Sun Java System Web Server 7.0 Update 2 Release Notes

Sun Java System Web Server Release Notes

These release notes contain important information about the Sun JavaTM System Web Server 7.0 Update 2(Web Server) release. These notes address new features and enhancements, installation notes, known problems, and other late-breaking issues. Read this document before you begin using Web Server Update 2.

These release notes contain the following sections:

What's New in This Release

Web Server Update 2 is an update release to Web Server 7.0. In addition to the features and enhancements in Web Server 7.0 and Web Server 7.0 Update 1 releases, Web Server 7.0 Update 2 release brings the following value-additional features and enhancements to the product. New features and enhancements are described in the sections below.

PKCS11 Bypass Support

This Web Server update release introduces an option to instruct NSS to bypass the PKCS#11 layer during parts of the SSL/TLS processing. Bypassing the PKCS#11 layer improves performance. By default, the PKCS#11 layer is bypassed. At the time of server startup, the server queries each token holding a server key to verify that each token can support PKCS#11 bypass. If any of the tokens cannot support bypass, bypass is disabled. Therefore, no user action is required to take advantage of the performance benefits of the PKCS#11 bypass. The server automatically takes advantage of the bypass and automatically disables the bypass if the token cannot be used given the current configuration.

Web Server provides CLI and Admin Console support to enable or disable the bypass. For more information about how to enable or disable PKCS11 bypass using the Admin Console or the CLI, see To Enable and Bypass PKCS#11 Tokens in Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

Service Management Facility (SMF) Support

This Web Server update release integrates with the Solaris 10 Service Management Facility for the Java platform (SMF). SMF is a new feature of the Solaris Operating System that creates a supported, unified model for services and service management on each Solaris system. It is a mechanism to define, deliver, and manage long-running application services for Solaris. A service is defined by a service manifest, an XML file which describes a service and any instances associated with that service.

For more information about SMF support in Web Server, see the Integrating Service Management Facility for the Java Platform with Web Server in Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

Asynchronous Accelerator Cache Support

This release of Web Server supports processing of requests that can be served from the accelerator cache asynchronously thereby improves the performance of the server. Value added features are:

Enhanced Web Container

This Web Server update release introduces the ability to display the exception stack trace or JSP compiler errors in a browser. In the earlier releases of Web Server, when an exception occurs in the servlet container at the request time, a "Server Error" is displayed at the client without exposing internal application details. The exception is always logged in the error log with or without this feature enabled.

Note –

Displaying exception stack trace or JSP compiler errors in a browser feature is not enabled by default. You can enable this feature through set-servlet-container-prop command or through the Display Exception checkbox in the Servlet Container tab of the Admin Console. This is useful for development purposes. It is strongly recommended not to enable this feature in production systems.

Improved Administration Experience

Administration experience is improved in this release of Web Server by introducing the following key features:

Roll Back Deployed Configuration Support

Web Server supports rolling back of deployed configuration. Web Server administration now enables administrators to take backups automatically on every deployed configuration. Using the administration CLI, it is possible to list backups and restore a specified backup.

Support To Set Administration Server Password

This release of Web Server enables you to reset the administration server's user password. However, this functionality works only locally on the administration server's node.

Support for Managing CA Certificates

Administration Console enables you to install, delete, filter CA certificates, Cert chain, and the CRLs. Additionally, the server also warns the users about the certificates that are about to expire.

Registration with Sun Connection

You can use the Admin Console or the Update Center to register the Web Server with Sun Connection. By registering the Web Server with Sun Connection you receive benefits such as:

  • Patch information and bug updates

  • News and events

  • Support and training offerings

For information about the administration features, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

Red Hat 4.0 64-bit Support

Support for a 64-bit standalone version of Web Server is provided in this release. Web Server 7.0 64-bit Linux is a separate standalone only distribution and does not coexist with Web Server 7.0 32-bit Linux. Web Server 7.0 64-bit Linux requires 64-bit Java Development Kit 5.0 Update 12 or above. Both Administration Server and server instance are only 64-bit server. Migration from previous releases is not supported on Web Server 7.0 64-bit for Linux.

NetBeans 6.0 IDE Support

This update release of Web Server provides support to connect to the NetBeans 6.0 IDE and allows users to develop, debug, and deploy applications to the web server. The NetBeans plug-in can be downloaded from the update center using the NetBeans 6.0 IDE.

Note –

In addition to the support for NetBeans 6.0 IDE, Web Server provides support for NetBeans 5.0 and 5.5.1 versions of the IDE.

Features and Enhancements in Update 1 Release

Web Server 7.0 Update 1 is an update release to the major release of Web Server 7.0.

In addition to the features and enhancements in Web Server 7.0 listed later in these release notes, Web Server 7.0 Update 1 supports the Java Platform, Enterprise Edition (Java EE) 5.0 and Web 2.0 technologies. The details of these features and enhancements are described in the sections below.

Java Servlet 2.5 and JavaServer Pages (JSP) 2.1 Support

Web Server includes a Java Platform, Enterprise Edition (Java EETM) 5 compliant implementation of the Java Servlet 2.5 and JavaServer PagesTM (JSPTM) 2.1 technology specifications. Web Server provides the flexibility and reliability needed to design and deploy web applications that comply with Java technology standards.

Java Servlet technology provides web developers with a simple, consistent mechanism for extending the functionality of a Web Server and for accessing existing business systems. JSP technology provides a simplified and a fast way to create dynamic web content. JSP technology enables rapid development of web-based applications that are server and platform-independent.

For information about these technologies, see

JavaServer Pages Standard Tag Library and JavaServer Faces 1.2 Support

The JavaServer Pages Standard Tag Library provides custom tags that encapsulate core functionality common to many web applications. JavaServer Pages Standard Tag Library has support for common, structural tasks such as iteration and conditionals. It provides tags for manipulating XML documents, internationalization tags, and SQL tags. It also provides a framework for integrating existing custom tags with JavaServer Pages Standard Tag Library tags.

Web Server supports JavaServer FacesTM technology. JavaServer Faces is a user interface framework for building web applications.

For information about these technologies, see:

Java SE 5.0 and 6 Support

Web Server supports the 32–bit version of the Java Platform, Standard Edition (Java SETM) 5.0 and Java Platform, Standard Edition (Java SE) 6. For the 64-bit version of Web Server, the 64–bit version of Java Development Kit (JDKTM) software support is available.

The following table lists the JDK versions supported on various platforms:

Table 1 Supported JDK Versions

Operating System 

Supported Java SE Version  

Whether Co-packaged With Web Server 

64–bit Support (Yes/No) 

Solaris SPARC 





Solaris x86/AMD,AMD64 



















At the time of installation, you must specify a valid path for the JDK. To use the JDK version that is not co-packaged with the product, download the software from the following location:

JDK version 1.6.0:

JDK version 1.5.0_03:

Accelerator Cache Technology

Web Server includes new accelerator cache technology that speeds the delivery of small files. The accelerator cache is automatically enabled and requires no configuration. For more information, see the File Cache Information section of the Sun Java System Web Server 7.0 Update 2 Performance Tuning, Sizing, and Scaling Guide.

Administration Support for Configuring FastCGI

You can configure FastCGI using the Admin Console as well as the Command Line Interface (CLI). You can also configure the FastCGI with Web Server using the configuration files.

For more information about using the FastCGI in Web Server 7.0, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

NetBeans Support

Web Server provides plug-ins to integrate with the NetBeansTM Integrated Development Environment (IDE) 5.0, 5.5, and 5.5.1 versions for deploying and debugging web applications. NetBeans is a complete development environment to create Java Platform Enterprise Edition (Java EE) based web applications with the standard components.

In addition to the deployment of web applications, the plug-in also provides support for the following activities:

For information about NetBeans, see:

For more information about using NetBeans with Web Server, see:

Admin Console Support for Configuring Regular Expressions

Web Server provides support for writing regular expressions within the obj.conf file through the Admin Console. However, writing regular expressions through the Admin Console is limited to the form of <If>..</If> conditions for URL redirects.

For more information on using the Admin Console for writing regular expressions, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

GUI and CLI Support for Pattern Matching

Web Server provides support for configuring the URIs, URI prefixes, URI wildcard patterns properties through the Admin Console and the Admin CLI.

For more information on using the Admin Console for configuring URI pattern properties, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

For more information on using the CLI commands for configuring URI pattern properties, see the Sun Java System Web Server 7.0 Update 2 CLI Reference Manual.

Features and Enhancements in Web Server 7.0

Web Server can be configured to run as a 64–bit application on the SolarisTM, SPARC® and AMD64 platforms.

Web Server provides comprehensive command-line interface support, consolidated configuration, enhanced security with elliptic curve cryptography support, and clustering support. It also comes with a robust built-in migration tool that helps migrate applications and configurations from Web Server 6.0 and Web Server 6.1 to Web Server 7.0.

