Sun ONE Web Server Release Notes

Version 6.0 SP10

Part Number: 819-4464-10

December 2005

These Release Notes contain important information available at the time of release of Version 6.0 Service Pack (SP) 10 of Sun ONE ™ (Open Net Environment) Web Server. Known issues and limitations, and other information are addressed here. Read this document before you begin using Web Server 6.0 SP10.

Web Server 6.0 SP10 can be installed on the following platforms: AIX, HP-UX, Red Hat Linux and Red Hat Linux Advanced Server 2.1, Sun Linux, Windows and Solaris™ Operating Environment (Solaris OE). For operating system version details, refer to the section Web Server 6.0 SP10 Supported Platforms in these release notes.

Check the Web site prior to installing and setting up your software, and then periodically thereafter to view the most up-to-date release notes and manuals.

These release notes contain the following sections:

Third-party URLs are referenced in this document and provide additional, related information.


Sun is not responsible for the availability of third-party Web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused by or in connection with the use of or reliance on any such content, goods, or services that are available on or through such sites or resources.

Features Supported in Web Server 6.0 SP10

Web Server 6.0 SP10 offers the following features:

JDK™ Software Support

This section outlines the JDK software support on Web Server 6.0 SP10.

JDK 1.4.2

Web Server 6.0 SP10 supports the 32-bit JDK 1.4.2_04 (supported via binary compatibility) software on the following platforms:

For details, see JRE/JVM Versions.

JDK 1.4.1

Web Server 6.0 SP10 supports the 32-bit JDK 1.4.1 software on the following platforms:

For details, see JRE/JVM Versions.

JDK 1.4.0

Web Server 6.0 SP10 supports the 32-bit JDK 1.4.0 software on the following platforms:

Note: The specific version is indicated in brackets. See JRE/JVM Versions for more details.

For details, see JRE/JVM Versions.

JDK 1.4.1_01 or JDK 1.4.0

For either JDK version, ensure that all the jar files specified in the default bootclasspath are included in the server-root /https-admserv/start-jvm file.

The default bootclasspath settings for different platforms are listed below:





  • charsets.jar

  • jaws.jar

  • jce.jar

  • jsse.jar

  • rt.jar

  • sunrsasign.jar

  • charsets.jar

  • jce.jar

  • rt.jar

  • jsse.jar

  • sunrsasign.jar

  • charsets.jar

  • javaplugin.jar

  • jce.jar

  • jsse.jar

  • rt.jar

  • charsets.jar

  • jce.jar

  • jsse.jar

  • rt.jar

  • sunrsasign.jar

For more information, see the Note on bootclasspath settings.

JDK 1.4.1 or JDK 1.4.0 on AIX 5.1

Web Server 6.0 SP10 supports JDK 1.4.1 or JDK 1.4.0 on AIX 5.1.

On AIX 5.1 the start-jvm needs to be modified due to changes in IBM JDK 1.4.0 and 1.4.1.
In the in server-root/https-admserv/start-jvm change the line that reads:

NSES_JDK_RUNTIME_CLASSPATH=${NSES_JRE}/lib/ext/iiimp.jar:${NSES_JRE}/lib/i18n.jar:${NSES_JRE}/lib/rt.jar:${NSES_JDK}/lib/tools.jar:${NSES_JDK}/lib/dt.jar;export NSES_JDK_RUNTIME_CLASSPATH

to the following:
For JDK 1.4.0:

NSES_JDK_RUNTIME_CLASSPATH=${NSES_JRE}/lib/ext/iiimp.jar:${NSES_JRE}/lib/charsets.jar:${NSES_JRE}/lib/core.jar:${NSES_JRE}/lib/graphics.jar:${NSES_JRE}/lib/security.jar:${NSES_JDK}/lib/xml.jar:${NSES_JRE}/lib/server.jar:${NSES_JDK}/lib/tools.jar:${NSES_JDK}/lib/dt.jar; export NSES_JDK_RUNTIME_CLASSPATH

For JDK 1.4.1:

NSES_JDK_RUNTIME_CLASSPATH=${NSES_JRE}/lib/ext/iiimp.jar:${NSES_JRE}/lib/charsets.jar:${NSES_JRE}/lib/core.jar:${NSES_JRE}/lib/graphics.jar:${NSES_JRE}/lib/security.jar:${NSES_JRE}/lib/server.jar:${NSES_JDK}/lib/tools.jar:${NSES_JDK}/lib/dt.jar; export NSES_JDK_RUNTIME_CLASSPATH

Note: xml.jar should not be included in the NSES_JDK_RUNTIME_CLASSPATH for JDK 1.4.1. If you include xml.jar, server fails to start on JDK 1.4.1
Note: JDK 1.4 is not supported on AIX 4.3.3

Sun™ ONE Active Server Pages Support

Sun™ ONE Active Server Pages (formerly, Sun™ Chili!Soft ASP) version 3.6.2 now supports the Web Server on the Solaris, Windows, Linux, and HP-UX platforms. Sun ONE Active Server Pages software is a server-side scripting and runtime environment for the cross-platform deployment of Active Server Pages (ASP or .asp) Web sites and Web applications.

Web Server 6.0 SP10 bundles Sun ONE Active Server Pages 3.6.2 on the following platforms:

A license is not required for Sun ONE Active Server Pages if you are installing to the Web Server.

The Sun ONE Active Server Pages installer is available in the /plugins/chilisoft  directory in the Web Server 6.0 SP10 download. When you install Web Server 6.0 SP10, the Sun ONE Active Server Pages installer is written to the directory:



If you are installing Sun ONE Active Server Pages, keep in mind the following points:

  • The Sun ONE Active Server Pages plug-in requires an additional 46MB of disk space after Web Server 6.0 SP10 is installed.

  • Before you begin installation, make sure you are logged in as root.

For more information on Sun ONE Active Server Pages, refer to

NSS Support

NSS support in Web Server 6.0 SP10 has been upgraded from NSS to NSS is a set of libraries designed to support cross-platform development of security-enabled server applications.

NSPR 4.1.6 Support

NSPR support in Web Server 6.0 SP10 has been upgraded to NSPR 4.1.6.

LDAP SDK Support

Web Server 6.0 SP10 supports Lightweight Directory Access Protocol (LDAP) Software Development Kit (SDK) version 5.08.

VeriSign Support

Web Server 6.0 SP10 supports VeriSign, the Certificate Authority (CA) system for issuing digital certificates throughout the enterprise. VeriSign, which uses the VICE protocol for simplifying the certificate request process, has the advantage of being able to return their certificate directly to your server.

