This section lists the important known issues and limitations at the time of Web Server 7.0 Update 2 release.
The following table lists the known issues in the administration of Web Server.
Table 4 Known Issues in Administration
Problem ID |
Description |
---|---|
6364924 |
A node can be registered to multiple administration servers which may cause a configuration conflict. It is possible to register a node to a second Administration Server without canceling the registration with the first Administration Server. However, this leads to the nodes becoming inaccessible to both the Administration Servers. Workaround: On each registration, restart the administration node. The administration node will be available to the most recent Administration Server it has registered to. |
6379125 |
wadm command allows connecting to a node, shows a certificate and then throws a 'HTTP 400 Error'. When an administration node receives a connection, the administration node does not check the connection is from the Administration Server before proceeding. It not only prints an inappropriate error message, but also prompts the user to enter the password. |
6387762 |
Cannot access shell/system variables from wadm. Workaround: wadm does not inherit the shell environment variables. However, to make the shell variables it available to wadm, use "java::call System getenv env_var_name For example: For accessing the shell environment variable MAIL from within wadm, type the following command at the wadm prompt: wadm> java::call System getenv "MAIL" /var/mail/abc |
4793938 |
User and password dialog presented instead of directory index. By default, Web Server 7.0 does not send a directory index unless the user has been authenticated. Attempting to access a directory prompts the user to enter a user name and password. This occurs because the default Access Control List (ACL) in Web Server 7.0 grants the list access right only to authenticated users. Workaround You can grant the list access right to unauthenticated users using the Admin Console or by editing the default.acl file. For more information on how to grant list access right, see Configuring Access Control in Sun Java System Web Server 7.0 Update 2 Administrator’s Guide. |
6327352 |
Session replication enabled instances does not come up normally, if other instances in the cluster are not started. |
6393534 |
After migrating the Java keystore keycerts using the migrate-jks-keycert command, trying to list the migrated jks keycerts using the list-certs command, displays the CN, org and other information instead of the certificate nickname. |
6407486 |
While setting the SSL property using the wadm set-ssl-prop command, the server-cert-nickname property accepts any certificate nickname, instead of accepting only the server certificate nickname. |
6443742 |
The set-session-replication-prop CLI command does not work if the 'node' option is provided with a qualified domain name. Workaround Use the output of the list-nodes command for the valid names of the nodes in the set-session-replication-prop command. |
6468570 |
Specifying "yes" at the wadm prompt crashes the CLI. |
6469676 |
When you try to connect to the Administration Server after the administration certificates have expired, an incorrect error message is displayed. |
6480600 |
The register-node command gives an incorrect error message when the Administration server runs out of disk space. |
6495446 |
If no disk space is available on the device, wadm throws an incorrect error message "Unable to communicate with the administration server". |
6502800 |
Executing the migrate-server command with both "--all" and "--instance" options does not result in an error. A warning or an error message should be displayed indicating that the user is attempting the set mutually exclusive options. |
6416328 |
The Start Instances. button in the Admin Console is enabled for instance which is already running. The buttons should be enabled or disabled based on the status of the instance. |
6418312 |
wadm allows you to define duplicate user properties. Adding duplicate user properties does not show an error message; however, a new user property is not created. |
6421740 |
There is no provision to create new Access Control List (ACL) file using the Admin Console or the CLI. |
6423432 |
On Windows, using an existing configuration, repeating the process of adding and removing the registered nodes causes validation failure. |
6426116 |
Clicking on the Version button in the Admin Console result in “file not found” warning in Administration error logs. |
6430417 |
MIME Types allows MIME value with multibyte characters. |
6442081 |
Text in Access Control List page is not formatted. |
6442172 |
User can be switched between `available' and `selected' lists in ACE even though the user is deleted from the authentication database. |
6446162 |
No warning is issued before the deletion of key or the digestfile authentication database. |
6446206 |
When a single user in group is deleted, an incorrect message “Group Saved Successfully" is displayed. |
6448421 |
Administration Interface allows you to create a new user with multi-byte User ID in the keyfile authentication database. |
6455827 |
User and Group table in the Admin Console displays the entire result in a single page. |
6461101 |
Labeling of the Request Certificate and Install buttons in the Admin Console Create Self-Signed Certificate page needs to be revised. |
6462057 |
Add and Remove buttons are enabled in new ACE window even if no items are present in the `Available' list. |
6464891 |
Admin Console truncates the display of server logs at 50 lines or 2 pages. |
6465382 |
No validation exist to check the entry of wrong country code in the certificate request wizard. |
6465421 |
In the Admin Console, no text field description is provided for virtual-server, authdb, dav collection, and event fields . |
6466336 |
Admin Console shows wrong JDK version while creating a new configuration. The JDK version displayed in the Admin Console is 5.0 u6 instead of 5.0 u7. |
6471171 |
Style formatting is lost after restarting the Administration Server from Nodes -> Administration Server General tab. |