Sun Java System Web Server includes the following new features:

JMX Based Management Infrastructure

Web Server management infrastructure is based on the modern distributed Java Management Extensions (JMXTM) technology. JMX technology provides tools for building distributed, web-based, modular and dynamic solutions for managing and monitoring devices, applications, and service-driven networks. JMX helps to manage and monitor instances, configurations, and web applications across clustered Web Server deployments.

Redesigned Administration Server Interface

The Administration Server is a specially configured Web Server instance on which the administration applications are deployed. An administration instance runs on each node in the server farm. Of these nodes, one node is configured to be the Administration Server and the rest are configured to be Administration Nodes.

The web-based Administration Server is redesigned to make common tasks easier to access and complex tasks easier to accomplish.

The Administration Server includes the following new features:

For more information on using the administration interface to perform administrative tasks, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

Command-Line Interface Support

The command-line interface enables you to easily configure and administer the server.

The administration CLI has the following key features:

For more information on the commands, see the Sun Java System Web Server 7.0 Update 2 CLI Reference Manual.

Sun N1 Service Provisioning System Support

Web Server is integrated with Sun N1TM Service Provisioning Server 5.2. Sun N1 Service Provisioning System is an application provisioning tool that eliminates the need for custom scripts. With the integration of Web Server with Sun N1 Service Provisioning System, as an administrator, you do not need to write custom scripts for installing multiple Web Servers in a datacenter environment or in a server farm.

Consolidated Configuration Files

Configuration files in Web Server are rearranged and consolidated to simplify administration.

In the earlier versions of Web Server, the configuration files in userdb were shared by all instances, while the information contained in these files was often instance-specific. In Web Server 7.0, configuration files from the userdb directory are removed. Their functionality is incorporated into the server.xml file in the config directory. Configuration files from the alias and httpacl directories are moved into the config directory. These changes consolidate instance-specific configuration information within the instance-specific config directory.

For information about the configuration files, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Configuration File Reference.

JNDI Support

The Java Naming and Directory InterfaceTM (J.N.D.I.) API provides seamless connectivity to heterogeneous enterprise naming and directory services.

Java Database Connectivity and Connection Pooling Support

Web Server provides out-of-the-box, seamless Java DataBase Connectivity (JDBCTM), technology and supports a wide range of industry-standard and customized JDBC drivers.

Web Server supports JDBC connection pooling, that is, a group of reusable connections for a particular database. Because creating each new connection is time consuming, the server maintains a pool of available connections to increase performance. When an application requests a connection, it obtains a connection from the pool. When an application closes a connection, the connection is returned to the pool.

For information on creating JDBC connection pools, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

Integrated Java Web Services Developer Pack 2.0 Technologies

Web Server includes Java Web Services Developer Pack (Java WSDP) 2.0 and XML technologies. Web services developed by using Java WSDP can be deployed on Web Server as a web application by using the wadm command.

Web Server 7.0 provides support for security features such as XML Encryption, XML Digital Signature, and support for message security provider.

For more information on Java WSDP 2.0, see the following resource:

Java WSDP 2.0 samples are located at the following location. These samples can be deployed on Web Server 7.0.

Lightweight Session Replication Support

Web Server supports cluster-based session replication and failover. Session replication and failover provides high availability to web applications by replicating HTTP sessions from one server instance to another in the same server cluster. Because each HTTP session has a backup copy on a remote instance, a server failure that renders one instance in the cluster unavailable does not disturb session continuity.

For more information on Light Weight Session Replication support, Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

URL Redirection and Rewriting with Regular Expressions

Web Server 7.0 introduces enhanced support for regular expressions and conditional processing in the obj.conf configuration file.

Key enhancements include the following:

You can use these new features to define flexible URL rewriting and redirection rules such as those possible with mod_rewrite from the Apache HTTP server. Unlike mod_rewrite, regular expressions and conditional processing in Web Server 7.0 can be used at any stage of request processing, even with third-party plug-ins.

For more information on regular expressions and URL rewrite functions, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Configuration File Reference.

Extensive Real-Time Monitoring Support

In addition to the monitoring facilities in earlier versions of Web Server, Web Server adds the following enhancements:

For more information on Monitoring feature in Web Server, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

Integrated Reverse Proxy

Reverse Proxy is integrated with Web Server. Reverse Proxy can be executed as an internal module.

A reverse proxy is a proxy that appears to be a web server (origin server) to clients but in reality forwards the requests it receives to one or more origin servers. Because a reverse proxy presents itself as an origin server, clients do not need to be configured to use a reverse proxy. By configuring a given reverse proxy to forward requests to multiple similarly configured origin servers, a reverse proxy can operate as an application level software load balancer. In a typical deployment one or more reverse proxies will be deployed between the browsers and the origin servers.

Integrated reverse proxy provides additional layer of protection between the public Internet and the origin Web Servers. Web Server can be configured as Reverse Proxy server for back end application servers like Tomcat and Sun Java System Application Server 9.

Web Server provides GUI and CLI support for configuring the reverse proxy.

For information about configuring reverse proxy, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

Enhanced Security

Web Server supports a wide variety of technologies that allow data encryption and validation, request authentication, and server process protection. Key security feature enhancements include the following:

Elliptic Curve Cryptography Support

Sun Java System Web Server has always supported RSA keys. In addition to the continued support for RSA keys, Web Server 7.0 introduces support for Elliptic Curve Cryptography (ECC).

ECC is the next generation of public-key cryptography for mobile or wireless environments. ECC is based on a set of algorithms for key generation, encryption, and decryption for performing asymmetric cryptography.

Important features of ECC are:

For more information on how to use ECC in Web Server, see the Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.

Sun Java Studio Enterprise Support

Web Server 7.0 supports Sun Java Studio Enterprise 8.1. Sun Java Studio software is Sun's powerful, extensible IDE for Java technology developers. Sun Java Studio 8.1 is based on the NetBeans software, and integrated with the Sun Java platform.

The plug-in for the Web Server can be obtained in the following ways:

Note –

Sun Java Studio 8.1 plug-in for Web Server works only with a local web server. That is, the IDE and the web server must be installed on the same machine.

For information about using the web application features in Sun Java Studio 8.1, see the following tutorial:

For more information about Sun Java Studio 8, visit:

Localization Support

Web Server is available in the following languages:

Supported Platforms

Web Server can be installed on the Solaris, Linux, HP-UX and Windows operating systems. The following table summarizes platform support. For more information about installation requirements, see Required Patches in these release notes.

Note –
  1. Web Server runs as a 32-bit application on Windows, Linux, and HP-UX.

  2. Intel Itanium Architecture is not supported.

  3. Minimum required memory for installing Web Server on the specified platforms is applicable when you are installing Web Server as a stand-alone product. If you are installing Web Server as part of Java ES, the minimum required memory might vary. For exact memory requirements, see the Sun Java Enterprise System 5 Release Notes for UNIX.

Table 2 Web Server Supported Platforms



Operating System 

Minimum Required Memory 

Minimum Recommended Disk Space 



Solaris 8, 9, 10 

256 MB 

550 MB 



Solaris 9, 10 (x86) 

Solaris 10 (AMD64) 

256 MB 

550 MB 



Windows 2000 Advanced Server, Service Pack 4 

Windows XP Professional Edition, 

Windows 2003 Server, Enterprise Edition 

256 MB 

550 MB 



Red Hat Enterprise Linux AS 3.0 (Update 4 or later), 4.0 (or later updates) 

Red Hat Enterprise Linux 4 64-bit 

Red Hat Enterprise Linux 5 64-bit 

Red Hat Enterprise Linux 5 32-bit 

SuSE Enterprise Linux 10.2 64-bit 

768 MB 

550 MB 



SUSE Linux Enterprise Server 9 (or later updates) 

256 MB 

550 MB 


PA-RISC 2.0 

HP-UX 11iv1 (B.11.11) 

256 MB 

550 MB 

Required Patches

Update your operating system with the latest applicable patches. Required patches are listed in the following sections.

Solaris Patches

x86 or SPARC users of Solaris 8, 9, or 10 Operating System should have the latest patch cluster installed. This patch cluster is available under “Recommended and Security Patches” on the web site.

Note –

On a 32–bit Solaris (SPARC) platform, install SUNWlibC and SUNWlibCx packages, in addition to the patches listed in the sections below.

Web Server 7.0 installer determines if the required patches are installed on your machine, without them the installation fails. The following patches are required for successful installation and functioning of Web Server 7.0 on a supported platform.

Note –

If the patches available at are obsolete, download the most recent version of these patches as they include the latest bug fixes and product enhancements.

Note –

To know the Solaris Operation System version installed on your machine, see the /etc/release file.