Support for Sun Linux

Web Server 6.0 SP10 supports the Sun Linux 5.0 platform on Sun Linux systems. For more details, see Installation, Upgrade, and Migration Information.

Sun™ ONE Studio 3.0 Support

Web Server 6.0 SP10 supports Sun™ ONE Studio 3.0 (formerly, Forte™ for Java™ 3.0). Forte for Java™ technology is Sun's powerful, extensible, integrated development environment (IDE) for Java technology developers. It is based on NetBeans™ software, and it is integrated with the Sun ONE platform.

Sun ONE Studio 3.0 support is available on the following platforms:

To use Sun ONE Studio 3.0 to debug remote servlets on Solaris OE and Linux, make the following changes:


For information on remote debugging on the Windows platform, see iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets. For more information and documentation on using Sun ONE Studio 3.0, see

magnus.conf Directive Enhancement

A number of enhancements have been added to the magnus.conf  directive that provide greater control over Web Server 6.0 SP10. Edit the magnus.conf  file for the following:

Tuning keep-alive subsystem performance

The magnus.conf directive KeepAliveQueryMeanTime  can be used to tune keep-alive subsystem performance. KeepAliveQueryMeanTime specifies the desired keep-alive latency in milliseconds. The default value of 100 is appropriate for almost all installations. Note that CPU usage will increase with lower KeepAliveQueryMeanTime values.

Changing the server header in a response

A magnus.conf  directive ServerString  has been added to allow administrators to change the Server  header in a response. The String none, will cause the header to not be sent at all. Example:

Setting an upper limit to the time slept after polling keep-alive connections

A new magnus.conf  directive KeepAliveQueryMaxSleepTime  has been added to set an upper limit to the time slept after polling keep-alive connections for further requests. Values can range from 0 to 5000 milliseconds. If you do not specify a value, by default, the value of KeepAliveQueryMaxSleepTime  is set to the value of the KeepAliveQueryMeanTime  directive. The default value is recommended for most real-world use cases.

Handling standard output and error log messages

Web Server 6.0 SP10 introduces four new magnus.conf  directives that determine how the server handles standard output and error messages, including System.out  and System.err messages from Java programs. The directives are described in the following table:

Table 2  magnus.conf Directives for Standard Output and Error Messages






(Windows only)

CreateConsole [on|off]


Instructs the server to create a console window, which by default then receives stdout and stderr messages.


LogStdout [on|off]


Controls whether the server writes stdout messages, including Java System.out messages, to the errors log. The default value, off, instructs the server to write to the console. Changing the value to on instructs the server to log these messages to the errors log.

To simultaneously write to console and errors log, specify the value of both LogStdout and LogToConsole as on.


LogStderr [on|off]


Controls whether the server writes stderr messages, including Java System.err messages, to the errors log. The default value, off, instructs the server to write to the console. Changing the value to on instructs the server to log these messages to the errors log.

To simultaneously write to console and errors log, specify the value of both LogStderr and LogToConsole as on.


LogToConsole [on|off]


Controls whether the server writes log messages to the console. Specifying the value as on instructs the server to log messages to both the errors log and the console.

To simultaneously write to console and errors log, specify the value of LogStdout, LogStderr, and LogToConsole as on.


The magnus.conf directive AcceptTimeout specifies the number of seconds the server waits for data to arrive from the client before closing the connection. For more details, see the Note in the Corrections to Documentation section.

Keep-Alive Subsystem Enhancement

The keep-alive subsystem has been enhanced to handle thousands of persistent connections.

Virtual Server Report Generation

This user interface allows you to generate reports for specific virtual servers. You can access this page from the Logs tab of the Virtual Server Manager.

Web Application Deployment and Management User Interface

You can deploy Web applications from the user interface as well as from the command line using wdeploy. New user interfaces have been added to the server manager to facilitate:

Role Mapping Support

Web Server 6.0 SP10 supports roles if the underlying LDAP server supports roles. If you wish to authenticate roles for Web applications, you need to add the following to the server-id /config/web-apps.xml file:

<role-mapping map-to=”role”/>

For more information about role authentication provided by Directory Server 5.0 SP1, see iPlanet Directory Server Administrator's Guide.

web-apps.xml Data Type Descriptor

Web Server 6.0 SP10 allows you to enable or disable a Web application. You can do so in either of the following ways:

Single Sign-on Across Multiple Web Applications with FORM Login

Web Server 6.0 SP10 allows single sign-on across multiple Web applications using FORM login configuration. You can enable this feature in two ways.

Configuring a session manager at the virtual server level

This is the easiest approach, but the session and session attributes are shared across all applications.


Configuring a virtual-server form-login session manager in a separate HTTP session

In this case, all form-login sessions are created using this VS-wide form-login session manager, and the container uses a separate cookie to track the sessions. These sessions are available across all applications within the virtual server.

The VS-wide form-login session manager is created when a form-login-session element is present under the vs element in the server-id/config/web-apps.xml file. You can customize the underlying session manager, cookie name, and the session timeout using the form-login-session element.


<!-- configure form login session timeout to 300 secs (5 min), with
MMapSessionManager -->
<form-login-session timeOut="300">

The advantages of configuring a virtual-server form-login session manager in a separate HTTP session are:

The disadvantages of configuring a virtual-server form-login session manager in a separate HTTP session are:

Localized Version Support

If you are running a localized version of Web Server 6.x, you can take advantage of existing localization features by installing Web Server 6.0 SP10 over the existing server. Web Server 6.0 SP1 is available in Japanese, French, German and Spanish. Sun ONE Web Server 6.0 SP4 is also available in Japanese.

Do not use JDK 1.4.0 if you are running the Japanese or Chinese locales with Sun ONE Web Server.

Support for Arbitrary Custom Headers

In Web Server 6.0 SP10, the set-variable SAF (Server Application Function) can be used to add custom headers to the server's HTTP responses. For example, consider the following server-id /config/obj.conf directive:

AuthTrans fn="set-variable"

This directive instructs the server to add the following HTTP header to each response:


Support for Response Header Encoding

Web Server 6.0 SP10 supports two byte character response header encoding in HTTP header and plugin programs.