6471367 |
Attempting to access the Admin Console in another tab of the same browser does not work. |
6471792 |
View Log displays result in a single page. Although the search criteria selected for record size is 25 log entries, the log displays the results in one single page even if there are more than 50 log entries. |
6472932 |
Token mismatch error is displayed when you remove the token password and then reset it in the Common tasks -> Select configuration -> Edit configuration -> Certificates -> PKCS11 Tokens page. |
6486037 |
The Virtual Server Management->Content Handling->Document Directories->Add should have a browse option to choose the path of a additional document directory. |
6492906 |
Message displayed about WebDAV collection locks in the Admin Console is misleading. If you specify the time-out value for the WebDAV collection as infinite, the Common Tasks->Select Configuration ->Select Virtual Server->Edit Virtual Sever ->WebDAV->Select collection page displays the message DOES NOT EXPIRE. What it actually means is that the lock does not expire automatically after a specified time or the time-out is infinite. |
6498484 |
Incorrect error message is displayed on setting empty token password using the `Set passwords' button. |
6500157 |
Instance fails to restart if you try to edit a token password and deploy a configuration on an instance which is already running. |
6502287 |
The Admin Console displays an exception when you delete a configuration and click on the Migrate button. |
6502374 |
The Admin Console Review screen in wizards should only show fields that have values. |
6502793 |
During migration, the log-dir path permission is not validated. |
6266358 |
Cannot log in through the Administration CLI if the administration password has extended ASCII characters. |
6361329 |
The error-response file name should be validated. |
6367282 |
Administration server starts with expired certificate; wadm should warn about expired certificates. |
6375505 |
The unregister-node command should also clean up certificates on the administration node. |
6408169 |
WebDAV lock CLIs do not work in a cluster environment. |
6408186 |
Multiple installations of the administration nodes on the same node that is registered to the same administration server should be not be allowed. |
6416369 |
Accessing the administration node URL results in Page Not Found error. As the administration node does not have a GUI, accessing the administration node URL results in Page Not Found error. |
6422936 |
No validation for class path prefix and suffix, and native library path in JVM Path Settings in Java. |
6423310 |
The server.xml elements should be grouped based on functionality. |
6431984 |
Web Server should store its pid file and UNIX domain sockets in /var/run instead of /tmp. |
6441773 |
On Windows, Administration Server moves the Web application files physically before stopping the Web application. |
6462515 |
The Admin Console misleads user with "Instance modified" message when runtime files gets created in the config directory. |
6462579 |
Trust store does not deleted on uninstalling the administration node after unregistering it with the administration server. |
6468330 |
Changes made to the JavaHome property does not get saved after restarting the instance. |
6475536 |
No obvious way to reset the administration server password. Workaround
|
6489727 |
[JESMF CONFORM] CP when stopping should call MfManagedElementServer_stop(). |
6491749 |
Need better validation in certain text fields to prevent obj.conf file corruption. Most of the functional validation of the data in a form is done in the back end. The GUI has only minimal checks such as empty fields, integer values, and ASCII values. Hence, the GUI stores the data in the obj.conf when parsed gets corrupted . |
6493971 |
Admin Server does not time-out if the server instance restart does not respond. On UNIX systems, the Administration Server waits until the server instance is restarted when the restart-instance command is executed. If the instance is not successfully restarted, the Administration Server does not respond to requests. |
6497213 |
Executing the restart-admin command followed by the stop-admin command throws exception in administration error logs. |
6515745 |
SNMP master agent process fails to start on Web Server Workaround: Changing the tcp_xmit_hiwat value to a higher value like 262144 , peer SNMP master agent functions properly. Type the following command to change the tcp_xmit_hiwat value. # ndd -set /dev/tcp tcp_xmit_hiwat 262144 |
6545779 |
On Windows, wdeploy command fails if older version of libnspr4.dll is found in the system32 directory. Workaround Before calling Java, edit the wdeploy.bat file that is available in install_dir/bin directory. Change the path of the Java directory to install_dir/lib directory. This modification makes Windows look for libnspr4.dll in the install_dir/lib directory before it looks in system32 directory. |
6587832 |
On Windows, the Admin Console intermittently fails to come up. Workaround
|
6606243 |
Web Server installer should import the admin self signed certificate into IE certificate tab. When the Admin console is accessed using a browser, a pop-up (in the case of IE6 and Mozilla/Firefox) or a warning page (IE7) may be displayed stating that the certificate is not issued by a trusted certificate authority. This is because, the administration server uses a self-signed certificate. To proceed to the Administration GUI login page, do the following:
The above procedure will accept the certificate temporarily for that browser session. To accept the certificate permanently, follow the steps below:
|
6606132 |
Create self signed certificate fails when the "Sun Metaslot" pin is not set Workaround Before creating the self signed certificate, set the "Sun Metaslot" password using the pktool # pktool setpin Provide the password. Now create the self-signed certification either by using the create-self-signed-cert command or the Admin console. |
The following table lists the known issues in the core of Web Server.