The /etc/release file contains Solaris Operation System version information in the following format:

            Solaris 10 6/06 s10x_u2wos_08 X86
   Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved. 
             Use is subject to license terms.
                   Assembled 02 May 2006

Solaris 8 Platform (SPARC and x86)

Solaris 8 Platform (SPARC)

Solaris 8 Platform (x86)


Solaris 9 Platform (SPARC and x86)

Solaris 9 Platform (SPARC)

Solaris 9 Platform (x86)

Solaris 10 Platform (SPARC and x86)

Note –

For the 64-bit version of Web Server, you must check if the SUNWlxml package is installed on the server by running the command # pkginfo SUNWlxml which produces the following output:

system      SUNWlxml The XML library

This package is always installed with Solaris 10 standard installation, even if you choose the lowest level of installation METACLUSTER=SUNWCmreq, NAME=Minimal Core System Support.

If you do not want this package, you can either, remove it by using the pkgrm command or use a jumpstart image which lacks this package.

Incompatible Patches

Some incompatible patches can affect Web Server startup and cause the server not to respond to requests. The following table lists such patches. If you have an incompatible patch installed on your machine, upgrade the patch to a recommended compatible patch.

Table 3 List of Incompatible Patches

Operating System 

Incompatible Patch 

Recommended Compatible Patch 

Solaris 8 SPARC 

109147-37 (linker patch) 

109147-38 (linker patch) 

109147-39 (linker patch) 

109147–40 (linker patch) 

Solaris 9 SPARC 

112963-22 (linker patch) 

112963-23 (linker patch) 

112963-24 (linker patch) 

112963-25 (linker patch) 

Solaris 9 x86 

113986-18 (linker patch) 

113986-19 (linker patch) 

113986-20 (linker patch) 

113986-21 (linker patch) 

HP-UX Patches

The requirements for installing Web Server on HP-UX platform are as follows:

Impact of US DST Changes 2007

Daylight Savings Time (DST) will start in U.S.A from the 2nd Sunday of March and end on the 1st Sunday of November. This will impact the date and time rules of the operating system and JDK/JRE.

To make sure that log files contain the correct time in US time zones, and that Administration Server and Java Web Applications are not impacted by this change, do the following:

Download and use the appropriate operating system patches. You can download the Solaris patches from For other platforms, download similar DST compatible patches from operating system vendor's web site.

Upgrade the JRE to make sure that Administration Server and Java Web Applications are not impacted by this change. Download and use the appropriate JRE that has the fix for DST changes. JRE versions for the supported platforms are as follows: 

Supported Browsers

The following browsers are supported with Web Server Admin Console:

UNIX® and Windows platforms:

Windows platform:

Installation, Migration, and Upgrade Notes

This section includes notes about installing, migrating and upgrading your Sun Java System Web Server. For detailed information about these topics, review the information in the Sun Java System Web Server Installation and Migration Guide. For known issues in this release of Web Server, see Known Issues in these release notes.


You cannot install Web Server to a directory that contains an earlier version of Web Server. You can, however, migrate the existing installation after installing Web Server to a new directory.

Web Server can be installed as part of Java Enterprise System or as a standalone version.

Standalone Installation

In a standalone installation, all the necessary shared components such as NSS, NSPR are co-packaged with the Web Server installation files.

Java ES Installation

If you are installing Web Server as part of the Java ES suite, the Java ES installer installs all the shared components such as NSS and NSPR as separate packages and Web Server specific binaries as separate operating system dependent packages. Hence you need to download and install all the shared components patches and Web Server patches.

Visit Sun Solve. Download and install the latest Java ES Component Patches for the respective operating system.


Web Server 6.0 and 6.1 configurations can be migrated. Direct migration from a Web Server version lower than 6.0 is not supported. Earlier versions such as Web Server 4.0 or later must first be migrated to Web Server 6.1, then to Web Server 7.0. For information about migrating from Web Server 4.0 or later to Web Server 6.1, see the latest Sun Java System Web Server 6.1 Installation and Migration Guide and the Sun Java System Web Server 6.1 Release Notes.

For detailed information on migrating from Web Server 4.1 to Web Server 7.0, and from all versions of Web Server 6.0 to Web Server 7.0, see the Sun Java System Web Server 7.0 Update 2 Installation and Migration Guide.


When you install Sun Java System Web Server 7.0 Update 2 over an existing installation of Sun Java System Web Server 7.0, the installer automatically carries out the upgrade.

If you have Sun Java System Web Server 7.0 installed, point the Sun Java System Web Server 7.0 Update 2 installer to the location of the Web Server 7.0 installation and then upgrade.

If you have installed Sun Java System Web Server 7.0 as part of Java ES 5, you are encouraged to install the following patches from the web site to upgrade to Web Server 7.0 Update 2:

If you are using a localized version of Web Server, install the following patches for successful upgrade from Web Server 7.0 to Web Server 7.0 Update 2:

For detailed information about upgrading from Web Server 7.0 to Web Server 7.0 Update 2, see the Installation and Migration Guide.

Compatibility Issues

  1. Web Server 7.0 supports JavaServerTM Faces 1.2 technology. Most JavaServer Faces 1.1 applications are expected to work with Web Server 7.0 without any modifications. However, there are some compatibility issues that might be encountered when migrating applications to JavaServer Faces 1.2 applications and such applications require modifications. The changes are documented in the JavaServer Faces release notes at

  2. Sun Java System Portal Server 7.1, provided with Java ES 5 is not compatible with Sun Java System Web Server 7.0 Update 1. If you have deployed Sun Java System Portal Server 7.1 along with Web Server 7.0, you need to upgrade both servers rather than only Sun Java System Web Server 7.0. The required Sun Java System Portal Server 7.1 upgrade is available with Java Enterprise System 5 Update 1 or with the following patches available on web site.

    • 124301 (SPARC)

    • 124302 (x86)

    • 124303 (Linux)

    If you are using a localized version of Web Server, install the following Portal Server localization patches:

    • 125301 (Solaris SPARC, Solaris x86 localization)

    • 125302 (Linux localization)

Product Documentation

The complete Sun Java System Web Server 7.0 Update 2 documentation is available at

Resolved Issues

This section lists the issues resolved in Web Server 7.0 Update 2.

Problem ID



Request to the server fails with using of "Sun Software PKCS#11 softtoken".


Values of 'mail-resource' sub elements are not getting set on mail session object.


NSAPIRequest.setupRequestFields is slow.

com.sun.webserver.connector.nsapi.NSAPIRequest.setupRequestFields is slow primarily because of excessive String-->byte and byte-->String conversion when parsing Cookie headers.


Java garbage collector activity is higher in Web Server 7.0 when compared against Web Server 6.1.

The servlet container in Web Server 7.0 creates many Java objects. 


If a servlet is mapped to req URI formed by partial req + welcome file, the behavior is wrong.

If a web container receives a valid partial request, the web container must examine the welcome file list defined in the deployment descriptor. The welcome file list is an ordered list of partial URLs with no trailing or leading /. The Web Server must append each welcome file in the order specified in the deployment descriptor to the partial request and check whether a static resource or a servlet in the WAR file is mapped to that request URI. The web container must send the request to the first resource in the WAR that matches.


Multi-byte characters in headers can not be retrieved by req.getHeader().

The characters are not parsed correctly, when request.getHeader() is called.


The hardcoded message "ADMIN3594: Configuration changes require a server restart" is not localized.


In the Japanese locale online help, the description about the PAM for "Editing Authentication Databases" incorrectly states the name of Directory Server.  

The description must be read as: "Editing Authentication Databases" PAM -- PAM is the new auth-db supported by Sun Java System Web Server 7.0.  


Search collection subdirectory with leading slash causes confusing error. 

When you try to create a search collection and set the document root subdirectory with a leading slash, the error message produced wrongly informs you that a slash at the beginning is needed. 


Inconsistent wording found in Directory listing type. 

The sentence "Error response file to use when indexing is None" should be changed to "Error response file to use when listing is None". 


The word "Other" in the list of countries is not translated. 


In the Add Documents window, Included checkbox for subdirectory is not translated.  


Japanese language help: “Editing Authentication Databases” have different description about PAM. 


Translation issue of Admin GUI messages in Japanese. 


Translation issue of GUI installer OLH. 


In Java ES, Web Server 7.0 with Access Manager displays a null pointer exception. 

This section lists the issues resolved in Web Server 7.0 Update 1.

Problem ID 



Java LDAP connection pool interaction issue - initial connection is never timed out.

Specifying a Java LDAP connection pool through the JVM options in the server.xml file and referencing this with an external JNDI resource when the web server is started, creates a pooled LDAP connection. With this connection, it is always marked as busy and the connection never expires.


Values of 'mail-resource' sub elements are not getting set on mail session object.


NSAPIRequest.setupRequestFields is slow.

com.sun.webserver.connector.nsapi.NSAPIRequest.setupRequestFields is slow primarily because of excessive String-->byte and byte-->String conversion when parsing Cookie headers.


The servlet container does not use accelerator cache when processing RequestDispatcher includes.


On Windows, dynamic reloading of JSP produces incorrect output.


ssl-check is not working with NSAPI based plug-in.

"PathCheck fn="ssl-check" secret-keysize=128 bong file="xxxxx.yyy.html" 

For static file requests, if the secret-keysize of the client is less than the size specified by the server and a bong file is present, then the bong file is sent back as the response. However, requests for dynamic content (for example, JSP files) return the actual requested object (for example, the JSP file) rather than the bong file.