PHP Compatibility

Web Server 6.0 SP10 is compatible with PHP version 4.3.x or 4.3.8, the versatile and widely-used Open Source general-purpose Web cripting language that allows server-side scripting, command line scripting, and client-side GUI scripting. PHP runs on all major operating systems. The following section tells you where you can find PHP-specific installation and configuration information:

Installation Instructions

For platform-specific installation instructions, refer to the following sites:

For general installation instructions, see

Sun ONE Web Server (formerly, iPlanet Web Server) Install Notes

For installation and configuration information that is specific to the Web Server installs of PHP, refer to


The configuration information in the site, is accurate for iPlanet Web Server 4.x. For Sun ONE Web Server 6.0 and above however, you need to make the specified changes to the Init function in the server-id/config/magnus.conf file, and not the server-id/config/obj.conf file.

For more information on PHP, see the following sites:

Changing HTTP Versions

Use the following methods to downgrade the HTTP version to 1.0:

Modifying the Maximum Upload Size while Deploying a WAR File from a Remote Machine

When you deploy a Web application using the Administration Server from a remote machine, by default the maximum upload size is 10 MB. This can be changed by editing the install-root /bin/https/webapps/instance-app/WEB-INF/web.xml file. In the servlet webappdeploy, insert an init param named maxUploadSize with a value in bytes specifying the maximum upload size.



Setting Up Java HotSpot™ Server Virtual Machine With JDK 1.3.1

If you choose to use the JDK 1.3.1 server JVM, you must change the path order of NSES_JRE_RUNTIME_LIBPATH in the server-id /https-admserv/start-jvm file, otherwise the default client JVM will be invoked even if you have set the value of jvm.option to -server in the jvm12.conf file. To configure the server so that the server JVM is loaded, edit the server-id /https-admserv/start-jvm file, so that the line ${NSES_JRE}/lib/sparc/server occurs before the line ${NSES_JRE}/lib/sparc.

Securing Access Control With Distributed Administration

This section lists the additional tasks you need to perform in order to secure access control with Web Server 6.0 SP10, after enabling distributed administration. The related problem identifiers are 4650463, 4744325, and 4536739.

Securing Access to Resources

The order in which the PathCheck directive occurs in the https-server-id object tag in the generated.https-server-id.acl file might grant undesired access to resources. To prevent this, edit the < server-root>/generated.https-server-id.acl file, specifying a comma-separated list of program groups for which access control is required, as shown below:

Below the line:

allow (all)

user=<username> and program=<program group, program group...>;

add the following line:

deny absolute (all)

user=<username> and program!=<program group, program group...>;

Securing Access to Server Instances

To configure Web Server 6.0 SP10 to control access to server instances, edit the < server-root >/httpacl/*.https-admserv.acl files to specify the user to whom you want to grant access control privileges.


acl "https-<instance>";
authenticate (user,group) {
database = "default";
method = "basic";
deny absolute (all) user != "UserA";

Enabling IP-based Access Control

If the access control entry that refers to the ip attribute is located in the Administration Server related ACL files (gen*.https-admserv.acl), then complete steps (1) and (2) below.

  1. Edit the < server-root >/httpacl/gen*.https-admserv.acl files to add ip to the authentication list, in addition to user and group, as shown below:
  1. Add the following access control entry:

Required Patches

Required patches are listed for the following platforms:

Sun Solaris Patches

If you are using a JRE that is different from the one bundled with Web Server 6.0 SP10, or if you are using a JDK, you might need additional patches.

The following patches are recommended for Solaris OE users of Web Server. In addition, you should have the latest patches in Sun's recommended patch list. For Sun's recommended patch list, see You can download the patches from

For each patch, use the listed revision or a higher revision. For example, if you need patch 111111-01, the later revision 111111-03 will also work.

Solaris 2.6

The following patch is required to run Web Server 6.0, on Solaris 2.6 OE:


You can determine if you have the patch by running the following command:

% showrev -p | grep 105591

Solaris 7

Use the latest Solaris patches for Solaris 7 OE.

Solaris 8

Patch 108727-05 is required for Solaris 8 OE users with NFS volumes.

Solaris 9

No patches required.

Compiler Patches for Solaris

The following Solaris 2.6 OE patch is recommended when using the CC 4.2 compiler:

HP-UX Patches

The following HP-UX 11i Patches are required for Web Server 6.0:

In addition to using the General-Release Patch Bundles (XSWGR1100), the following operating system patch (applicable and specific to HP-UX 11i, 11.11 only) must be installed: PHNE_23645.

You can find a list of patches for Java at

AIX Patches

Ensure that you are running a complete installation of AIX, including the latest update and maintenance patches.

Windows Service Packs

Windows NT 4.0 SP6a is required for running Sun ONE Web Server 6.0.

Windows 2000 Server SP2 or later is required for running Web Server 6.0 SP10.

JRE/JVM Versions

The following versions of JRE and JVM are bundled with Web Server 6.0 SP10:

Table 3  JRE and JVM Information


JRE /JVM /JIT Version



Solaris VM Java version 1.2.2

(build Solaris_JDK_1.2.2_010, native threads, sunwjit)

Comment out -Xrs flag in config/jvm12.conf to generate stack traces.

For JVMPI based profiling or debugging purposes (such as with hprof or dbx) purposes, use the reference implementation.

Note: To run JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, and JDK 1.4.1_01 on Solaris OE, you must edit the magnus.conf file to include the following immediately after the line that specifies the RqThrottle value:

StackSize 1024000

Supported JDK software versions:

JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01, 1.4.2_04*

*Supported via binary compatibility.


Java version 1.2.2 Classic VM

(build Linux_JDK_1.2.2_FCS, native threads, sunwjit)


Sun ONE Web Server 6.0 SP10 is certified to work with Sun Linux 5.0 using JDK1.2.2_10 and JDK 1.2.2_013

Supported JDK software versions:

JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01

RED HAT LINUX 6.2, 7.1, and 7.2

Supported JDK software versions:

JDK 1.2.2_010, JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01

Note: For optimal performance, use JDK 1.3.1


JDK 1.2.2_010, JDK 1.3.1, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01, JDK 1.4.2_02

Note: The JDK mentioned above refers to Sun's JDK.


Java version 1.2.2 Classic VM

(build JDK-1.2.2_010, native threads, symcjit)

Supported JDK software versions:

JDK 1.2.2_010, JDK 1.3.1_03, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.1_01, , JDK 1.4.2_02*

*Supported via binary compatibility.


Java version 1.2.2 Classic VM (J2RE 1.2.2 IBM build ca122-20001206 (JIT enabled: jitc))

Supported JDK software versions:

JDK 1.3.1 (Developer Kit, Java 2 Technology Edition, Version 1.3.1, 32-bit version for POWER for AIX)


Java version HotSpot VM

(1.0.1fcs, mixed mode, PA2.0 build

The Sun ONE Web Server 6.0 SP10 download also contains Java version Classic VM.

