javamail.build.properties and not the build.xml as specified in install-dir/samples/java/webapps/javamail/src/docroot/sendmail.jsp.

Web Server Search Issues

The following table lists the know issues in the search functionality of Web Server.

Table 2-7 Known Issues in Search

Problem ID Description

Problem ID	Description
6943388	Building a search collection hangs when the number of documents is large When building a search collection for a large number of documents, the process hangs. This situation arises because the processing of each document is handled by a new thread, each consuming heap space. Workaround Increase the Java heap size using the `-Xmx` option. For example, you might increase the heap size from 128 MB (`-Xmx128m`) to 512 MB (`-Xmx512m`).
6701532	Search engine fails to index password protected PDF document If a PDF document is password protected and encrypted, the search engine fails to index the document's metadata. As a result, the requested search fails.

6943388

Building a search collection hangs when the number of documents is large

When building a search collection for a large number of documents, the process hangs.

This situation arises because the processing of each document is handled by a new thread, each consuming heap space.

Workaround

Increase the Java heap size using the -Xmx option. For example, you might increase the heap size from 128 MB (-Xmx128m) to 512 MB (-Xmx512m).

6701532

Search engine fails to index password protected PDF document

If a PDF document is password protected and encrypted, the search engine fails to index the document's metadata. As a result, the requested search fails.

Web Server Security Issues

The following table lists the known issues in the security area of Web Server.

Table 2-8 Known Issues in Security

Problem ID Description

Problem ID	Description
6376901	Limitation supporting basic and digest-based ACLs for resources in the same directory. If the server uses digest and basic-based ACLs in different parts of their doc tree, attempting to use both simultaneously on different files or resources in the same directory is not possible.
6431287	TLS_ECDH_RSA_* require the server cert signed with RSA keys. Cipher suites of the form `TLS_ECDH_RSA_*` requires server to have an ECC keypair with a cert signed using RSA keys. Note that this precludes using these cipher suites with self-signed certificates. This requirement is inherent to these cipher suites and is not a bug. The server should detect and warn about wrong configurations related to these cipher suites but currently it does not do so.
13493902	Changing the `htpasswd` file when the web server is running. The `htpasswd` file must be changed to ensure correct htaccess behavior for the time duration during which the `htpasswd` is running. Workaround To dynamically change the `htpasswd` file, do the following: Run the command `cp.httpasswd htpasswd.new` Make changes in `htpasswd.new` using the `htpasswd command htpasswd htpasswd.new` `username [password]` Copy `htaccess` to a new file. Example: `cp htaccess htaccess.new` Go to the `htaccess.new` file and change the name of the file. Example: `AuthUserFile /protected/directory/htpasswd.new` Go to the `obj.conf` file and add the following directive: `PathCheck fn="htaccess-find" filename="htaccess.new"` Reconfigure the web server instance by running the command `$bin/reconfig` This is a safe procedure to change the `htpasswd` file because the files cannot be accessed when you are editing or changing the files. New files can be accessed only after reconfiguration. Note that after reconfiguration the existing requests continues to be processed with the original htpasswd definition. Only new requests use the new `htpasswd` definition.

6376901

Limitation supporting basic and digest-based ACLs for resources in the same directory.

If the server uses digest and basic-based ACLs in different parts of their doc tree, attempting to use both simultaneously on different files or resources in the same directory is not possible.

6431287

TLS_ECDH_RSA_* require the server cert signed with RSA keys.

Cipher suites of the form TLS_ECDH_RSA_* requires server to have an ECC keypair with a cert signed using RSA keys. Note that this precludes using these cipher suites with self-signed certificates. This requirement is inherent to these cipher suites and is not a bug. The server should detect and warn about wrong configurations related to these cipher suites but currently it does not do so.

13493902

Changing the htpasswd file when the web server is running.

The htpasswd file must be changed to ensure correct htaccess behavior for the time duration during which the htpasswd is running.

Workaround

To dynamically change the htpasswd file, do the following:

Run the command cp.httpasswd htpasswd.new
Make changes in htpasswd.new using the htpasswd command htpasswd htpasswd.new username [password]
Copy htaccess to a new file.

Example:

cp htaccess htaccess.new
Go to the htaccess.new file and change the name of the file.

Example:

AuthUserFile /protected/directory/htpasswd.new
Go to the obj.conf file and add the following directive:

PathCheck fn="htaccess-find" filename="htaccess.new"
Reconfigure the web server instance by running the command $bin/reconfig

This is a safe procedure to change the htpasswd file because the files cannot be accessed when you are editing or changing the files. New files can be accessed only after reconfiguration.

Note that after reconfiguration the existing requests continues to be processed with the original htpasswd definition. Only new requests use the new htpasswd definition.

Web Server Session Replication Issues

The following table lists the known issues in the session replication functionality of Web Server 7.0.

