Release Notes for iPlanet Web Server 6.0, Enterprise Edition

Version 6.0

Updated September 27, 2001

These release notes contain important information available at the time of the version 6.0 release of iPlanet Web Server 6.0. New features and enhancements, installation notes, known problems, and other late-breaking issues are addressed here. Read this document before you begin using iPlanet Web Server 6.0.

These release notes contain the following sections:

What's New in iPlanet Web Server, Version 6.0

iPlanet Web Server 6.0 includes enhancements described in the following sections:

Enhanced Virtual Server Support

iPlanet Web Server 6.0 now has full support for host-based ("software") and IP-based ("hardware") virtual servers. You can mix and match SSL and non-SSL virtual servers within a server instance, and a given virtual server can accept both SSL and non-SSL connections simultaneously. These virtual servers can have their own ACL files, user databases, and log files. Virtual server classes facilitate the administration of a large number of virtual servers that share the same configuration.

J2EE Web Container Support

iPlanet Web Server 6.0 is fully J2EE compliant with support for:

Improved User Interface

iPlanet Web Server 6.0 provides an improved user interface with the following features:

Magnus Editor

The Magnus Editor allows you to edit server-wide initialization parameters in the magnus.conf file through the user interface. The Magnus Editor is located on the Preferences tab in the Server Manager.

Class Manager

The new Class Manager interface allows you to configure virtual servers and classes of virtual servers. You can bring up the Class Manager page in two ways:

After changing a configuration in the Class Manager, you can apply the changes without restarting the server (see New Dynamic Reconfiguration).

.htaccess Configuration

You can now configure .htaccess from the user interface. Additional improvements include:

Command Line Administration Tools

iPlanet Web Server 6.0 offers command line support for:

Support for Session-Aware Load Balancing and Failover

iPlanet Web Server 6.0 provides improved service availability to server farm (or cluster) configurations with off-the-shelf, session-aware front-end load balancers and session data failover.

Session-Aware Load Balancing

You can implement sticky sessions by prefixing the name of the server host that generated the session to the JSESSIONID (the Servlets 2.2 API standard session cookie name). This enables the front-end load balancer to do sticky load balancing, such as forwarding future requests to the same host that generated the session.

Session-Aware Failover

You can configure iPlanet Web Server 6.0 so the session data and attributes are persistent into a backend store. This improves availability by enabling an alternate server to take over requests. iPlanet Web Server 6.0 includes two kinds of persistent stores that help session fail-over:

New Dynamic Reconfiguration

Dynamic reconfiguration is a new feature in iPlanet Web Server 6.0 that allows you to make configuration changes to a live web server without having to stop and restart the web server for the changes to take effect. You can dynamically change all configuration settings and attributes in server.xml and its associated files without restarting the server. To install a new configuration dynamically, click the Apply link and then click the `Load Configuration Files' button on the Apply Changes Page. If there are errors in installing the new configuration, the previous configuration is restored.


The new server.xml file records virtual server configuration information in an XML format. Listen sockets, virtual server classes, and virtual servers, and the relationships between them, are all defined in server.xml.

Performance Enhancements

iPlanet Web Server 6.0 has enhanced performance in the following areas:

Security Enhancements

iPlanet Web Server 6.0 includes security enhancements described in the following sections:


iPlanet Web Server 6.0 features improved SSL performance and simplified server certificate acquisition from VeriSign.

Digest Authentication

Added support for digest authentication as defined in RFC 2617. Digest authentication is used in conjunction with the iPlanet Directory Server 5.0 as an access authentication method that avoids passing the user name and password over the network in an unencrypted form.

iPlanet Web Server currently provides support for Quality of Protection (QOP)= auth and algorithm = MD5 only.

Single Sign-on Across Multiple Web Applications

In general, the authentication mechanisms provided by iPlanet Web Server 6.0, such as basic and digest authentication using LDAP, work across web applications (or servlet contexts). For FORM authentication, you can implement single sign-on using a cookie-based FORM login session created with a virtual-server-wide session manager. This FORM login session is available across all applications within the virtual server and is separate from the regular HTTP session which is limited to the servlet context.