(build, native threads, HP)

For more information on the HotSpot VM, see

Supported JDK software versions:

JDK 1.3.1_02, JDK 1.4.0_01, JDK 1.4.0_02, JDK 1.4.2_02*

*Supported via binary compatibility.

JDK Software Download Information

For more information about JVM/JRE version 1.2.x for Solaris OE, go to

Installation, Upgrade, and Migration Information

This section includes information for installing, upgrading, and migrating your Web Server.


When you install Web Server 6.0 SP10 over an existing installation of Sun ONE Web Server, the installer automatically detects and carries out the upgrade.

The following table summarizes the supported platforms for Web Server 6.0 SP10. To successfully run Sun ONE Web Server 6.0 SP10 on Windows 2000, at least 512 MB of memory and 2 GB of disk space are required.

Table 4  Web Server 6.0 SP10 Supported Platforms



Operating System



IBM AIX 4.3.3, 5.1



HP-UX 11.0, 11i


Intel x86

Windows NT 4.0 SP6a

Windows 2000 SP4 (for both Server, Advanced Server, and Professional Edition)



Solaris 2.6, 7*, 8, 9


Intel x86

1.   Red Hat Linux 6.2

    Kernel version 2.2.14-12


2.  Red Hat Linux 7.1


3.  Red Hat Linux 7.2

    kernel version: 2.4.7-10smp



4.  Red Hat Linux Advanced Server 2.1

    Kernel 2.4.9-e.3smp



    You may also create a symbolic link from to, although we recommend that you install ncurses4-5.0-5.i386.rpm.

5.  Sun Linux 5.0

    kernel version 2.4.9-31 enterprise on i686


*Supported via binary compatibility.

**As of Web Server 6.0, older SPARC CPUs are not supported. Web Server 6.0 SP10 continues to support the UltraSPARC architecture.


If you are running Web Server 6.0 SP10 on Red Hat Linux 7.2 or above, for optimal performance, you must tune kernel initialization parameters after you install the server.

Upgrade Issues

If you are running a 4.x version of iPlanet Web Server, in order to move to Web Server 6.0 SP10, you must migrate your existing server. However, if you have a 6.x version of Web Server, you can directly upgrade to Web Server 6.0 SP10.

Resolved Issues

This section contains list of issues resolved in the following service pack releases:

Issues Resolved in SP10

This section lists issues resolved in Web Server 6.0 SP10.

Problem 6239342. Cross-site scripting vulnerability in a default error page.

Problem 6295325. Web Server should implement a time-out parameter for its LDAP connections pool.

The timeout value in seconds for ldapsession bind and ldap search can be mentioned in server_root/userdb/dbswitch.conf as below. By default there is no timeout. Sample dbswitch.conf:

default:binddn cn=Directory Manager
default:encoded bindpw Odg4ODg4ODg=
default:timeout 60

Problem 6302377. Servlet container UTF-8 URI mapping vulnerability.

Problem 4981383. Admin-UI generates Internal Error with certain browser settings.

Problem 6269353. Web Server 6.0 SP9 uses anonymous bind to a Secure LDAP Server when setting up Distributed Admin.

Problem 6292582. SNMP MIB for "iwsFractionSysMemUsage" not showing correct results for iws6.0 sp9.

Problem 4879994. SSL: data larger than 8K is lost when the request triggers new SSL handshake.

Problem 6297844. Admin: hitting GET request max length limitation when editing Security Settings of LS.

Problem 4718466. After importing 6th key to crypto module, WS admin GUI edit listen socket functionality returns errors.

Problem 6285847. Requests with Double 'Content-Length' header should get rejected (HRS Vulnerability).

Problem 6286541. Content-length issue for requests of the type "GET or POST / HTTP/1.x".

Problem 6180991. Internal-Daemon Log Rotation does not work for files greater than 2GB.

Problem 6282733. perfdump bucket not working for web applications.

Problem 6316387. Web Server does not respond correctly when handling the "if-unmodified-since" header.

Problem 6318003. Web Server sends back the actual content with 412 code for request with if-unmodified-since and range.

Problem 6170938. Acceptlanguage does not work for User Document Directories.

Issues Resolved in SP9

This section lists issues resolved in Web Server 6.0 SP9.

Problem 6171934. NSS upgraded to address Sun Alert #57632.

Problem 5007766. Web Server 6.0 SPx adding listen socket without selecting VS throws server internal error.

Problem 5048543. Web Server 6.0 SP8: Web Server does not start with LD_PRELOAD of on Solaris 5.6.

Problem 6155547. ETag value changes only if file size changes when nocache is set, causing problematic 304 responses.

Problem 6067407. Problems using ACL_LDAPSessionFree().

Problem 5046703. Web Server is crashing with SIGSEGV.

Problem 4813726. JSP compilation errors are not thrown when a filter is configured.

Problem 5011384. Error-page does not catch java.exceptions in web.xml.

Problem 6165897. sendRedirect via invoker servlet mapping returns incorrect absolute URL.

Problem 4781168. URI redirection within error block of web.xml.

Problem 6165748. Result from getServletPath() is incorrect when invoker mapping is used.

Issues Resolved in SP8

This section lists issues resolved in Web Server 6.0 SP8.

Problem 5014145. Muliple SSI includes that pass parameters are not passed properly.

Problem 4852204. WINDOWS: JSP case-sensitivity issue.

Problem 4867887. Basic authorization fails for users with uids which include embedded spaces.

Problem 4856895. The uxwdog process crashes on multiple CPUs machine during shut down.

Problem 4870471. Problems with exceptions when code is compiled with the compat=5 option.

To resolve this issue, has to be LD_PRELOAD, for this, edit the start script for that instance and add the following line:

LD_PRELOAD=${SERVER_ROOT}/bin/https/lib/; export LD_PRELOAD

Replace with the directory where the Web Server is installed. Then restart the server.

Problem 4950628. Defunct 'worker' ns-httpd process cleanup.

Problem 4937602. jvm.trace=7 does not send exception details to client browser.

Problem 4663547. Handle the EINTR error from the sendfilev() system call.

Problem 5004542. ASN.1 parsing bug can cause server crash.

Problem 4962458. Windows 2000/CGI: Perl Script 500 error due to space character in header.

Problem 4976953. Forbidden error results to a GET for a file with correct group permissions.

Problem 4842812. Unable to perform a "Restrict Access" (Notes) using Netscape 7.x.

Problem 4824095. ClassCache directories are world writable.