Table 5 Known Issues in Core
Problem ID |
Description |
---|---|
6296993 |
When there is an error executing an obj.conf directive, the filename and line number where the offending directive was found are not logged. |
6365160 |
When server.xml schema validation fails due to a data type constraint violation, it displays an error message that does not describe the set of valid values for the element. |
6378940 |
All HTTP header parsing error are not logged with the client IP and a description of the error. |
6470552 |
set-variable SAF could not set predefined variable. |
6486480 |
service-nsfc-dump entry hit counts are 0 with <replacement>false</replacement>. If <replacement>false</replacement> is specified in server.xml file, entry hit counts show as 0 in the service-nsfc-dump output. However, the cache hit counts are displayed correctly. |
6489220 |
Server treats non-interpolated strings that contain $$ character constants as interpolated. When a parameter value contains a $$ escape, the server constructs a PblockModel for the parameter block. This is unnecessary because $$ is a constant. |
6639402 |
Connection queue size set by server for 1024 max file descriptor is very less (128) Web Server reserves the file descriptors for various components. If connection pool queue size, file cache max open files and keep-alive max connections are not set, then after reserving file descriptors for other components, Web Server divides the available descriptors among three. On systems where default value of max file descriptor is low, for example, Solaris 8 and RHEL, the connection pool size might be set to a low value. For example, on RHEL, the default value of max file descriptors is 1024. If the connection queue size is not assigned, then Web Server assigns 128 connections to connection queue. The value can be very low on busy systems. If connections starts timing out, users should set higher value for max file descriptors. |
The following table lists the known issues in the FastCGI.
Table 6 Known Issues in FastCGI
Problem ID |
Description |
---|---|
6485248 |
The fastcgi stub does not properly close all the processes when reuse-connection is set to true. Configure Web Server 7.0 to work with PHP as a FastCGI plug-in and set reuse-connection=true. When you shutting down the server or reconfiguring the server, the fastcgi() process and its child processes are left behind and not killed properly. |
6644322 |
Memory leak in Fastcgistub causes hang in the Fastcgi sub-system |
The following table lists the known issues in the installation of Web Server.
Table 7 Known Issues in Installation
The following table lists the known issues in the migration and upgrade areas of Web Server.
Table 8 Known Issues in Migration and Upgrade
The following table lists the known issues in Sample Applications of Web Server.
Table 9 Known Issues in Sample Applications
Problem ID |
Description |
---|---|
6472796 |
sendmail.jsp shows incorrect file to be edited to specify resource.host for javamail sample application. Workaround To set javamail.resource.host, edit the javamail.build.properties and not the build.xml as specified in install_dir/samples/java/webapps/javamail/src/docroot/sendmail.jsp. |
6559735 |
Sample applications documentation must mention adding jar file to the class path in the properties file. In the install-dir/samples/java/webapps/security/jdbcrealm/docs/index.html, under 'Compiling and Assembling the Application' section, there must be a mention of adding JDBC driver jar file to class path suffix in the jdbcrealm.build.properties file. |
The following table lists the known issues in the search functionality of Web Server 7.0.
Table 10 Known Issues in Search
Problem ID |
Description |
---|---|
6413058 |
server.xml does not store the full file pattern for converting and including search . The schema does not store the full file pattern allowed by both the Admin Console and the search administration tools in this version of the Web Server. It also has no way to represent the full file pattern that might sometimes need migration from the previous versions of the Web Server. |
6632936 |
On Red Hat Linux Enterprise Linux 5, Search functionality does not work properly. On a Red Hat Enterprise Linux machine, if the compat-libstdc++ library is installed, you must remove the installed rpm and download/install the compat-libstdc++-296-2.96-132.7.2.i386.rpm . For x86 32–bit and 64–bit download and install the compat-libstdc++-296-2.96-132.7.2.i386.rpm. Note – Do not download/install an rpm from unreliable sources as it may lead to security vulnerabilities. |
The following table lists the known issues in the security area of Web Server.