Problem having server-parsed HTML (ParseHTML) and .htaccess with restricted group option.

Authentication succeeds when parsing through a HTML file which has the shtml include entries and is configured to authenticate through .htaccess which has the "restricted by group" option enabled. If the group user gets authenticated, then the result page does not get shtml include entries. This however works fine with the user in .htaccess file has "restricted by user" option.


SSL session cache cannot be disabled.

Session cache is enabled by default. When the session cache is disabled and URL is accessed through the HTTPs protocol, the URL does not go through and the server log displays an error message indicating that the SSL cannot be configured without session-cache.


Samples refer to "Sun ONE" instead of "Sun Java System".

The servlet sample,, co-packaged with Web Server 7.0 refers to “SunONE” instead of “Sun Java System”.


sampleapps/java/webapps/simple docs invalid.

The documents for a simple sample application shows an incorrect pathname. The path should be install_dir/plugins/java/samples/webapps/simple/src instead of install_dir/samples/java/webapps/simple/src.


No CLI support to configure FastCGI. Need to manually edit obj.conf or magnus.conf files to configure FastCGI.


Memory leak found in FastCGI.


Admin Console online help needs to be updated.

The online help needs to be updated for the following:  

  1. Context-based help should be provided.

  2. All screens must have a corresponding help page.

  3. Help pages must reflect the changes in the GUI.

  4. Inconsistent usage of terminology between the GUI and online help.

  5. Fix grammatical errors.

  6. Detailed description for some topics.


Mismatch between online help and the Admin Console.


Missing help file under config tokens page.

Common Tasks > Edit Configuration > Certificates > PKCS11 Tokens, the help file for this screen is missing. 


Cannot dynamically reconfigure HTTP listener family. The Instance does not start on setting the protocol family to nca.


<listen-queue-size> upper bound is set to 65535, which is too small. Need to increase the <listen-queue-size> upper bound.


Incorrect ObjectType fn="force_type" added in object cgi on creation of new cgi directory.

When creating a new cgi directory, an incorrect object type force_type is added to the obj.conf file.


On Windows, dialog box to enter the token password appears on restarting an instance after the deployment. This behavior is not see on other platforms.


On Windows, wadm does not update classpath correctly if classpath contains a semicolon (;)

The semicolon in tcl is interpreted as a command terminator, which is used to group multiple commands in a single line. On Windows, semicolon is used as a path separator.


SNMP Management Information Base (MIB) for "iwsFractionSysMemUsage" does not show correct results

SNMP MIB "Fraction of process memory in system memory" which is part of iws.mib gives wrong results when queried by the SNMP manager utility.


Incorrect error message is displayed if you execute the list-tokens command without specifying the configuration value.


Incorrect error message is displayed if you execute the list-authdb-userprops command without specifying the authdb value.


No error message is displayed if you execute the get-ssl-prop command with an invalid http-listener value.


Cannot edit the MIME types using the Admin Console.


Displays an improper message when you stop an instance that does not exist.

An error message `Successfully stopped the server instance' is displayed if you try to stop an instance that does not exist. 


wadm allows you to create a configuration with a negative port number.


Incorrect error message is displayed if you execute the create-cert-request command with an invalid key-size value.


The delete-group command displays an incorrect error message if you specify an invalid group value.


No error message is displayed when you execute the list-group-members command with an invalid group-ID value.


Cannot set the rewrite-location properties using the set-reverse-proxy-prop command.

You cannot set the -rewrite-location property to false. The value specified for the -rewrite-location is not validated. For example, specifying the = symbol for the i-rewrite-location option corrupts the obj.conf file and results in parser error.


The set-token-prop command sets wrong passwords in the server.xml file even if the token pin has not been specified.


Incorrect error message is displayed on LDAP user creation failure.


If an invalid node name is specified while deleting an instance, an incorrect error message is displayed.


The register-node command runs successfully with non SSL port only in shell mode.

In shell mode, typing the register-node command with the -no-ssloption registers the node successfully as the command is falsely executed in the SSL mode.


The get-jvm-prop command does not print the command when echo is enabled in shell mode.


Incorrect error messages are displayed when you execute the list-locks and expire-lock commands.


A 'null' message is displayed if you execute the list-instances, list-crls, list-tokens, and list-certs commands without specifying the configuration name.


The error message for the list-url-redirects command is not localized.


wadm prompts for a token pin if you specify an invalid configuration name while trying to delete an existing certificate.


While creating an HTTP listener using the CLI, the create-http-listener command creates a listener with null value as name.


If you do not specify a virtual server while executing the list-dav-collections command, an incorrect error message is displayed.


If you do not specify the authentication database while executing the list-users, list-org-units, list-groups, and list-group-members commands, an incorrect error message is displayed.


If you do not specify a virtual server while executing the list-uri-patterns command, an incorrect error message is displayed.


If you do not specify a JNDI name or specify an invalid JNDI name while executing the list-jdbc-resource-userprops, list-soap-auth-provider-userprops, list-auth-realm-userprops, list-external-jndi-resource-userprops, list-custom-resource-userprops commands, an incorrect error message is displayed.


Error message given when entering invalid wadm command is misleading.

When you type an invalid command, an error message “Invalid command <command name>. Use "help" command for a list of valid commands.” is displayed. The help man page does not contain a list of valid command. Therefore this error message is misleading. 


The create-user command usage for the LDAP authentication database is ambiguous.


The set-cert-trust-prop command accepts incorrect properties and does not show proper error message.


Administration Server does not validate the password length and mechanism support of the given token.


Certificate with same server name as existing certificate cannot be created with the same nickname.


Virtual Server Web Applications page title help is incorrect.


Prompt to enter token pin while starting instance should not appear if configuration has not been deployed.


Admin Console does not provide an option to edit document directories and CGI records.


Admin Console should have a tab to add and edit MIME mappings at the Virtual server level.


`Current Password' field in the Nodes -> Select Administration Server-> Certificates -> Token Password Management page should be disabled if no token password has been set for the administrator.


Unable to configure uri-pattern specific configurations using the Admin Console.


Admin Console displays invalid properties when custom authentication database user properties are created through Administration CLI.


The Admin Console Migrate wizard creates multiple configurations if you click the Finish button multiple times.


Admin Console has 508 compliance issues.


User selection process in the Common Tasks->Edit Virtual Server->WebDAV->New page needs validation.


Installed CRL should have a meaningful name.


Administration CLI should support URIs, URI prefixes, URI wildcard patterns, and URI regular expressions for all commands that operate on URI space.


Search schedule events do not work from the Admin Console.


64–bit instance does not start on 32–bit remote node.


When a server certificate with data in non-DER format is installed, an incorrect error message is displayed.


Exceptions in Certificate Installation wizard not clear.


No validation exists for 'Java Home' field; accepts invalid data.


HTTP Listener field accepts names with spaces. This is invalid.


Unable to edit MIME types either using the Admin Console or the CLI.


GUI and CLI accept Web Server 7.0's server root for migration

The Admin Console and the CLI accept the Web Server 7.0 path instead of Web Server 6.1 or Web Server 6.0 path during migration. Web Server 7.0 path is not a valid path for the server-root property in the migrate-server command.


Default and null values get stored in obj.conf when a new configuration is created and saved using the Admin Console.

Administration Server stores the values passed by the Admin Console into obj.conf file without any validation.


SaveConfigException displayed on CLI during set-authdb-prop.

If a nonexistent file path is provided to the path property for keyfile authdb by using the set-authdb-prop command, results in SaveConfigException instead of a File does not exist message.

See the error log for the Administration Server. 


At times, the execution of stop-admin command displays the "Admin Server Not Running" message when the Administration Server is actually running.


The get-cert-prop does not display only those properties mentioned in the <displayproperties> element.


Server error on trying to access a file in the cgi-bin directory.


wadm commands do not return valid error codes [0-125] when success or failure.


Session failover does not happen with RequestDispatcher include call.

While deploying two web applications on a cluster where the first application calls on the second application using the RequestDispatcher() include call, the persistence valves are not called during the RequestDispatcher()'s invoke() method, and session replication does not occur.


Incorrect load factor set for BaseCache.

Session replication does not support more than two web applications. 


Session replication fails to work on multiple web applications involving RequestDispatcher due to bad sequence.


Incorrect path is set on SR-intanceId cookie.

The SR-instanceId cookie should be set to the web application's path instead of the servlet's path.


The create-authdb command does not validate the URL at the time of the authentication database (authdb) creation. The create-authdb command successfully creates an authentication database with the wrong URL.


The get-error-log and the get-access-log commands displays cluttered and improper messages.


The wadm deploy fails to deploy the cluster configuration.

If any changes occur to the instance configuration files, manually or otherwise, the deploy-config command displays an error message stating that the instance has been modified.


No Admin Console is available to deploy web applications in user specific location.