Problem 4927966. getContextPath() call violates servlet 2.2 spec in default root context.

Problem 4957829. LDAP: user can enter wildcard * for UID in basic authentication.

Problem 4968857. htconvert not converting wildcard patterns correctly.

Problem 4959579. Running Apache Struts 1.1 web applications under WS 6.0.

Problem 4911580. Internal error encountered on adding a server.

Problem 4842601. Accept-language security issue.

Problem 4793981. Enabling WebPub or Remote File Manipulation allows any user to obtain a directory listing.

Problem 4951020. Error logged in windows event viewer when webserver service is started.

Problem 4683680. Two ErrorMsg boxes are not needed, while editing the Acceptors in "Listen Socket.

Problem 4753595. SSLCacheEntries, SSLSessionTimeout, and SSL3SessionTimeout are accepting negative values.

Problem 4794722. The htconvert perl script does not parse obj.conf and document-root path properly.

Problem 4767167. Internal Error returned when user updates the Quality of Service.

Problem 4976490. Log messages truncated.

Problem 4676945. Magnus Editor: CGI-Settings: Internal Error on form submit.

Problem 4706084. KeepAliveTimeout, MaxKeepAliveConnection, and KeepAliveThreads error.

Problem 4738584. Web Server 6.0: change in obj.conf processing in NameTrans.

When a servlet is accessed for the first time, it is processed through ServletByExt NameTrans, however, subsequent request goes through "servlet" NameTrans.

<Object name="default">
NameTrans from="/*" fn="assign-name" name="WSL-Protect"
NameTrans fn="NSServletNameTrans" name="servlet"
NameTrans fn="pfx2dir" from="/servlet" dir="/space/iws/41sp11/docs/servlet" name="ServletByExt"

==================== access /servlet/TestRequestObject

[09/Dec/2002:09:04:18] info (22539): for host trying to GET /servlet/TestRequestObject,
printer reports: printing location : I am in ServletByExt
[09/Dec/2002:09:04:18] info (22539): for host trying to GET /servlet/TestRequestObject,
printer reports: printing location : I am in WSL-Protect
[09/Dec/2002:09:04:18] info (22539): Internal Info: loading servlet /servlet/TestRequestObject
[09/Dec/2002:09:04:18] info (22539): /servlet/TestRequestObject: init

==================== shift + reload /servlet/TestRequestObject

[09/Dec/2002:09:04:27] info (22539): for host trying to GET /servlet/TestRequestObject,
printer reports: printing location : I am in servlet
[09/Dec/2002:09:04:27] info (22539): for host trying to GET /servlet/TestRequestObject,
printer reports: printing location : I am in WSL-Protect


NameTrans fn="pfx2dir" from="/servlet" ... name="ServletByExt" comes before NameTrans fn="NSServletNameTrans" name="servlet"

Problem 4934083. Crash during LDAP authentication.

Issues Resolved in SP7

This section lists issues resolved in Web Server 6.0 SP7.

Problem 4945089. ASN.1 parsing issue in SSL.

A problem has been identified in the implementation of the SSL protocols used by the Web Server that may be exploited as a Denial Of Service attack. Web Server 6.0 SP7 fixes this problem. If you use the Web Server to host sites that utilize SSL version 3 or TLS, you are strongly encouraged to install this Service Pack.

Problem 4881978. Mapping exceptions to a page via error-page does not work as expected.

Error pages in Sun ONE Web Server are customizable and may be configured in the WEB-INF/web.xml file. In previous versions of the Web Server, invoking a customized error page could sometimes lead to a “File Not Found” error. As of Web Server6.0 SP7, this problem has been fixed.

Problem 4639403. IP-based ACLs do not work correctly in 6.0.

Web Server 6.0 SP7 fixes problems related to IP-based access control. Enabling IP-based access control on a server instance requires no additional configuration steps. However, if you use distributed administration, you would need to perform certain additional configuration tasks. For more information about what you need to do, refer to Securing Access Control With Distributed Administration.

Problem 4884088. Problems in behavior of flow control when the using different kinds of forward implementations.

Problem 4924921. Cannot set jvm max heap size to greater than 800 MB on Windows 2000 using JDK 1.3.1.

Problem 4927622. Chunked encoded requests can cause high CPU usage.

Problem 4882664. Commit process hangs sometimes when a new web-app Solaris package is loaded.

Problem 4688286. QoS feature leaks memory.

Problem 4928623. If a virtual server is configured with more than one urlhost, the port number is not displayed upon mouseover of the home page.

Problem 4889045. HttpSession.setMaxInactiveInterval() does not work as expected.

Problem 4880013. View access logs page hides certain requests.

Problem 4841607. The 'nt-uri-clean' directive results in 404 errors.

Problem 4855807. AIX: Web server hang after restart by watchdog.

Problem 4871122. setDateHeader in the response object does not return date in correct timezone.

Issues Resolved in SP6

This section lists issues resolved in Web Server 6.0 SP6.

Problem 4842190. Problem Receiving Accept Language Header larger than 15 languages.

If you add more than 22 language tag entries in the accept-language header, an HTTP 400 error message is generated by the Web server.

Problem 4729667. DOC:5.8 OS Patch 111297-01 causes ns-httpd to hold files.

If you are running the Web Server on either the Solaris 8 OE with the Patch-ID# 111297-01 (SunOS 5.8: /usr/lib/ patch) installed or the Solaris 9 OE, the ns-httpd process continues to hold files until the server is restarted. To avoid this, set the value of the TransmitFile parameter to false in the nsfc.conf file, as shown below:


Problem 4801874. ACL_LDAPSessionAllocate always returns LAS_EVAL_FAIL.

The ACL_LDAPSessionAllocate method did not work in previous releases of the Web server. The problem is resolved in Web Server 6.0 SP6. Further, the dbname parameter in the ACL_LDAPSessionAllocate method corresponds to the id attribute of the USERDB element in the server.xml file. For more information, see the install-dir/plugins/nsacl/api-notes.html file.

Problem 4772309. Unknown AVA Error.

The DN attribute Serial Number was not being recognized by previous releases of the Web server due to the version of NSS used. (Note that Web Server 6.0 SP9 uses NSS version

Problem 4848896. Digest authentication plugin crashes for a particular type of request.

To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.

Problem 4839875. JSP cache refresh failure with shared ClassCache directory.

Sun ONE Web Server does not support the use of shared ClassCache directories. Each instance directory, including the ClassCache directory, must be created on a local file system and not on an NFS volume.

Problem 4811418. Digest Authentication Fails.