Table 11 Known Issues in Security
Problem ID |
Description |
||
---|---|---|---|
6376901 |
Limitation supporting basic and digest-based ACLs for resources in the same directory. If the server uses digest and basic-based ACLs in different parts of their doc tree, attempting to use both simultaneously on different files or resources in the same directory is not possible. |
||
6431287 |
TLS_ECDH_RSA_* require the server cert signed with RSA keys. Cipher suites of the form TLS_ECDH_RSA_* requires server to have an ECC keypair with a cert signed using RSA keys. Note that this precludes using these cipher suites with self-signed certificates. This requirement is inherent to these cipher suites and is not a bug. The server should detect and warn about wrong configurations related to these cipher suites but currently it does not do so. |
||
6611067 |
Red Hat Enterprise Linux instance fails to start when the file system SELinux security is enabled. Newer Linux distributions have new kernel security extensions enabled from the SELinux project. These extensions allow finer grained control over system security. However, SELinux also changes some default system behaviors, such as shared library loading that can be problematic to third-party programs. If you receive the error message “Cannot restore segment prot after reloc: Permission denied" when starting the Web Server Admin Server or instance, that means the system is SELinux enabled. Workaround To overcome this failure:
|
||
6602075 |
Sun crypto 1000 with Web Server needs Solaris 10 patch 125465-02 (SPARC) and 125466-02 (x86). Workaround The required patch for the Solaris 10 platform (SPARC) is available here: http://sunsolve.central.sun.com/search/document.do?assetkey=1-21-125465-02-1 The required patch for the Solaris 10 platform (x86) is available here: http://sunsolve.central.sun.com/search/document.do?assetkey=1-21-125466 |
The following table lists the known issues in the session replication functionality of Web Server 7.0.
Table 12 Known Issues in Session Replication
Problem ID |
Description |
---|---|
6324321 |
Descriptive error message is not displayed when an error occurs remotely. When an exception occurs remotely, error messages are logged in the error log of the remote instance. However, the local instance currently displays a generic remote exception which does not clearly indicate which error log that the user must view. |
6396820 |
Session replication does not failover correctly when cookies are disabled on the client. |
6406176 |
When enabled, session replication should be the default session manager. After enabling session replication by using the Admin Console or the CLI, or by editing the server.xml file, session replication is not really enabled. Instead, sun-web.xml needs to be manually edited. |
The following table lists the known issues in the web container of Web Server.
Table 13 Known Issues in Web Container
Problem ID |
Description |
---|---|
4858178 |
Web container writes to stderr. |
6349517 |
Incorrect web application session statistics for MaxProcs > 1 mode. Web Server runs in multi-process mode. The MaxProcs configuration variable in the magnus.conf is used to set the maximum number of processes. If the value for MaxProcs is set to greater than 1, the Web Server uses mmap-based session manager so that the session could be shared among different JVMs. While collecting statistics from multiple processes, web application MBeans provide session for individual MBeans. There is no way to find the true number of sessions by seeing individual MBean's web application session statistics.
|
6394715 |
Web container deletes the disabled web application MBeans object. When the web application is disabled by setting the <enabled> element to false in the server.xml file, the web container deletes the web application's MBeans and hence treats it as a closed or deleted web application. Since disabled objects are deleted, statistics are also lost. |
6419070 |
No information is logged in error logs at the finest log level on successful JNDI resource creation. |
6422200 |
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse does 1 byte reads. When reading the server.xml file, the first line containing the XML version number and the encoding is read 1 byte at a time. |
6432870 |
Servlet container collects statistics when stats enabled element is set to false in the server.xml file. |
6440064 |
Servlet container creates a thread per virtual server. |
6501184 |
REQ_EXIT causes javax.servlet.ServletException. |
6567124 |
JSF Web Applications running on Web Server 7.0 may break when running on Web Server 7.0 Update 1. Web Server 7.0 Update 1 ships with JavaServer Faces 1.2 technology. All JavaServer Faces web applications are expected to work with Web Server 7.0 Update 1 without any modifications. However, there are a few known compatibility issues with JavaServer Faces 1.2 and might require applications to be modified to address these incompatibilities. The incompatibilities are documented in the JavaServer Faces release notes at: https://javaserverfaces.dev.java.net/rlnotes/1.2_04/issues.html. Java ES 5 Portal Server users are suggested to delay upgrading to Web Server 7.0 Update 1 until Java ES 5 Update 1 is released. |
The following table lists the known issues in the localized version of Web Server.