Administrators may customize the underlying session manager, cookie name, and the session timeout using the form-login-session element at the virtual server level. The definition for form-login-session is:

<!-- form-login-session element specifies the single sign-on cookie name, timeout and the virtual server-wide session manager to be used when FORM login is enabled.


<!ELEMENT form-login-session (session-manager?) >

<!ATTLIST form-login-session cookie-name CDATA "iwsformloginid"

timeOut CDATA "30">

Templatized Installation for Multiple Machines

You can install iPlanet Web Server 6.0 on multiple machines using templatized installation. To use templatized installation, enter the installation settings for each remote machine in a template file called template.inf. You can then use the template to install the web server on multiple machines from a single session on your local machine. The template.inf file is found in the same directory as the setup program. See the Installation and Migration Guide for more information.

Miscellaneous Information

Required Patches

Required patches are listed for the following platforms:

Sun Solaris Patches

The following patches are recommended for Solaris users of iPlanet Web Server 6.0. In addition, you should have the patches in Sun's recommended patch list. For Sun's recommended patch list, see To get Sun patches, see your Sun service provider.

For each patch, use the listed revision or a higher revision. For example, if you need patch 111111-01, the later revision 111111-03 will also work.

Note that if you are using a JDK, you may need additional patches.

Solaris 2.6

The following patch is required to run iPlanet Web Server 6.0, on Solaris 2.6:

Solaris 7

Use the latest Solaris patches for Solaris 7.

Solaris 8

No patches are required.

Compiler Patches for Solaris

The following Solaris 2.6 patch is recommended when using the CC 4.2 compiler:

HP-UX Patches

In addition to using the General-Release Patch Bundles (XSWGR1100), the following operating system patch (applicable and specific to HP-UX 11i, 11.11 only) must be installed: PHNE_23645.

You can find a list of patches for Java at: tml

Windows NT Service Packs

Windows NT 4.0 SP6A is required for running iPlanet Web Server 6.0.

JRE/JVM Versions

The following versions of JRE and JVM are bundled with iPlanet Web Server 6.0:

Table 1    JRE and JVM Information


JRE /JVM /JIT Version


Solaris 2.6, 8 

Solaris VM

(build Solaris_JDK_1.2.2_07, native threads, sunwjit) 

Comment out -Xrs flag in config/jvm12.conf to generate stack traces.

For JVMPI based profiling or debugging purposes (such as with hprof or dbx) purposes, use the reference implementation downloadable from: 

Windows NT 4.0 

java version 1.2.2 Classic VM

(build JDK-1.2.2_007, native threads, symcjit) 



java version

Classic VM

(build, native threads, HP) 

iPlanet also bundles a variant HotSpot VM (1.0.1fcs, mixed mode, PA2.0 build This VM is not enabled. For further details on using this version see:


RedHat Linux 6.2 

java version 1.2.2

Classic VM

(build Linux_JDK_1.2.2_FCS, native threads, sunwjit) 

This version of JVM is from 

For more information about JVM/JRE version 1.2.x for Solaris, go to:

Installation, Upgrade, and Migration Information

This section includes information for installing, upgrading, and migrating your iPlanet Web Server. For additional information about system requirements and installing the product, see the Installation and Migration Guide.

The following table summarizes the supported platforms for iPlanet Web Server 6.0. All platforms require a minimum of 64 MB memory (256 MB recommended) and 110 MB disk space. The AIX platform is not currently supported

Table 2    iPlanet Web Server 6.0 Supported Platforms



Operating System



HP-UX 11.0, 11.0 64-bit**, 11i** 



Windows NT 4.0 SP6a 



Red Hat Linux 6.2, based on kernel 2.2.14 with glibc 2.1.2 



Solaris 2.6,7**,8 

* As of iPlanet Web Server 6.0, older SPARC CPUs are not supported. iPlanet Web Server 6.0 continues to support the UltraSPARC architecture.

** Supported via binary compatibility

This section also includes the following information:

Upgrade Issues

You cannot upgrade from previous iPlanet Web Server versions to iPlanet Web Server 6.0, but you can migrate your 4.x web server. See the Installation and Migration Guide for information.