To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.

Problem 4814776. Slapd fails in digest-auth plugin with un-encrypted iplanetReversiblePassword.

To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.

Problem 4819405. Memory growth/leak of slapd process with digestauth plugin from iws.

To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.

Problem 4820513. Digest auth plugin not thread safe.

To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.

Problem 4849914. Memory Leak in digest-auth plugin for a particular type of request.

To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.

Problem 4821182. iWS crashes when the digest plugin is disabled on iDS server.

To resolve digest authentication issues on Sun ONE Web Server, ensure that you are using Sun ONE Directory Server 5.1 SP1.

Problem 4838543. NSS upgrade bug.

This upgrade fixes the problem reported at on Vaudenay Timing Attack on CBCmode block ciphers.

Problem 4842574. Server crash with malformed request.

Problem 4793333. ns-httpd crash by SIGSEGV in KA subsystem code when restarting server

Problem 4822462. BASIC AUTH: cannot authenticate LDAP uids with space character.

Problem 4803095. Need to provide more detailed info in the error log in the case of SSL handshake.

Problem 4738586. NSS: Client Cert authentication against CN with UTF8 characters fail.

Problem 4742527. sendRedirect does not allow any absolute urls other than http/https.

Problem 4765538. Calling a servlet deployed in a webapp via shtml fails if the file is not in the docroot.

Problem 4823974. flex log buffer overflow causes HP-UX version of iWS6.0 crash.

Problem 4846815. JDK1.4.1: webserver jvm hangs when jsp requests ignore case sensitivity.

Problem 4858026. JSP: problem when posting large amounts of data.

Problem 4855546. Log analyser vulnerability.

Problem 4876161. request.getServletPath() returns a trailing slash when there is a trailing slash in the url-pattern in web.xml.

Problem 4873882. Not able to set the 'status' header with servlet API response.addHeader().

Issues Resolved in SP5

This section lists issues resolved in Web Server 6.0 SP5.

Problem 4536637. ADM:ACL: Win2k - Unable to edit ACL file through UI using Netscape 6.

If your browser uses a Java plugin supporting JRE 1.3 or higher (for example, Netscape Navigator™ 6.0 and above, or Internet Explorer configured with JRE 1.3 and above) to run applets, then, while accessing an applet, you will be prompted for your user name and password by the browser. This is because of extra security checks performed by JRE 1.3 and above.

If you are running version 6.x of Netscape Navigator browser on Windows, the browser might crash when you perform certain operations using the Restrict Access page. This is not the case with the 7.x version of Netscape Navigator browser. The problem is due to a browser-related issue that is more fully documented in the Release Notes for Netscape 6 Review Release 1.

Problem 4730907. S1WS 6.0 SP3 doesn't support custom HTTP OPTIONS method used by WebDAV.

Web Server 6.0 SP5 supports custom methods used by WebDAV clients. In case of problems with the OPTIONS method, edit the obj.conf file to set method="*" in the Service directive, as follows:

Service method="*" fn="NSServletService"


Service method="*" fn="NSServletService" servlet=<servletname>

This is applicable only in the case of web applications and not in the case of legacy servlets.

Problem 4698288. iws classloader problem with getResources(string) method.

As of Web Server 6.0 SP5, the ClassLoader has been modified so that a client call to the getResources function returns all available URLs for a resource.

Problem 4633275. iWS is unable to handle WML files correctly with Server Side Includes (SSI).

As of Web Server 6.0 SP5, an additional parameter content-type has been added to the SHTML tag in the #config directive. By configuring the #config directive, you can now specify the content-type a .shtml file will return. Example:

<!--#config content-type="text/vnd.wap.wml"-->

Problem 4673204. URL Forwarding of / on iWS 6.x does not work.

As of Web Server 6.0 SP5, the problem of URL forwarding when "/" is used for redirection, is resolved.

Problem 4540750. Can't run SSL server as non-admin users.

If you are running Web Server 6.0 SP5 on a secured server (with SSL), you can start the server only if you have logged in as a user with Local System Account (Administrator) privileges.

Problem 4642650. Option needed to disable appending of absolute URL in servlet/jsp container.

As of Web Server 6.0 SP5, in the case of web applications, the web-apps.xml file can be edited to set the value of the configuration parameter redirect-to-absolute-url to either true or false. When the value is set to true, the absolute path is appended to the URI for the location parameter in the response header. Example:


Note however, that this fix does not apply to legacy servlets.

Problem 4633798. ACL doesn't get configured properly on MS IE.

As of Web Server 6.0 SP5, this issue is resolved on Internet Explorer 5.0 SP2, and on Internet Explorer 5.5 and above.

Problem 4593181. system.out cannot be captured in the error log.

This issue is resolved as of Web Server 6.0 SP5. For more details, see magnus.conf Directive Enhancement.

Problem 4722738. '/p' and '/a' flag not working with -Xbootclasspath entry in jvm12.conf.

As of Web Server 6.0 SP5, the bootclasspath setting can be changed by editing the config/jvm12.conf file to set the value of jvm.option to the following:


  1. jvm.option=-Xbootclasspath:<path...>

      Here <path...> specifies the path that will override the runtime classpath in start-jvm.

  2. jvm.option=-Xbootclasspath/p:<path...>

      Here <path...> specifies the path that is to precede the runtime classpath in start-jvm or the overridden bootclasspath in (1).

  3. jvm.option=-Xbootclasspath/a:<path...>

      Here <path...> specifies the path that is to be appended to the runtime classpath in start-jvm or the overridden bootclasspath in (1).


The /a  or  /p  option may be specified only after -Xbootclasspath option on all platforms except AIX (on which the order does not matter).

The recommended order is as follows:


(If not specified, the runtime classpath in start-jvm is taken by default)



Problem 4735848. Setting IOTimeout magnus directive results in startup warning.

In Sun ONE Web Server, the magnus.conf directive AcceptTimeout achieves the functionality of what has been documented as the IOTimeout directive. For more details, see the Note in the Corrections to Documentation section..

Problem 4673404. Cannot search sub tree under configured base DN through distributed admin.

Duplicate group IDs within a defined scope could lead to the logging of internal errors if the group occurs in an ACL.

Problem 4684892. Log rotation failing unless the user is the admin server user.

The Administration Server and the cron daemon must be run as root for cron-based log rotation to function properly.

Problem 4770629. Webserver always allows the user in, if there is no UID in their distinguished name. This problem can be observed if the user’s DN entries in LDAP do not contain “UID=”.