Does not prompt for the token password when the instance is started from the wadm command prompt with a wrong token-pin.


Incorrect text in Groups settings page.

The text should read as “From this page you can add/remove user groups in the selected Authentication Database” instead of “From this page you add/remove user groups in the selected Authentication Database.” 


Incorrect message when you delete a JVM profiler.

The message should read as “Profiler deleted successfully” instead of “Profiler saved successfully”. 


Incorrect error message is displayed when you provide a wrong path while adding web application.


The window titles of the Admin Console wizards are not consistent.


Admin Console gives incorrect error message when you provide invalid Directory Server configuration values.


URI prefix of document directories is accepts the value without '\'.


The list-instances command lists the instances even if you do not specify the configuration value.


Token password changes made through the CLI is not reflected in GUI. It requires a browser refresh.


Migrating certificate with an invalid file path using the migrate-jks-keycert command, prompts the user to enter the keystore-password and the key-password.


The create-selfsigned-cert command allows you to define an inappropriate validity period while creating a server certificate.


The delete-cert command does not delete a certificate which is created with token "Sun Software PKCS#11 softtoken".


The list-events command output is not aligned.


dayofweek does not take "*" as an option.

For example, set an ACL as follows:  

acl "uri=/"; 
deny (all) dayofweek="*"; 
allow (all) dayofweek="Sat,Sun";

In this program, you are restricting access on all days of week except Saturday and Sunday. This program does not work as you can you can successfully access the ACL on a Monday. 


Admin Console should provide large text region for entering class path prefix, class path suffix, and native library path prefix.


Usability issues in the Install CRL page after incorrect file path is entered for CRL file on server.


The Instance->New page has incorrect title.


The Common Tasks->Select configuration ->Select Virtual Server ->Edit Virtual Server ->WebDAV->New page should have the Enter Users field only if the authentication database is PAM.


Admin Console allows you to create an ACE without entering user or group information for ACL. The check is not done if the authentication database is PAM.


Inline help for range of values accepted by Request Header Time-out text field is incorrect.


The Admin Console displays an exception when you create a duplicate record of a MIME types.


Deploying a new web application using the Admin console kills sessions for all existing web applications.


With delete instance option, instead of deleting the symbolic links, the uninstaller deletes files from symbolic links.


Crash detected when creating properties with empty URI pattern


htaccess rules can become corrupted in memory.

If a single .htaccess file has more than five allow or deny rules, it is possible that some of the rules may become corrupted in memory. If this occurs, some of the rules may be bypassed.


deploy-config fails when you modify JSPs or any other files in the webapps directory of the instance.

When using the pull-config either through the Admin Console or through the CLI, only the contents of the instance_dir/config directory is pulled into the config-store. In Web Server 7.0, when pull-config was used, the contents were pulled into instance_dir/config, instance_dir/lib, and instance_dir/web-app directories.


Front-end file accelerator cache.

Depending on ACLs and obj.conf configuration, a front end accelerator cache can service static file requests for URIs that were previously processed using NSAPI. The accelerator cache must work with the default configuration.


Output directives are not invoked for 0-byte files.

Output directives are not invoked for 0-length responses unless protocol_start_response() is called. send-file does not call protocol_start_response() function. Output directives are not invoked when sending 0-byte files.


Server crash with large output buffers.

If the output stream buffer size is bigger than the input buffer size, the server might attempt to buffer data at an invalid address. The default input buffer size is 8192 bytes.  


Cannot disable access logging in default server instance.

The value of the <access-log> <enabled> element is ignored in the server.xml file.


Accelerator cache does not handle ssl-unclean-shutdown properly.

The accelerator cache does not interact correctly with the AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true" directive in the default configuration. When such a directive is present, the accelerator cache applies the "unclean shutdown" setting to every connection, regardless of the browser used.


On HP-UX, SNMP fails for some oid values.


Due to lack of the HP-UX API support and complexity, network in and out traffic statistics is not implemented. Use HP tools for monitoring the traffic statistics. 


The AdminException messages displayed on the Admin Console are not localized.


Displays incorrect characters in search results on the left panel of online help on non-English locales.


Localized online help content have some differences from the English version.

Issues resolved in Web Server 7.0 Update 2 Release


Web Server fails to start when HTTP listener protocol family="nca" is used for Solaris SPARC, Linux and HP-UX platforms.

Web Server instance does not restart on setting the Protocol-Family property to nca in the EditHTTPListener wizard.


Setting digestauthstate property through the set-authdb-prop CLI does not validate the value and allows to set junk value for this property.


The Results page in all Admin Console wizards should be aligned properly.


The default server.xml should not contain the <stack-size> element.


The create-instance command fails on remote node intermittently and logs HTTP 400 error.


Executing the create-instance command immediately after starting a remote node fails on the remote node.


The list-cert command does not list the certificates if the certificate nickname contains a colon.


<pkcs11> element not removed from server.xml even when child elements are absent.


<pkcs11/> added to server.xml when token pin is set.


Cannot edit WebDAV collection properties through the Admin Console

When a configuration is deployed on multiple nodes, the lockdb path must be a shared location mounted on the same path on all the nodes. Additionally, to list or expire locks in the lockdb from the Admin Console, the same path must be writable from the Administration Server.


The add-webapp command when used with JSP pre-compilation option does not delete the previously precompiled JSP files.


The Admin Console or the Admin CLI does not provide support to add CA certificates to the Administration Server.


'external' expression function with quoted path is not working.


On HP-UX, SNMP fails for some oid values.


On HP-UX 11.11, Web Server fails to start when max heap size is 2048 MBytes or greater.


The basic-search.html has unclear description.


Installing the stand-alone product over an existing Java ES installation and vice-versa is not supported.


On Windows - unable to deploy configuration and start up after disabled Java

Known Issues

This section lists the important known issues and limitations at the time of Web Server 7.0 Update 2 release.


The following table lists the known issues in the administration of Web Server.

Table 4 Known Issues in Administration

Problem ID 



A node can be registered to multiple administration servers which may cause a configuration conflict.

It is possible to register a node to a second Administration Server without canceling the registration with the first Administration Server. However, this leads to the nodes becoming inaccessible to both the Administration Servers. 


On each registration, restart the administration node. The administration node will be available to the most recent Administration Server it has registered to. 


wadm command allows connecting to a node, shows a certificate and then throws a 'HTTP 400 Error'.

When an administration node receives a connection, the administration node does not check the connection is from the Administration Server before proceeding. It not only prints an inappropriate error message, but also prompts the user to enter the password.  


Cannot access shell/system variables from wadm.


wadm does not inherit the shell environment variables. However, to make the shell variables it available to wadm, use

"java::call System getenv env_var_name

For example: 

For accessing the shell environment variable MAIL from within wadm, type the following command at the wadm prompt:

wadm> java::call System getenv "MAIL"


User and password dialog presented instead of directory index.

By default, Web Server 7.0 does not send a directory index unless the user has been authenticated. Attempting to access a directory prompts the user to enter a user name and password. This occurs because the default Access Control List (ACL) in Web Server 7.0 grants the list access right only to authenticated users. 


You can grant the list access right to unauthenticated users using the Admin Console or by editing the default.acl file. For more information on how to grant list access right, see Configuring Access Control in Sun Java System Web Server 7.0 Update 2 Administrator’s Guide.


Session replication enabled instances does not come up normally, if other instances in the cluster are not started.


After migrating the Java keystore keycerts using the migrate-jks-keycert command, trying to list the migrated jks keycerts using the list-certs command, displays the CN, org and other information instead of the certificate nickname.


While setting the SSL property using the wadm set-ssl-prop command, the server-cert-nickname property accepts any certificate nickname, instead of accepting only the server certificate nickname.


The set-session-replication-prop CLI command does not work if the 'node' option is provided with a qualified domain name.


Use the output of the list-nodes command for the valid names of the nodes in the set-session-replication-prop command.


Specifying "yes" at the wadm prompt crashes the CLI.


When you try to connect to the Administration Server after the administration certificates have expired, an incorrect error message is displayed.


The register-node command gives an incorrect error message when the Administration server runs out of disk space.


If no disk space is available on the device, wadm throws an incorrect error message "Unable to communicate with the administration server".


Executing the migrate-server command with both "--all" and "--instance" options does not result in an error.

A warning or an error message should be displayed indicating that the user is attempting the set mutually exclusive options. 


The Start Instances. button in the Admin Console is enabled for instance which is already running.

The buttons should be enabled or disabled based on the status of the instance. 


wadm allows you to define duplicate user properties.

Adding duplicate user properties does not show an error message; however, a new user property is not created. 


There is no provision to create new Access Control List (ACL) file using the Admin Console or the CLI.


On Windows, using an existing configuration, repeating the process of adding and removing the registered nodes causes validation failure.


Clicking on the Version button in the Admin Console result in “file not found” warning in Administration error logs.


MIME Types allows MIME value with multibyte characters.


Text in Access Control List page is not formatted.