Migration Issues

Problem 531704. NSAPI Configuration Doesn't Migrate from 4.x to 6.0.


Custom NSAPI plug-ins are not automatically copied to the new server directory. If you have custom plug-ins, make sure you copy your plug-ins to the upgraded path as shown in the magnus.conf of the new server.

Problem 537073. Migrate Server Page Throws Errors.

When migrating iWS from version 4.x to 6.0, an error may appear during processing as follows:

"Migrating Server Settings...

   The name specified is not recognized as an internal or external

   command, operable program or batch file. Creating Registry Keys

   and Service...

   Assimilating ACL settings...

   Assimilating ssl.xml... "

The error is informational in nature only and will not hinder a successful migration.

Problem 545609. Hardware Virtual Servers Configured by obj.conf do Not Get Migrated Properly.

There are two conditions, each with its own workaround, to be considered for this problem:

  1. When migrating configuration using hardware virtual servers set up in obj.conf with no software virtual servers configured, the hardware virtual servers do not get migrated.

  2. When migrating configurations using hardware virtual servers set up in obj.conf and at least one software virtual server, an invalid configuration results because the `LS' elements for the hardware virtual servers are inserted in the wrong place in server.xml.

  1. Move the hardware virtual server configuration from obj.conf to virtual.conf and migrate again.

  2. Edit server.xml and move the `LS' elements for the hardware virtual servers together with the default LS element towards the beginning (after the default LS) of the file.

Known Problems and Solutions

This section lists known problems with this release of iPlanet Web Server 6.0. Information is organized into the following areas:


Loading More Than 1000 Virtual Servers Slows Performance.

Adding more than 1000 software virtual servers under one class slows the loading of the Class Manager Members page.

Problem 517789. Deleting Class From Virtual Server Does Not Delete Entry From obj.conf File.

When a virtual server class is deleted from the Server Manager, Virtual Server Class, the obj.conf file still shows the deleted class. However, the class is removed from the user interface and from the server.xml file.


Manually remove the deleted class from the obj.conf file.

Problem 519936. Entering an Extra Space on the Listen Socket Generates an Error.

When entering a space character within any of the Edit Listen Socket page fields, an invalid entry error message may be generated for that field.

Problem 519968. More than One Listen Socket is Highlighted For the Subject Virtual Server.

When creating a class in a virtual server, you can select a listen socket other than the default listen socket. However, the default listen socket remains highlighted along with the selected listen socket. Any other listen socket selected continues a highlighting problem for all listen sockets.


Click on highlighted listen sockets that you do not want to use to deselect them until no listen sockets are highlighted. Then select the desired listen socket to use for the subject virtual server.

Problem 525692. Cannot Add a Cluster That is Under SSL.

For Cluster Management, a server cannot be added to the cluster if it is under SSL.

Problem 538947. Use of conf_getglobals() in NSAPI Init Functions.

The following is an issue for NSAPI plug-in developers or for users of third party NSAPI plug-ins that have not been certified with iWS 6.0 by their developers.

  1. If you are the developer of an NSAPI Init function, here is the technical information needed to check if your plug-in suffers from this problem and if so, how to correct it:

    The use of the NSAPI conf_getglobals() function, or the various macros in the nsapi.h header file that refer to conf_getglobals(), is not recommended within NSAPI Init functions in iWS 6.0. conf_getglobals() can only return the properties of a single virtual server. In iWS 6.0, a single web server may have many virtual servers defined with completely distinct properties, such as port, hostname, and security. Also, the configuration of any virtual server in iWS 6.0 can dynamically change over time. Therefore, a plug-in should not attempt to retrieve and store the server configuration information during NSAPI Init time, but rather retrieve the configuration in an ephemeral way during request processing time, when the server configuration information is actually needed (e.g., to build links in a dynamic web page).

    The default behavior of conf_getglobals(), if called during Init in iWS 6.0 is to leave the following fields initialized with a default value (e.g., 0 , NULL) : Vport, Vaddr, Vserver_hostname, Vsecurity_active, Vssl3_active, Vssl2_active, and Vsecure_auth. If your Init function relies on the values of these global fields but does not have error checking, it could crash and prevent the web server from coming up; or it could cause crashes at a later time if these null values are saved and later reused in other plug-in functions.