As of Web Server 6.0 SP5, this authentication-related security issue for users of Directory servers has been resolved.

Problem 4655896. BufferedInputStream does not work.

Problem 4536127. OTHER:SEARCH Could not open the Verity session.

Problem 4646986. iWS6.0sp2: does not work.

Problem 4713916. setDateHeader in the response object does not return date in 4 digits.

Problem 4682434. CGI script fails that grabs environment variables fails to execute.

Problem 4696994. util_hostname in iWS6.0 SP1 behaves differently than that from iWS4.1SP9.

Problem 4723503. Path info gets truncated in cgi.

Problem 4641605. JSP Pages with page buffer is probably ignored.

Problem 4655889. Legacy JSP page compilation/syncronization problems.

Problem 4657029. Certain headers appears to be ignored by the server when sending them back to IE.

Problem 4635659. iWSSessionManager bug: can't run JSPs when MaxProcs > 1.

Problem 4665097. Legacy servlets do not work when specifying the error log file in server.xml.

Problem 4593111. Requesting a certificate fails with more than one external token.

Problem 4703090. PATH_INFO problem.

Problem 4538883. Search: Dr Watson when adding html or ascii collections.

Problem 4710819. Running perl cgi with relative path.

Problem 4661123. MaxCGIStubs, MinCGIStubs and CGIStubIdleTimeout directives are being ignored.

Problem 4650496. Post LDAP Failover. Client-cert authentication. The first access is denied.

Problem 4707996. Exception thrown with comments in magnus.conf file.

Problem 4725027. Migrate Cert feature for Admin Server is broken.

Problem 4742873. xml mime type needs to be added as default in webserver.

Issues Resolved in SP4

This section lists issues resolved in Web Server 6.0 SP4.

Problem 4713024. Search engine arbitrary file disclosure vulnerability.

As of Web Server 6.0 SP4, you cannot use the search pattern “..” in either a URL or in the path of a pattern file.

Problem 4707395. DOS:Transfer encoding bug.

The security problem due to buffer overflow with chunked encoding has been resolved in Web Server 6.0 SP4.

Issues Resolved in SP3

This section lists issues resolved in Web Server 6.0 SP3

Problem 4536410 (562171). SSL: Runtime Error occurring when select any cert Manage Certificate on IE.

The runtime error message was specific to Internet Explorer 5.5, which is no longer available for download. It does not appear with IE 5.5 Service Pack 2 or any other version of Internet Explorer.

Problem 4536442 (562558). Virtual Server: Server Error Encountered when Disable ACL Access Is On.

As of Web Server 6.0 SP3, even if access control is disabled at the server level, virtual servers irrespective of what class they are under, function properly.

Problem 4536399 (562134). Cannot Use Distributed Admin over LDAP with SSL.

As of Web Server 6.0 SP3, if the CA certificate is properly installed, Distributed Administration works smoothly with LDAP over SSL. For more information on installing the CA certificate, see iPlanet Web Server, Enterprise Edition Administrator's Guide.

Problem 4541660 (525692). Cannot Add a Cluster That is Under SSL.

As of Web Server 6.0 SP3, you can add a server to the cluster under SSL.

Problem 4536879 (553613). Monitor Current Activity: Cannot Monitor SSL-enabled Server.

Web Server 6.0 SP3 enables proper monitoring of the current activity of SSL-enabled servers.

Problem 4582824. 2 byte character in http header and plugin programs.

As of Web Server 6.0 SP3, you can enable response header encoding at either the web-app level or the virtual server level by setting the value of the configuration parameter use-responseCT-for-headers to any of the values, yes, true, or on, in the server-id/config/web-apps.xml file. The web-app setting overrides the virtual server level setting.

In the following example, response header encoding is disabled at the web-app level by setting the parameter value to false:


<web-app uri="/jakarta" dir="/export/home/ramach/Rtm1026/ns/server/work/B1/Sun
OS5.6_DBG.OBJ/docs/jakarta" enable="true">


If you are using legacy servlets, to enable response header encoding, set the value of the parameter to true in the server-id/config/ file. To disable this feature, set the parameter value to false.

Due to a browser issue, when you use the Korean character set, a version 4.7 or later Netscape browser, on Solaris 2.8 fails to display characters properly in the “File Save” dialog box. A bug has been filed with Netscape Communications Corporation.

As of this release, setting the value of the urlencoding parameter in the function index-common in the server-id/config/obj.conf file to off, enables index listing of encoded directories. Example:

Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common urlencoding="off"

Problem 4539568. Unable to create ACL under non SSL webserver with SSL LDAP server.

If your Sun ONE Web Server installation is configured to use an SSL LDAP server, you must also ensure that it has at least one of the following:

As of Web Server 6.0 SP3, in case of a bind failure, you will receive an LDAP bind error message.

Problem 4653116. Need to update appendix on data structures in the NSAPI Programmer’s Guide.

As of Web Server 6.0 SP3, the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide contains a new section titled “Changes to Function Flow” which discusses conditions that cause changes in the normal request handling process. Additionally, the section on the request data structure in the appendix on data structures has been updated.

Problem 4537817. ADM:web-apps: should add a “Remove” option under state section.

As of Web Server 6.0 SP3, if you do not specify the name of a web-apps file associated with a web application, when you delete the web application, the corresponding web-apps file is automatically deleted, and its associated entry in the server.xml file removed. Before deletion, however, you must ensure that no other server instance is referencing the web-apps file associated with the application you want to delete.

Problem 4527108. >51 entries in a specific .htacess file format causes server restart.

As of Web Server 6.0 SP3, in a .htaccess file, if the number of require directives exceeds 50, or if the number of entries under the allow or deny directives exceeds 50, subsequent entries are ignored, and an error is logged in the error log file located in https-server_name/logs/errors in the server root directory.

Problem 4536034. Implement verbose:gc option to work with iWS.

As of Web Server 6.0 SP3, the values allowed for the jvm.verboseMode parameter are gc, class and jni, with the default being gc. Please note that the parameter values are case-sensitive.

Problem 4672869. MBCS version Windows 2K: appending jsp with %81 to %99 displays source code.

If Web Server 6.0 SP3 is running on a Windows system using the multibyte character set, when you specify a URI, ensure that the path component of the URI (that is, the path, the filename, and the path-info, but not including the query) is less than or equal to 257 bytes.

For example, in the URI /cgi-bin/, the path to the resource (/cgi-bin/ and the path-info (/foo/bar) together must not exceed 257 bytes.

Problem 4551521 (554201). HP-UX: Heap Grows Linearly in HP with >24 Hour Stress Test.