User can be switched between `available' and `selected' lists in ACE even though the user is deleted from the authentication database.


No warning is issued before the deletion of key or the digestfile authentication database.


When a single user in group is deleted, an incorrect message “Group Saved Successfully" is displayed.


Administration Interface allows you to create a new user with multi-byte User ID in the keyfile authentication database.


User and Group table in the Admin Console displays the entire result in a single page.


Labeling of the Request Certificate and Install buttons in the Admin Console Create Self-Signed Certificate page needs to be revised.


Add and Remove buttons are enabled in new ACE window even if no items are present in the `Available' list.


Admin Console truncates the display of server logs at 50 lines or 2 pages.


No validation exist to check the entry of wrong country code in the certificate request wizard.


In the Admin Console, no text field description is provided for virtual-server, authdb, dav collection, and event fields .


Admin Console shows wrong JDK version while creating a new configuration.

The JDK version displayed in the Admin Console is 5.0 u6 instead of 5.0 u7. 


Style formatting is lost after restarting the Administration Server from Nodes -> Administration Server General tab.


Attempting to access the Admin Console in another tab of the same browser does not work.


View Log displays result in a single page.

Although the search criteria selected for record size is 25 log entries, the log displays the results in one single page even if there are more than 50 log entries. 


Token mismatch error is displayed when you remove the token password and then reset it in the Common tasks -> Select configuration -> Edit configuration -> Certificates -> PKCS11 Tokens page.


The Virtual Server Management->Content Handling->Document Directories->Add should have a browse option to choose the path of a additional document directory.


Message displayed about WebDAV collection locks in the Admin Console is misleading.

If you specify the time-out value for the WebDAV collection as infinite, the Common Tasks->Select Configuration ->Select Virtual Server->Edit Virtual Sever ->WebDAV->Select collection page displays the message DOES NOT EXPIRE. What it actually means is that the lock does not expire automatically after a specified time or the time-out is infinite.


Incorrect error message is displayed on setting empty token password using the `Set passwords' button.



Instance fails to restart if you try to edit a token password and deploy a configuration on an instance which is already running.


The Admin Console displays an exception when you delete a configuration and click on the Migrate button.


The Admin Console Review screen in wizards should only show fields that have values.


During migration, the log-dir path permission is not validated.


Cannot log in through the Administration CLI if the administration password has extended ASCII characters.


The error-response file name should be validated.


Administration server starts with expired certificate; wadm should warn about expired certificates.


The unregister-node command should also clean up certificates on the administration node.


WebDAV lock CLIs do not work in a cluster environment.


Multiple installations of the administration nodes on the same node that is registered to the same administration server should be not be allowed.


Accessing the administration node URL results in Page Not Found error.

As the administration node does not have a GUI, accessing the administration node URL results in Page Not Found error.


No validation for class path prefix and suffix, and native library path in JVM Path Settings in Java.


The server.xml elements should be grouped based on functionality.


Web Server should store its pid file and UNIX domain sockets in /var/run instead of /tmp.


On Windows, Administration Server moves the Web application files physically before stopping the Web application.


The Admin Console misleads user with "Instance modified" message when runtime files gets created in the config directory.


Trust store does not deleted on uninstalling the administration node after unregistering it with the administration server.


Changes made to the JavaHome property does not get saved after restarting the instance.


No obvious way to reset the administration server password.


  1. Comment out the security-constraint in install_dir/lib/webapps/jmxconnectorapp/WEB-INF/web.xml.

  2. Restart the Administration Server.

    This action turns off the authentication on the administration server.

  3. Set the administration password by using the set-admin-prop command.


[JESMF CONFORM] CP when stopping should call MfManagedElementServer_stop().


Need better validation in certain text fields to prevent obj.conf file corruption.

Most of the functional validation of the data in a form is done in the back end. The GUI has only minimal checks such as empty fields, integer values, and ASCII values. Hence, the GUI stores the data in the obj.conf when parsed gets corrupted .


Admin Server does not time-out if the server instance restart does not respond.

On UNIX systems, the Administration Server waits until the server instance is restarted when the restart-instance command is executed. If the instance is not successfully restarted, the Administration Server does not respond to requests.


Executing the restart-admin command followed by the stop-admin command throws exception in administration error logs.


SNMP master agent process fails to start on Web Server


Changing the tcp_xmit_hiwat value to a higher value like 262144 , peer SNMP master agent functions properly. Type the following command to change the tcp_xmit_hiwat value.

# ndd -set /dev/tcp tcp_xmit_hiwat 262144


On Windows, wdeploy command fails if older version of libnspr4.dll is found in the system32 directory.


Before calling Java, edit the wdeploy.bat file that is available in install_dir/bin directory. Change the path of the Java directory to install_dir/lib directory. This modification makes Windows look for libnspr4.dll in the install_dir/lib directory before it looks in system32 directory.


On Windows, the Admin Console intermittently fails to come up.


  1. This problem is seen on Windows 2003 if you have "Internet Explorer Enhanced Security Configuration" enabled.

  2. To access the Admin Console without disabling Enhanced Security feature, include the site in the list of trusted sites explicitly on the browser.

  3. Go to Control Panel > Add/Remove Programs > Add/Remove Windows Components.

  4. Deselect the check box next to Internet Explorer Enhanced Security Configuration.


Web Server installer should import the admin self signed certificate into IE certificate tab.

When the Admin console is accessed using a browser, a pop-up (in the case of IE6 and Mozilla/Firefox) or a warning page (IE7) may be displayed stating that the certificate is not issued by a trusted certificate authority. This is because, the administration server uses a self-signed certificate. To proceed to the Administration GUI login page, do the following:  

  • On Mozilla/Firefox, click on the OK button in the pop-up window.

  • On Internet Explorer 6, click on the Yes button in the pop-up window.

  • On Internet Explorer 7, click on the "Continue to this website" link in the page.

The above procedure will accept the certificate temporarily for that browser session. 

To accept the certificate permanently, follow the steps below: 

  • On Firefox/Mozilla:

    Select the "Accept this certificate permanently" radio button in the pop-up window and click OK.

  • On Internet Explorer 6.0:

    1. Click on the "View Certificate" button in the pop-up window.

      Displays another pop-up window.

    2. Select the "Certification Path" tab, select the admin-ca-cert.

    3. Click on the "View Certificate" button and then on "Install Certificate..." button.

      Invokes the certificate import wizard using which you can import the admin CA certificate into the trusted root certificate database.

  • On Internet Explorer 7:

    1. Click on the "Continue to this website" link on the warning page.

      The login page is displayed.

    2. Click on the "Certificate Error" link located next to the address bar.

      A warning window is displayed. Click on the "View certificates" link.

    3. Follow the steps 1 to 3 as described in the section "On Internet Explorer 6" to import the admin CA certificate into the trusted root certificate database.


Create self signed certificate fails when the "Sun Metaslot" pin is not set


Before creating the self signed certificate, set the "Sun Metaslot" password using the pktool

# pktool setpin

Provide the password. 

Now create the self-signed certification either by using the create-self-signed-cert command or the Admin console.


The following table lists the known issues in the core of Web Server.

Table 5 Known Issues in Core

Problem ID 



When there is an error executing an obj.conf directive, the filename and line number where the offending directive was found are not logged.


When server.xml schema validation fails due to a data type constraint violation, it displays an error message that does not describe the set of valid values for the element.


All HTTP header parsing error are not logged with the client IP and a description of the error.


set-variable SAF could not set predefined variable.


service-nsfc-dump entry hit counts are 0 with <replacement>false</replacement>.

If <replacement>false</replacement> is specified in server.xml file, entry hit counts show as 0 in the service-nsfc-dump output. However, the cache hit counts are displayed correctly.


Server treats non-interpolated strings that contain $$ character constants as interpolated.

When a parameter value contains a $$ escape, the server constructs a PblockModel for the parameter block. This is unnecessary because $$ is a constant.


Connection queue size set by server for 1024 max file descriptor is very less (128)

Web Server reserves the file descriptors for various components. If connection pool queue size, file cache max open files and keep-alive max connections are not set, then after reserving file descriptors for other components, Web Server divides the available descriptors among three. On systems where default value of max file descriptor is low, for example, Solaris 8 and RHEL, the connection pool size might be set to a low value. For example, on RHEL, the default value of max file descriptors is 1024. If the connection queue size is not assigned, then Web Server assigns 128 connections to connection queue. The value can be very low on busy systems. If connections starts timing out, users should set higher value for max file descriptors. 


The following table lists the known issues in the FastCGI.

Table 6 Known Issues in FastCGI

Problem ID 



The fastcgi stub does not properly close all the processes when reuse-connection is set to true.

Configure Web Server 7.0 to work with PHP as a FastCGI plug-in and set reuse-connection=true. When you shutting down the server or reconfiguring the server, the fastcgi() process and its child processes are left behind and not killed properly.


Memory leak in Fastcgistub causes hang in the Fastcgi sub-system


The following table lists the known issues in the installation of Web Server.