    If you are currently calling conf_getglobals() in your Init function, you should modify your code to eliminate any such calls. This will ensure proper operation of your plug-in in iWS 6.0 when multiple virtual servers exist. The conf_getglobals() NSAPI function will only return the proper values corresponding to the connection and virtual server on which the request was made if called during an NSAPI request processing phase - e.g., during an NSAPI AuthTrans, NameTrans, Service, or other NSAPI request processing phases.

    iWS 6.0 supports a compatibility mode for older plug-ins suffering from this problem. As noted in the user section, it requires the NSAPI Init functions to be marked as LateInit. When called from a LateInit Init function, conf_getglobals() will return the properties of the default virtual server of the default connection group of the legacy listen socket. In terms of the new XML configuration attributes, this means that conf_getglobals() now returns the properties of the defaultvs of the defaultgroup of the legacyls of the SERVER. It is recommended that the server should only have that single virtual server defined in this case to ensure consistent server and plug-in operation.

  2. If you are the user of an NSAPI Init function of a plug-in developed by a third party, you should contact the plug-in developer to find out if it is compatible with iWS 6.0 based on the technical information for developers stated in 1. Many Init functions will not be affected and are expected to continue to function unmodified with iWS 6.0, however, the determination of compatibility and possible need for an update should be made by the plug-in developer.

    If your plug-in vendor does not certify their Init function for use with iWS 6.0, and the function is found to suffer from the specific programming problem described in 1., you may work around the problem if:

    • you only have a single listen socket, connection group, and virtual server in your iWS instance.

    • you configure the problem Init function as LateInit in magnus.conf. This is done by adding the LateInit = yes argument to the Init line.

    • you do not dynamically reconfigure the server after it is started.

    If the above conditions are met, the Init function will be executed in an NSAPI context compatible with previous releases of iWS where only a single virtual server exists, and where this problem will not occur.

Problem 539908. Unable to Generate Report for Server Statistics for Different Virtual Servers.

The current implementation of iPlanet Web Server can generate reports using the Logs tab only for the global log file. A report cannot be generated for any virtual server other than the default.

Problem 540506. TempDir Must be on Local File Directory in Order for Correct Server Function

For the magnus.conf TempDir directive, the TempDir directory must be located on a local file system in order for the server to function correctly. If the TempDir directory is on an NFS mount, the server may fail to function correctly.

Problem 542243. Couldn't Update Latest Data on UI Using IE 5.0.

When using Micosoft's Internet Explorer web browser, version 5.0 is supported for end users only. For administrators, changes to the iPlanet Web Server Administration Server configuration can be saved only when using Internet Explorer version 5.5.

Problem 542976. Distributed Administration: Internal Error when "Allow end user access: = no".

When `Allow end user access' is set to No , any end user will be able to access the end user admin page using the following URL:


But an error is also displayed that will not let the user use the page. The error message states:

Required query/form input is missing.

(Could not get current username)

Problem 542994. AsyncDNS is not Supported in this Release of the Server.

AsyncDNS is disabled in this server release.

Problem 543156. Server Settings for NT Should not Have an OK or Reset button.

On the Administration Server's Preferences tab, on the Server Settings page, the buttons OK and Reset have no meaning and generate an error stating: "Incorrect Usage. Please fill out the form before submitting it."

Problem 543245. Distributed Administration Issues an Error When LDAP Server is Down, Cannot Get to Web Server Administration Server.

When the LDAP server is down and Distributed Administration is enabled, an error is issued to the Administration Server causing an inability to access the Administration Server.


Disable the Distributed Administration to get to the Web Server Administration Server.

Problem 543411. Monitor Current Activity User Interface Does Not Update the Number of KeepAlive Flushes.

When using the magnus.conf editor to configure the server with MaxKeepAlive connections, KeepAlive TimeOut and KeepAlive threads, a session connection through telnet to the server indicates that the Monitor KeepAlive statistics page doesn't update 'no of KeepAlive flushes'.

Problem 543876. "method Not allowed " for Manage Language List.