Table 14 Known Issues in Localization
Problem ID |
Description |
|
---|---|---|
6543814 |
Search filter “*” does not work correctly for multi-byte strings. |
|
6549619 |
On Windows 2003, when a command is executed from the CLI, the message is not encoded correctly. |
|
5046634 |
There is no functionality equivalent to use-responseCT-for-headers in Web Server 7.0. Response header encoding is enabled at the web-app level by setting the value of the configuration parameter use-responseCT-for-headers to any of the values; yes, true, or on in the web-app/sun-web.xml file. For example, set Response header encoding as follows:
|
|
6630841 |
FastCGI Handler new Role is always created with "English" name. |
|
6632818 |
Unlocalized strings are seen in CGI settings page. |
|
6628910 |
CLI installer "Enter your option" is in English in localization locale. |
|
6633333 |
Links at the bottom of the deployed instance's search page (http://instance:port/search) are not correct when the browser is set to german locale. Workaround German user's should manually paste the below URLs in their browser's address bar: Terms of use: http://www.sun.com/share/text/termsofuse.html Privacy policy: http://de.sun.com/privacy Trademarks: http://www.sun.com/suntrademarks/ |
The following table lists the known issues in the Java Enterprise System (Java ES).
Table 15 Known Issues in Java ES
Problem ID |
Description |
---|---|
6484181 |
Portal Server configures JVM stack size to 128K (too low) for Web Server 7.0 64–bit to start. If Web Server 7.0 is already configured in 64–bit mode, and the Portal Server installation is started, Portal Server configuration does not set stack size to 128K. However, if both Portal Server and Web Server are already installed and configured in 32–bit mode, switching to 64–bit mode involve series of manual steps that are described in the Workaround section. Workaround If Portal Server part of Java ES 5 is deployed on top of the 32–bit version of Web Server 7.0, and if you would like to start the server in 64-bit mode, perform the following steps:
|
6487041 |
schemagen/xjc/wsgen/wsimport scripts not present in Java ES Web Server installation. schemagen/xjc/wsgen/wsimport scripts are present in different locations in Java ES installation and stand-alone installation of Web Server. Workaround The scripts are part of the Web Services components. In a stand-alone Web Server installation, these scripts and JAR files are located in install_dir/bin and install_dir/lib directories respectively. In Java ES installation, scripts and JAR files are installed as part of the shared component and they reside outside the Web Server installation root. The location of scripts and JAR files on different platforms are listed below: Solaris OS:
Linux and HP-UX:
Windows:
|
6432106 |
Sun Java System Portal Server search throws exception after Web Server upgrade. Portal Server search functionality throws exception when upgrading Web Server from Java ES 4 to Java ES 5. Workaround Note – Move the existing libdb-3.3.so and libdb_java-3.3.so library files to an appropriate location, somewhere outside the Web Server's private directories. Once the Portal Server libraries are in a suitable location, that path must be specified for the <libdb-3.3.so path>:<libdb_java-3.3.so path> in the following commands. On Solaris platform, perform the following steps:
|
6504178 |
Migration logs reports a bogus "root is not a valid user" message on Java ES 5. While migrating from Java ES 4 to Java ES 5 on UNIX platforms, the migration log file reports WARNING: "root is not a valid user". This is incorrect as the "root" user is valid on that host. |
6453037 |
A lot of warnings/info messages displayed at Web Server startup on the standard output instead of routing these messages to the log file. |
6549580 |
Web Server running on Windows contains no description for the service and the description is not updated after applying Java ES Update 1 patches. |
6550622 |
When upgrading Java ES 5 software to Java ES 5 Update 1, Portal Server samples fail with JSF exceptions if you have upgraded only Web Server but not the Portal Server. For more information, see Compatibility Issues. |
6643821 |
SMF commands removes Java ES environment from startserv and stopserv scripts (Solaris 10 only). Workaround Set the following LD_LIBRARY_PATH in the Solaris 10 environment. LD_LIBRARY_PATH=/usr/lib/mps/secv1:/usr/lib/mps:/usr/lib/mps/sasl2:$LD_LIBRARY_PATH |