Table 7 Known Issues in Installation

Problem ID 



Exception installing Web Server on Ubuntu.

On Linux Ubuntu, the package which contains the /bin/domainname is not available by default. You must install these packages for the Web Server installation to succeed.

To install the package, type the following command: 

sudo apt-get install nis


Web Server cannot be installed without installing compat-libstdc++.


On newer versions of Linux, for example, Red Hat Enterprise Linux 3, install compat-libstdc++ before installing Web Server 7.0.


REDHAT ES4.0 Linux 64-bit installaton fails by having compat-libstdc++-33-3* (64-bit)version


You must install the following RPMs for successful installation: 

  • compat-libstdc++-33-3.2.3-47.3.<arch> 32 & 64 bit rpm's

  • libgcc-3.4.3-22.1.<arch> 32 & 64 bit rpm's

  • zlib-


Uninstalling the administration node does not delete itself from the administration server node.

After installing the administration node and registering it with the administration server in the Node tab, the administration node is listed in the Node tab. When the administration node is uninstalled, the administration node entry remains in the Node tab. 


Cannot install if the setup is started from a shared folder on the network.

On the Windows platform, unable to install the product when the installer setup.exe is started from a shared network folder on another machine.


On Windows, installer crashes in CLI mode, if the administration password is >= 8 characters.

If the administration user password is greater than eight characters, then any invalid input to the administration port, web server port, or the administration user ID crashes the installer. 


When installing Web Server 7.0 on the Windows platform using the command-line interface (CLI), the administration password must be set to less than (<) eight characters. 


On Windows, need icons for objects in Programs folder.

The objects in the Sun Java System Web Server 7.0 folder on Windows are created with default Windows program icons and do not have specific icons that denote Sun programs. 


The CLI installer does not handle ctrl+c while entering the password.

The installer does not accept ctrl+c and hence the terminal becomes unusable.


On Windows, Web Server installation should use -Xrs JVM option by default.


Because the Web Server installs as a windows service by default, add the following line to the appropriate section of the server.xml:


Migration and Upgrade

The following table lists the known issues in the migration and upgrade areas of Web Server.

Table 8 Known Issues in Migration and Upgrade

Problem ID 



Incorrect migration occurs while migrating from Web Server 6.0 to 7.0 if the installed.pkg file is not found.

In Web Server 6.0 to 7.0 migration, if the installed.pkg file is missing, Web Server incorrectly migrates the NSServlet entries in the magnus.conf file.


6.x -> 7.0: Migrated scheduled events still points to 6.x paths in the server.xml file.



6.1->7.0: Migration does not handle relative path set for search-collection-dir correctly.

During instance migration, specifying a relative path for the target path into which the search collections should be copied, results in the search collection directory being created with respect to the config-store. When the instance is instantiated, the indexes are created without properly migrating the search collections.


6.x->7.0: Migration ignores any "document-root" NameTrans specified in the obj.conf file.


On Windows, Web Server Admin Console does not appropriately warn users during migration.

Administration Server does not detect if the selected new configuration or the service name already exists on Windows and hence does not appropriately warn the users to select a different configuration name or suggest a different configuration name as default. 


Web Server 7.0 migration tool is unable to successfully migrate from Web Server 6.1 if it has Root Certs installed in it.


Unclear error message if CLI and Administration Server versions are incompatible.

While upgrading Web Server 7.0 installation to Web Server 7.0 Update 2 , make sure that the entire setup CLI, Administration Server and all the Administration Nodes are also upgraded to Web Server 7.0 Update 2. This is because, Web Server 7.0 administration interfaces will not work correctly with Web Server 7.0 Update 2 administration interfaces. 


The Admin console does not add the required functions in the obj.conf file for a migrated instance.

When a JVM disabled Web Server 6.0 instance is migrated to Web Server 7.0 and when the migrated instance is enabled with the JVM option using the Admin console, the process does not add the following necessary lines in obj.conf file.

NameTrans fn="ntrans-j2ee" name="j2ee"
PathCheck fn="find-index-j2ee"
ObjectType fn="type-j2ee"
Error fn="error-j2ee"


On Windows, server fails to start after upgrading from Web Server 7 that is part of the Java ES 5 release to Web Server 7.0 Update 2 release using the patch.


On Windows, to upgrade the Web Server that is part of Java ES 5 or Java ES 5 Update 1 release to Web Server 7.0 Update 2 release, ensure the following security patches are installed on the system. 

  • 125923-05 or later

  • NSS_NSPR_JSS 3.11.8

  • NSPR 4.6.8

  • NSS 3.11.8

  • JSS 4.2.5


Security patch 121656-16 is a mandatory perquisite for Sun Java System Web Server 7.0 Update 2 Linux patch on Java ES 5/U1. However, the security patch exhibits cyclic dependency, hence making it impossible to apply any of the patches. 


In order to avoid this scenario, use the --force option. For example: 

rpm -F --force <list of rpms to be applied>


On non-windows platforms (Solaris, Linux and HP-UX), if you have installed Web Server 7.0 or 7.0 update 1 without sample applications and if you upgrade to Web Server 7.0 update 2, you will see the following error message:  

A problem occurred during upgrade. To troubleshoot the problem, review the installation log at: <install-dir>/setup/Sun_Java_System_Web_Server_install.log

Note –

This error does not impact the upgrade.

Sample Applications

The following table lists the known issues in Sample Applications of Web Server.

Table 9 Known Issues in Sample Applications

Problem ID 



sendmail.jsp shows incorrect file to be edited to specify for javamail sample application.


To set, edit the and not the build.xml as specified in install_dir/samples/java/webapps/javamail/src/docroot/sendmail.jsp.


Sample applications documentation must mention adding jar file to the class path in the properties file.

In the install-dir/samples/java/webapps/security/jdbcrealm/docs/index.html, under 'Compiling and Assembling the Application' section, there must be a mention of adding JDBC driver jar file to class path suffix in the file.


The following table lists the known issues in the search functionality of Web Server 7.0.

Table 10 Known Issues in Search

Problem ID 



server.xml does not store the full file pattern for converting and including search .

The schema does not store the full file pattern allowed by both the Admin Console and the search administration tools in this version of the Web Server. It also has no way to represent the full file pattern that might sometimes need migration from the previous versions of the Web Server.  


On Red Hat Linux Enterprise Linux 5, Search functionality does not work properly.

On a Red Hat Enterprise Linux machine, if the compat-libstdc++ library is installed, you must remove the installed rpm and download/install the compat-libstdc++-296-2.96-132.7.2.i386.rpm .

For x86 32–bit and 64–bit download and install the compat-libstdc++-296-2.96-132.7.2.i386.rpm.

Note –

Do not download/install an rpm from unreliable sources as it may lead to security vulnerabilities.


The following table lists the known issues in the security area of Web Server.

Table 11 Known Issues in Security

Problem ID 



Limitation supporting basic and digest-based ACLs for resources in the same directory.

If the server uses digest and basic-based ACLs in different parts of their doc tree, attempting to use both simultaneously on different files or resources in the same directory is not possible. 


TLS_ECDH_RSA_* require the server cert signed with RSA keys.

Cipher suites of the form TLS_ECDH_RSA_* requires server to have an ECC keypair with a cert signed using RSA keys. Note that this precludes using these cipher suites with self-signed certificates. This requirement is inherent to these cipher suites and is not a bug. The server should detect and warn about wrong configurations related to these cipher suites but currently it does not do so.


Red Hat Enterprise Linux instance fails to start when the file system SELinux security is enabled.

Newer Linux distributions have new kernel security extensions enabled from the SELinux project. These extensions allow finer grained control over system security. However, SELinux also changes some default system behaviors, such as shared library loading that can be problematic to third-party programs. If you receive the error message “Cannot restore segment prot after reloc: Permission denied" when starting the Web Server Admin Server or instance, that means the system is SELinux enabled. 


To overcome this failure: 

  1. Change the default security context for the libraries loaded by the Web Server by typing the following command:

    chcon -t texrel_shlib_t $WS_DIR/lib/*.so
  2. Disable SELinux by adding the following line to the /etc/sysconfig/selinux file.



Sun crypto 1000 with Web Server needs Solaris 10 patch 125465-02 (SPARC) and 125466-02 (x86).


The required patch for the Solaris 10 platform (SPARC) is available here:

The required patch for the Solaris 10 platform (x86) is available here:

Session Replication

The following table lists the known issues in the session replication functionality of Web Server 7.0.

Table 12 Known Issues in Session Replication

Problem ID 



Descriptive error message is not displayed when an error occurs remotely.

When an exception occurs remotely, error messages are logged in the error log of the remote instance. However, the local instance currently displays a generic remote exception which does not clearly indicate which error log that the user must view. 


Session replication does not failover correctly when cookies are disabled on the client.


When enabled, session replication should be the default session manager.

After enabling session replication by using the Admin Console or the CLI, or by editing the server.xml file, session replication is not really enabled. Instead, sun-web.xml needs to be manually edited.