When Distributed Administration is enabled, users with the specific right of "Users & Groups" will not be able to use the function "Manage Preferred Language List". This does not affect users with rights set to "all".


Add setlang to the end of the Programs line in the Category Users &amp; Groups in bin/https/admin/html/index.lst and bin/https/admin/bin/nescore.apm.

Problem 543902. Administration Server User Interface does Not Show the Entry for an User While ACL File Does Indicate the Entry.

When Distributed Administration is enabled and a user is assigned access to Users & Groups, then the admin server ACL editor may truncate any entries occurring after the user with these rights.


Manually add/remove users and rights from:


if you need to grant access to Users & Groups. Note that the Users & Groups entry needs to be represented as `Users &amp; Groups' in the ACL file.

Problem 544385. Help for Clusters.

Help for clusters will not appear until you enable clusters.

Problem. 544449. Cannot Change Edit Listen Socket Groups Settings When Listen Sockets Table IP is set to `any'.

When the Edit Listen Sockets IP is set to `any', clicking on the Groups button calls up the Connection Group Settings window but changes cannot be made to the fields in this window.


Change the IP setting back to and click OK to update the server. The Connection Group Settings window can be called to make desired changes.

Problem 544452. A Change Made to Edit Listen Sockets Groups page Does not Allow Another Change to the Edit Listen Sockets Page.

When editing a Connection Group Settings value from the Edit Listen Sockets Groups Page, a server update occurs when the OK button is pressed. Following this, if you go to Edit Listen Sockets page again and change another property, such as the Security value from `Off' to `On', then click OK, an error message may appear that states, `Please refresh your screen, data update by another user.' The Security value has not changed.


To change a property on the Edit Listen Sockets page after changing a property on the Edit Listen Sockets Groups page, click the OK button twice to effect the change.

544504. Load Configuration Files Button Should be Disabled When There are Changes in magnus.conf.

After administrative actions lead to changes in magnus.conf (e.g., enabling Search capabilities), the Load Configuration Files button cannot be used.


Use the Apply Changes button to load the changes applied to magnus.conf.

Problem 544902. Virtual Server User Interface Does not Accept "." or "-" characters for Either the Listen Socket ID and the Virtual Server ID.

When the "." or "-" characters are used for either the Listen Socket ID and the Virtual Server ID, an error message will display as follows: `Virtual Server ID should be identifier.'


To use a "." or "-" character for both the Listen Socket ID and the Virtual Server ID, go to the server.xml file to make the changes desired and save the file.

Problem 545420. Add Certificate (or Replace Certificate) Page Help Button is Linked Incorrectly.

After installing a certificate and clicking OK, the Add Certificate page (or Replace Certificate page) appears. Clicking the Help link here takes you to the wrong area: Add Certificate Revocation List Page, instead of Add Other Certificate page.

Problem 545568. With Distributed Administration, End User Access not Loading User Page on Login.

When using the Distributed Administration option with end user access enabled, upon login, the end user is not redirected to the user-page.


To access the user-page, type: http://<server:admin-port>/user-environment/bin/index

Problem 545727. Help Button from Compromised Key List (CKL) Page is Linked to Help for Certificate Revocation List (CRL) Page.

From the add CRL/CKL link, you can select the CKL file to display the ADD Compromised Key List page. The Help button on this page is linked to help for the CRL page.


Scroll down the help window until you see the help for `Add CRL.'

Problem 545947. Cannot Transfer magnus.conf to More than One Cluster at a Time.

When you add more than one cluster to the database and try to transfer the magnus.conf file to all of them, you will get a success message but the magnus.conf file transferred will look like:

PidLog /usr1/irenem/tar60/TAR60/https-Test-saab/logs/pid

User root

This happens when you try to transfer the file to more than one cluster at a time.


Transfer the file to one cluster at a time.

Java and Java Servlets

Problem 535158. Unable to Stop the Server when using JDK version 1.2.2_07.

When the -Xdebug option is enabled in the JDK version 1.2.2_07, the JVM catches the SIGTERM that is sent to the httpd process and hence the server does not shut down.

Problem 543748. jvm.serializeFirstRequest=1 Not Working Correctly.