Table 2-9 Known Issues in Session Replication

Problem ID	Description
6324321	Descriptive error message is not displayed when an error occurs remotely. When an exception occurs remotely, error messages are logged in the error log of the remote instance. However, the local instance currently displays a generic remote exception which does not clearly indicate which error log that the user must view.
6396820	Session replication does not failover correctly when cookies are disabled on the client.
6406176	When enabled, session replication should be the default session manager. After enabling session replication by using the Admin Console or the CLI, or by editing the `server.xml` file, session replication is not really enabled. Instead, `sun-web.xml` needs to be manually edited.
6800993	A minor data loss occurs, as `async` cluster is not available. It is observed that a small amount of http session data loss can occur in few cases. Asynchronous implementation, by using asnyc parameter, in session failover might resolve this issue.

Web Server Web Container Issues

The following table lists the known issues in the web container of Web Server.

Table 2-10 Known Issues in Web Container

Problem ID	Description
4858178	Web container writes to stderr.
6349517	Incorrect web application session statistics for MaxProcs > 1 mode. Web Server runs in multi-process mode. The `MaxProcs` configuration variable in the `magnus.conf` is used to set the maximum number of processes. If the value for `MaxProcs` is set to greater than 1, Web Server uses `mmap`-based session manager so that the session could be shared among different JVMs. While collecting statistics from multiple processes, web application MBeans provide session for individual MBeans. There is no way to find the true number of sessions by seeing individual MBean's web application session statistics.
6394715	Web container deletes the disabled web application MBeans object. When the web application is disabled by setting the `<enabled>` element to false in the `server.xml` file, the web container deletes the web application's MBeans and hence treats it as a closed or deleted web application. Since disabled objects are deleted, statistics are also lost.
6419070	No information is logged in error logs at the finest log level on successful JNDI resource creation.
6422200	com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse does 1 byte reads. When reading the `server.xml` file, the first line containing the XML version number and the encoding is read 1 byte at a time.
6440064	Servlet container creates a thread per virtual server.
6501184	REQ_EXIT causes javax.servlet.ServletException.
16003618	Signaturetest of servlet/JSP TCK fails with JDK 7 The `signaturetest` included in both the Servlet TCK and JSP TCK fails with Oracle iPlanet Web Server 7.0 when JDK 7.0 is used.

Web Server Localization Issues

The following table lists the known issues in the localized version of Web Server.

Table 2-11 Known Issues in Localization

Problem ID	Description
6543814	Search filter "*" does not work correctly for multibyte strings.
5046634	There is no functionality equivalent to `use-responseCT-for-headers`in Web Server 7.0. Response header encoding is enabled at the`web-app` level by setting the value of the configuration parameter`use-responseCT-for-headers` to any of the values; `yes`, `true`, or `on` in the`web-app/sun-web.xml` file. For example, set Response header encoding as follows: <sun-web-app> <parameter-encoding form-hint-field="j_encoding"/> <property name="use-responseCT-for-headers" value="true" /> <session-config> <session-manager/> </session-config> <jsp-config/> </sun-web-app>
6716537	Creating socket error message is not localized.
6775946	patchrm 125437-15 fails if they are installed in Japanese locale. Installing patchrm 125437-15 in Japanese locale fails and throws the following error: WARNING: patchrm returned <7> The log file output is as follows: /var/tmp/dstreAAAW0a4wU/SUNWwbsvr7x/install/checkinstall: XXXXXXXXXXXXXXXXXXX 4: `(' unexpected pkgadd: ERROR: checkinstall script did not complete successfully Installation of <SUNWwbsvr7x> partially failed. This issue is observed on the following platforms: SPARC Platform - Solaris 10 with patch 119254-40 through 119254-47 and without 119254-48 x86 - Solaris 10 with patch 119255-40 through 119255-47 and without 119255-48 Workaround: Avoid installing the affected patches listed earlier. If these patches are already installed, you can remove them by using the `patchrm(1M)` command to return to a safe patch level. Avoid installing patches with Japanese locale. For more information, see http://sunsolve.sun.com/search/document.do?assetkey=1-26-103104-1. Apply patch 119254-48 or higher on Solaris 10 SPARC platform and patch 119255-48 or higher on Solaris 10 x86 platform.

Web Server Sun Java Enterprise System Issues

The following table lists the known issues in the Sun Java Enterprise System (Java ES).