Web Container

The following table lists the known issues in the web container of Web Server.

Table 13 Known Issues in Web Container

Problem ID 



Web container writes to stderr.


Incorrect web application session statistics for MaxProcs > 1 mode.

Web Server runs in multi-process mode. The MaxProcs configuration variable in the magnus.conf is used to set the maximum number of processes. If the value for MaxProcs is set to greater than 1, the Web Server uses mmap-based session manager so that the session could be shared among different JVMs. While collecting statistics from multiple processes, web application MBeans provide session for individual MBeans. There is no way to find the true number of sessions by seeing individual MBean's web application session statistics.



Web container deletes the disabled web application MBeans object.

When the web application is disabled by setting the <enabled> element to false in the server.xml file, the web container deletes the web application's MBeans and hence treats it as a closed or deleted web application. Since disabled objects are deleted, statistics are also lost.


No information is logged in error logs at the finest log level on successful JNDI resource creation.

6422200 does 1 byte reads.

When reading the server.xml file, the first line containing the XML version number and the encoding is read 1 byte at a time.


Servlet container collects statistics when stats enabled element is set to false in the server.xml file.


Servlet container creates a thread per virtual server.


REQ_EXIT causes javax.servlet.ServletException.


JSF Web Applications running on Web Server 7.0 may break when running on Web Server 7.0 Update 1.

Web Server 7.0 Update 1 ships with JavaServer Faces 1.2 technology. All JavaServer Faces web applications are expected to work with Web Server 7.0 Update 1 without any modifications. However, there are a few known compatibility issues with JavaServer Faces 1.2 and might require applications to be modified to address these incompatibilities. The incompatibilities are documented in the JavaServer Faces release notes at:

Java ES 5 Portal Server users are suggested to delay upgrading to Web Server 7.0 Update 1 until Java ES 5 Update 1 is released.  


The following table lists the known issues in the localized version of Web Server.

Table 14 Known Issues in Localization

Problem ID 



Search filter “*” does not work correctly for multi-byte strings.


On Windows 2003, when a command is executed from the CLI, the message is not encoded correctly.


There is no functionality equivalent to use-responseCT-for-headers in Web Server 7.0.

Response header encoding is enabled at the web-app level by setting the value of the configuration parameter use-responseCT-for-headers to any of the values; yes, true, or on in the web-app/sun-web.xml file.

For example, set Response header encoding as follows: 

<parameter-encoding form-hint-field="j_encoding"/>
<property name="use-responseCT-for-headers" value="true" />


FastCGI Handler new Role is always created with "English" name. 


Unlocalized strings are seen in CGI settings page. 


CLI installer "Enter your option" is in English in localization locale. 


Links at the bottom of the deployed instance's search page (http://instance:port/search) are not correct when the browser is set to german locale.


German user's should manually paste the below URLs in their browser's address bar:  

Terms of use:

Privacy policy:


Java Enterprise System

The following table lists the known issues in the Java Enterprise System (Java ES).

Table 15 Known Issues in Java ES

Problem ID 



Portal Server configures JVM stack size to 128K (too low) for Web Server 7.0 64–bit to start.

If Web Server 7.0 is already configured in 64–bit mode, and the Portal Server installation is started, Portal Server configuration does not set stack size to 128K. However, if both Portal Server and Web Server are already installed and configured in 32–bit mode, switching to 64–bit mode involve series of manual steps that are described in the Workaround section. 


If Portal Server part of Java ES 5 is deployed on top of the 32–bit version of Web Server 7.0, and if you would like to start the server in 64-bit mode, perform the following steps: 

  1. # install_dir/bin/wadm delete-jvm-options --user=admin --port=8989 --password-file=passfile --config=HOST_NAME "-Xms512M -Xmx768M -Xss128k"

  2. # install_dir/bin/wadm create-jvm-options --user=admin --port=8989 --password-file=passfile --config=HOST_NAME "-Xms512M -Xmx768M -Xss512k"

  3. Increase the native stack size of Web Server 7.0 to 139264 by typing the following command:

    # install_dir/bin/wadm set-thread-pool --user=admin --config=config_name --password-file=filename native-stack-size=139264

  4. Deploy the configuration.

    # install_dir/bin/wadm deploy-config


schemagen/xjc/wsgen/wsimport scripts not present in Java ES Web Server installation.

schemagen/xjc/wsgen/wsimport scripts are present in different locations in Java ES installation and stand-alone installation of Web Server.


The scripts are part of the Web Services components. In a stand-alone Web Server installation, these scripts and JAR files are located in install_dir/bin and install_dir/lib directories respectively.

In Java ES installation, scripts and JAR files are installed as part of the shared component and they reside outside the Web Server installation root.  

The location of scripts and JAR files on different platforms are listed below: 

Solaris OS: 

  • Scripts are under /opt/SUNWjax/bin directory.

  • JAR files are under /opt/SUNWjax/lib and /usr/share/lib directory.

Linux and HP-UX: 

  • scripts are under /opt/sun/bin and /opt/sun/share/jaxb/bin directories.

  • JAR files are under /opt/sun/share/jaxb/lib, /opt/sun/share/lib and /opt/sun/private/share/lib directories.


  • Scripts are under <JES_installation_dir>\share\bin and <JES_installation_dir>\share\jaxb2\bin directories.

  • JAR files are under <JES_installation_dir>\share\jaxb2\lib and <JES_installation_dir>\share\lib directories.


Sun Java System Portal Server search throws exception after Web Server upgrade.

Portal Server search functionality throws exception when upgrading Web Server from Java ES 4 to Java ES 5.  


Note –

Move the existing and library files to an appropriate location, somewhere outside the Web Server's private directories. Once the Portal Server libraries are in a suitable location, that path must be specified for the < path>:< path> in the following commands.

On Solaris platform, perform the following steps: 

  1. Copy the and files from Web Server 6.1 lib directory to an appropriate location.

    Note –

    For HP-UX, the files are and For windows, the files are libdb-3.3.dll and libdb_java-3.3.dll.

    Caution – Caution –

    Do not copy the library files to Web Server 7.0 private directories (For example, lib directory).

  2. Create a directory (mkdir) by name /portal_libraries. Copy the library files and to /portal_libraries.

  3. Use the wadm command to inform the Web Server about the location of the library files.

  4. Get the current native library path setting by typing the following administration CLI command:

    get-jvm-prop -user=admin --config=hostname native-library-path-prefix

    Save the output.

  5. Append the copied and path to the existing native library path by typing the following administration CLI command.

    set-jvm-prop --config=hostname native-library-path-prefix=<existing native library-path>:</portal-libraries-path>

    where, portal-libraries-path is the location of where you copied the and files in Step 1.

    If you do not get any results or output for the get-jvm-prop command, at the command prompt, set the native-library-path-prefix:


  6. Note –

    For Windows platform, use ';' as the separator for native-library-path-prefix parameter as follows:

    native-library-path-prefix=<existing native libarary path>;<portal-libraries-path>

    For non-Windows platform, use the ':' as the separator for native-library-path-prefix parameter as follows:

    native-library-path-prefix=<existing native libarary path>:<portal-libraries-path>

  7. Deploy the modified configuration by typing the following command:

    deploy-config [--user=admin-user] config-name


Migration logs reports a bogus "root is not a valid user" message on Java ES 5.

While migrating from Java ES 4 to Java ES 5 on UNIX platforms, the migration log file reports WARNING: "root is not a valid user". This is incorrect as the "root" user is valid on that host.


A lot of warnings/info messages displayed at Web Server startup on the standard output instead of routing these messages to the log file.


Web Server running on Windows contains no description for the service and the description is not updated after applying Java ES Update 1 patches.


When upgrading Java ES 5 software to Java ES 5 Update 1, Portal Server samples fail with JSF exceptions if you have upgraded only Web Server but not the Portal Server.

For more information, see Compatibility Issues.


SMF commands removes Java ES environment from startserv and stopserv scripts (Solaris 10 only).


Set the following LD_LIBRARY_PATH in the Solaris 10 environment. LD_LIBRARY_PATH=/usr/lib/mps/secv1:/usr/lib/mps:/usr/lib/mps/sasl2:$LD_LIBRARY_PATH

How to Report Problems and Provide Feedback

If you have problems with Sun Java System Web Server, contact Sun customer support using one of the following mechanisms:

So that we can best assist you in resolving problems, please have the following information available when you contact support:

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. Send your comments to Sun using the "Send comments" link at:

Please include identifying information with your comments, such as the part number and the title of the book.

To provide feedback on Sun Java System Web Server product, send email to

Additional Sun Resources

Useful Sun Java Systems information can be found at the following locations:

Searching Sun Product Documentation

Besides searching Sun product documentation from the web site, you can use a search engine of your choice by typing the following syntax in the search field:


For example, to search for "Web Server", type the following:

Web Server

To include other Sun web sites in your search (for example,,,, use in place of docs.sun.comin the search field.