When jvm.serializeFirstRequest=1 is set in jvm12.conf, all requests to a servlet are serialized, not just the first request (that loads the servlet). This setting adversely affects the performance of the web container.

Problem 543882. URL-Pattern Suffix Matching Misses Intended Mapping.

A suffix pattern matching criteria (using <url-pattern>) in the servlet-mapping element (in web.xml) does not work correctly if the URL has periods (.) in it.

The problem scenario:

1. A servlet-mapping in web.xml is as follows:


<url-pattern> *.xml </url-pattern>

<servlet-name> xmlServlet </servlet-name>


2. The request URL is:


The iWS 6.0 web container incorrectly determines the suffix to be .1 and not .xml.


Avoid using periods (.) in directory names that are referred to in the URL.

Problem 543980. (Solaris only) Negative jsps/servlets Result in Memory Leaks.

It has been observed that JSP compilation errors (e.g. incorrect JSP syntax) have resulted in an increase in memory (heap memory) on Solaris.


To work around this problem, (pre-)compile JSPs offline to catch such errors or remove the offending JSP if the error logs contain compilation error messages for that JSP.


Problem 542784. Searching for 2.2 Mixes Results with 2,2.

When searching for the value `2.2' the result pages also gives you the pages containing `2,2'. The opposite works however, when searching for `2,2', the results do not include `2.2'.

Problem 543196. (Windows NT only) System Hangs When Adding Two Collections.

When a collection is created, the Apply button is not selected and another collection is created, an error message is displayed and the web server may hang. This behavior occurs when collections with resident files also have a subdirectory with files. When the web server does not hang, the error message can be cleared and the collections will be created. When the system is rebooted due to a hung web server, collections may not get created.

Problem 543691. Mail and News Collections Show Physical Path in URL.

When documents from a mail or news collection are found, clicking the icon of the document found results in the display of the URL showing the physical path of the document. However, the HTML, ascii or pdf collections work properly.

Problem 543722. Date Time String Changes not Reflected in news, mail or pdf Collections.

When changing the date string in the Search Configuration, changes do not show up on a news or mail collection. Also, the pdf collection does not show the date at all. However, the HTML and ascii collections do work.

Problem 543731. Admin Search "Prev" Does Not do Round Robin when Pointing to First Found Document.

For a displayed list of documents called from an admin search for ascii, news, pdf, or mail collections, the use of the Prev or Next buttons may result in no data or the wrong data displayed.

Problem 544075. Alpha Followed by Special Character Search Does Not Work.

When searching for a string of alpha characters followed by special characters, the search engine does not recognize the special characters, only the alpha. This equally applies to special characters such as "*", ",", "(", etc.

Problem 545874. (Windows NT only). An Error May Occur When Creating or Maintaining a Collection

When creating or maintaining a collection (such as an ASCII or HTML collection), an error might be displayed that appears fatal, but the error can be cleared and the system will complete the requested task.

Platform-Specific Information

This section describes platform-specific known problems and workarounds for the following platforms:

Linux Platforms


iPlanet Web Server 6.0 does not support the Search feature on Linux platforms.

Directory Server

The iPlanet Directory Server packaged with iPlanet Web Server 6.0 does not work on the Linux platform. For user and group functions, you need to install the directory server on a different operating system and link to it through your Linux web server.

Corrections to Documentation

Please note the following changes to the iPlanet Web Server 6.0 documentation:

The AIX platform is listed as a supported platform in some documents, however, it is not supported at this time.

The Installation and Migration Guide neglects stating that HP-UX 11i is also supported via binary compatibility.

How to Report Problems

If you have problems with iPlanet Web Server 6.0 release, contact iPlanet customer support using the following feedback mechanism:


So that customer support can best assist you in resolving problems, please have the following information available:

For More Information

Useful information on iPlanet Web Server 6.0 can be found at the following Internet locations:

For iPlanet Web Server 6.0 installation instructions, see the Installation and Migration Guide.

For iPlanet Web Server 6.0 administrator documentation, see the online help that accompanies the product. The Administrator's Guide and related documents are also posted at the following URL:

Last Updated September 27, 2001