Table 2-12 Known Issues in Java ES

Problem ID Description

Problem ID	Description
6432106	Sun Java System Portal Server search throws exception after Web Server upgrade. Portal Server search functionality throws exception when upgrading Web Server from Java ES 4 to Java ES 5. Workaround Note: Move the existing `libdb-3.3.so` and `libdb_java-3.3.so` library files to an appropriate location, somewhere outside Web Server's private directories. Once the Portal Server libraries are in a suitable location, that path must be specified for the <libdb-3.3.so path>:<libdb_java-3.3.so path> in the following commands. On Solaris platform, perform the following steps: Copy the `libdb-3.3.so` and `libdb_java-3.3.so` files from Web Server 6.1 `lib` directory to an appropriate location. Note: For HP-UX, the files are `libdb-3.3.sl` and `libdb_java-3.3.sl`. For windows, the files are `libdb-3.3.dll` and `libdb_java-3.3.dll`. Caution: Do not copy the library files to Web Server 7.0 private directories (For example, `lib` directory). Create a directory (`mkdir`) by name `/portal_libraries`. Copy the library files `libdb-3.3.so` and `libdb_java-3.3.so` to `/portal_libraries`. Use the `wadm` command to inform Web Server about the location of the library files. Get the current native library path setting by typing the following Admin CLI command: `get-jvm-prop -user=admin --config=hostname native-library-path-prefix` Save the output. Append `the copied libdb-3.3.so` and `libdb_java-3.3.so` path to the existing native library path by typing the following Admin CLI command. `set-jvm-prop --config=hostname native-library-path-prefix=<existing native library-path>:</portal-libraries-path>` where, portal-libraries-path is the location of where you copied the `libdb-3.3.so` and `libdb_java-3.3.so` files in Step 1. If you do not get any results or output for the `get-jvm-prop` command, at the command prompt, set the native-library-path-prefix: `native-library-path-prefix=</portal-libraries-path>` Note: For Windows platform, use ';' as the separator for`native-library-path-prefix` parameter as follows: `native-library-path-prefix=<existing native libarary path>;<portal-libraries-path>` For non-Windows platform, use the ':' as the separator for `native-library-path-prefix` parameter as follows: `native-library-path-prefix=<existing native libarary path>:<portal-libraries-path>` Deploy the modified configuration by typing the following command: `deploy-config [--user=admin-user] config-name`
6504178	Migration logs reports a bogus "root is not a valid user" message on Java ES 5. While migrating from Java ES 4 to Java ES 5 on UNIX platforms, the migration log file reports `WARNING: "root is not a valid user"`. This is incorrect as the "root" user is valid on that host.
6453037	A lot of warnings/info messages displayed at Web Server startup on the standard output instead of routing these messages to the log file.

6432106

Sun Java System Portal Server search throws exception after Web Server upgrade.

Portal Server search functionality throws exception when upgrading Web Server from Java ES 4 to Java ES 5.

Workaround

Note: Move the existing libdb-3.3.so and libdb_java-3.3.so library files to an appropriate location, somewhere outside Web Server's private directories. Once the Portal Server libraries are in a suitable location, that path must be specified for the <libdb-3.3.so path>:<libdb_java-3.3.so path> in the following commands.

On Solaris platform, perform the following steps:

Copy the libdb-3.3.so and libdb_java-3.3.so files from Web Server 6.1 lib directory to an appropriate location.

Note: For HP-UX, the files are libdb-3.3.sl and libdb_java-3.3.sl. For windows, the files are libdb-3.3.dll and libdb_java-3.3.dll.

Caution: Do not copy the library files to Web Server 7.0 private directories (For example, lib directory).
Create a directory (mkdir) by name /portal_libraries. Copy the library files libdb-3.3.so and libdb_java-3.3.so to /portal_libraries.
Use the wadm command to inform Web Server about the location of the library files.
Get the current native library path setting by typing the following Admin CLI command:

get-jvm-prop -user=admin --config=hostname native-library-path-prefix

Save the output.
Append the copied libdb-3.3.so and libdb_java-3.3.so path to the existing native library path by typing the following Admin CLI command.

set-jvm-prop --config=hostname native-library-path-prefix=<existing native library-path>:</portal-libraries-path>

where, portal-libraries-path is the location of where you copied the libdb-3.3.so and libdb_java-3.3.so files in Step 1.

If you do not get any results or output for the get-jvm-prop command, at the command prompt, set the native-library-path-prefix:

native-library-path-prefix=</portal-libraries-path>
Note: For Windows platform, use ';' as the separator fornative-library-path-prefix parameter as follows:

native-library-path-prefix=<existing native libarary path>;<portal-libraries-path>

For non-Windows platform, use the ':' as the separator for native-library-path-prefix parameter as follows:

native-library-path-prefix=<existing native libarary path>:<portal-libraries-path>
Deploy the modified configuration by typing the following command:

deploy-config [--user=admin-user] config-name

6504178

Migration logs reports a bogus "root is not a valid user" message on Java ES 5.

While migrating from Java ES 4 to Java ES 5 on UNIX platforms, the migration log file reports WARNING: "root is not a valid user". This is incorrect as the "root" user is valid on that host.

6453037

A lot of warnings/info messages displayed at Web Server startup on the standard output instead of routing these messages to the log file.