2. About Sun GlassFish Communications Server 2.0
3. Sun GlassFish Communications Server Known Issues and Limitations
4. Sun GlassFish Enterprise Server Known Issues and Limitations
Domain creation stops on NFS server running 64-bit Linux (Issue Number 1961)
Performance degradation seen when a huge log file is rotated (6718611)
Failed to Deploy Generic RA Resource Adapter against IBM MQ (Issue 6605)
Stand-alone instances sometimes obtain files from other instances (6698604)
Startup Message from the start-cluster command are too verbose (6728317)
The package-appclient script does not work if domain1 is not present (6171458)
Starting Application Server with additional JMX Agent is not supported (6200011)
.asadmintruststore file not described in the documentation (6315957)
Clustered instances fail to start due to a timeout in reaching the JMS broker (6523663)
Cannot display jmaki chart in Netscape 8.1.3, Mozilla 1.7 and Safari 2.0.4 browsers (6543014)
The create-domain command fails with custom master password in AIX (6628170)
Library JAR packaged in Application Client Archive overwrites MANIFEST file (6193556)
ACC always tries to connect to localhost:3700 (6527987)
PreparedStatement errors (6170432)
Java DB is not started after machine reboot or Application Server start (6515124)
Autodeployment fails on a cluster sometimes (6610527)
Application specific classloader not used by JSP compilation (6693246)
Javadoc Inconsistencies (various IDs)
Bundled ANT throws java.lang.NoClassDefFoundError (6265624)
HTTP Service Statistics attributes discrepancies (7002258)
SGCS 2.0: SIP container property "Reap interval" Missing documentation (6963298)
SGCS 2.0: SIP Tutorial Doesn't Exclude 100 Trying Response (13721197)
Resouce Injection does not work in HandlerChain (6750245)
TopLink expects my Collection field/property to be cloneable (Issue Tracker 556)
GenerationType.IDENTITY and DataDirect Driver with SyBase (Issue Tracker 2431)
Setting ejb-timer-service property causes set command to fail (6193449)
Error thrown when list JMS physical destinations within non-DAS config (6532532)
Win2003 only: Non-paged pool leak memory, breaking tcp stack and richaccess test (6575349)
Setting debug statement for access,failure causes hang in Application Server startup (6180095)
Log level Setting for Persistence Cannot Be Made Persistent (13253247)
Server Does Not Start If MQ Broker is Not Started (6740797)
MQ broker fails to start with cluster profile on Linux (6524871)
Mismatch of old and new classes is created when imqjmsra.jar is loaded before upgrade (6740794)
Open JNDI Browsing from Admin UI dumps a huge amount of exceptions in the server.log (6591734)
CA Certificate bundled with Communications Server 2.0 has expired (12287499)
OutofMemory Error in SSL Scenarios During Heavy Stress (JDK 6 Issue 23)
General Vulnerability Assessment (Issue 17287)
SSL termination is not working (6269102)
Unable to compile JSP page on resource constrained servers (6184122)
wscompile fails with "package javax.xml.rpc does not exist" on JDK6 u4 b3 (6638567)
This section describes known issues and associated solutions related to Communications Server and web application security and certificates.
The CA certificate bundled with Communications Server 2.0 has expired since Jan 08, 2010. Hence some SEVERE log messages may be observed while starting the domain.
These messages are harmless but can be eliminated. Remove the expired certificate from the keystore. To remove the certificate from the JKS keystore, use the following command:
keytool delete -alias verisignserverca -keystore domain-dir/config/cacerts.jks
To remove the certificate from the NSS keystore, use the following command:
certutil -D -n verisignserverca -d domain-dir/config
A JDK bug (See: https://jdk6.dev.java.net/issues/show_bug.cgi?id=23) in JDK6 Sun PKCS11 Provider could cause an OutOfMemoryError when running certain SSL scenarios under heavy stress.
If you run into this issue, remove sun.security.pkcs11.SunPKCS11 provider from the java.security file in your JRE installation.
An unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0807.
Upgrade to Oracle GlassFish Server 3.1 or later.
SSL termination is not working; when Load Balancer (Hardware) is configured for SSL termination, the Communications Server changes the protocol from https to http during redirection.
Add a software load balancer between the hardware load balancer and the Communications Server.
Because of a JVM bug, there is a leak issue with some JDK versions when security-enabled is set to true on an HTTP listener. Specifically, the steps to reproduce this bug are as follows:
Set security-enabled to true on the HTTP listener:
<http-listener acceptor-threads="1" address="0.0.0.0" blocking-enabled="false" default-virtual-server="server" enabled="true" family="inet" id=" http-listener-1" port="8080" security-enabled="true" server-name="" xpowered-by="true">
Comment out stopping domain at the end of quicklook tests.
Run quicklook tests.
Check socket usage:
netstat -an | grep 8080
The following are shown to be in use:
*.8080 *.* 0 0 49152 0 LISTEN *.8080 *.* 0 0 49152 0 BOUND
This issue is tracked on the GlassFish site at http://java.net/jira/browse/GLASSFISH-849.
Upgrade to the latest JDK version.