As of Web Server 6.0 SP3, the parameter jvm.stickyAttach is by default set to 1 in the jvm12.conf file, and the memory footprint growth is under control.

Problem 4638330. Possible vulnerabilities reported on security advisor on SNMP.

Web Server 6.0 SP3 has been enhanced to provide robust and secure SNMP trap handling and request handling support. For more details, see the following Cert Advisory number:

Problem 4674755. Buffer overflow issues with iws6.x.

Buffer overflow issues with the Search functionality have been resolved in Web Server 6.0 SP3.

Problem 4655840. ACL cache broken with the SSL method of ACL authentication.

Problem 4623309. root CA certificate is not imported correctly in iWS 6.0.

Problem 4624104. Crash occurred in NSAPI SAF send-cgi.

Problem 4624881. Servlets: iWS adds additional Connection header to responses.

Problem 4633588. Role base authentication does not work for web applications deployed with root directory as the URI.

Problem 4548524 (558970). Silent Installation: Option Added for Port Numbers.

Problem 4549431 (554941). Installing Subcomponent 2, 4, or 5 on Top of iWS 6.0 SP1 Produces Error.

Problem 4549640 (555532) (Windows only). Installation: Unable to Load JVM.

Problem 4549406 (554863). Silent Installation Broken When Installing iWS 6.0 SP1 on Top of iWS 6.0.

Issues Resolved in SP2

This section lists issues resolved in Web Server 6.0 SP2.

Problem 556138. Keep-alive Subsystem Shows High Latencies Under Light Load and High CPU Usage Under Heavy Load.

As of Web Server 6.0 SP2, latencies under very light load have been reduced while increasing throughput under very heavy load. For more details, see Release Notes for iPlanet Web Server, Enterprise Edition Version 6.0SP2.

Problem 548237. Allow Behavior /Feature Modifications Based upon User-Agent.

As of Web Server 6.0 SP2, the <Client> tag can be used in obj.conf files to customize behavior for specific browsers. For example, the following obj.conf directives instruct Web Server to serve different content based on whether the user is using a Microsoft Internet Explorer (MSIE) browser:

<Client browser="*MSIE*">
NameTrans fn="document-root" root="$docroot/MSIE"
NameTrans fn="document-root" root="$docroot"

Problem 532427: SSL Interoperability with Microsoft Internet Explorer

The way Microsoft Internet Explorer (MSIE) handles SSL version 3 (SSLv3) and Transport Layer Security (TLS) keep-alive connections causes interoperability problems with non-Microsoft web servers such as Web Server. When accessing a web server over SSL (https://) connections, Internet Explorer may inappropriately display error messages or blank pages.

Web Server 6.0 SP2 introduces new functionality to work around this problem. Two remedies are possible:

  1. Add the following line immediately below the <Object name="default"> line in the server's obj.conf files:

    AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"

This line instructs the server to not send a close_notify alert when it closes SSLv3 connections from MSIE browsers. The close_notify packet is a required component of the SSLv3 and TLS specifications, but it is misinterpreted by MSIE.

Note that the close_notify packet is used in SSLv3 and TLS connections to inform the other party in the transaction that the connection is being closed. Instructing Web Server to not send the close_notify packet may make MSIE vulnerable to a truncation attack.

  1. Add the following line immediately below the <Object name="default"> line in the server's obj.conf files:

    AuthTrans fn="match-browser" browser="*MSIE*" keep-alive="disabled"

This line instructs the server to disable keep-alive connections for Internet Explorer browsers. Disabling keep-alive connections may decrease your server's performance.

Problem 550648 (NT only). Silent Installation: Broken on NT.

Problem 556697. Server Instability with ‘AsyncDns on’ in magnus.conf.

Problem 553079. SSL: Should place rsa_rc4_128_sha in order.

Problem 555848. Misleading SSLPARAMS error message.

Problem 555347. WDEPLOY GUI: Shouldn't allow to deploy 2 identical URI to 2 different directories.

Problem 551863. wdeploy doesn't create directory (under document root) when -d is omitted.

Problem 555814. WDEPLOY GUI: Internal Error when user re-enter “empty” for URI.

Problem 557009. wdeploy.bat does not work if IWS_SERVER_HOME has spaces (e.g. “C:\\Program Files\...").

Problem 559051. WDEPLOY GUI: User shouldn't allow to edit 2 identical URI.

Problem 548386. Administration problems when installation path contains a space.

Problem 555875. Web Application Sample: Missing little icon at some servlet example files (jakarta-examples).

Problem 552008. WDEPLOY: filename of invalid .war file is not reported.

Problem 553841. <Client> tag functionality.

Problem 552206. ClassCache directory should have Version file when an instance is added.

Problem 555373. Need to Support Extension Mappings for url-patterns in security-constraint.

Problem 551333. getInputStream.available() throws exception despite having a valid content.

Problem 552908. Fix form-login session manager behavior.

Problem 540088. Web applications should support iDS5.0 roles.

Problem 557875. SP1 regression: automatic reloading of web application servlets not working.

Problem 555913. Server crashes when a request is made to servlet/ of a web application that has an invoker servlet configured.

Problem 557270. web.xml <session-config> does not override web-apps.xml configuration for VS-wide session managers.

Problem 552758. Init directives in magnus.conf can't span lines.

Problem 554676. Reconfiguration error when server is started as root but run as a different user.

Problem 559204. Templatized installation fails if hostname has a hyphen (-) in it.

Problem 556730. iWS6.0 SP1 uninstall at ion does not stop the running processes.

Problem 554801. Admin: Create a new access log from the UI does not work correctly.

Problem 555144. UI: Add server page for NT and W2K should be improved.

Problem 556134. Migration: Inconsistency between platforms for Manage Server.

Problem 555978. UI: View button on Cluster Control does not work for Nav.6.01.

Problem 555517. Timeout is not working properly for chunked requests.

Problem 556529. Windows Installer: License file formatting is bad without any word wrap.

Problem 558681. Cluster Management - UI: Status field shows wrong status during server restart.

Problem 554488. Admin: Unable to generate report for a VS on certain cases.

Problem 554491. Admin: NT, Some types on mime.types are repeated.

Problem 557679. Upgrading 6.0 to 6.0SP1 results in multiple entries in start -jvm.

Problem 354145. Viewing large logs from the administration server is slow.

Problem 557652. Server should ignore MaxProcs setting on NT.

Problem 557285. Long error log lines hard to read in Administration Server.

Problem 553737. AcceptLanguage isn't migrated.

Problem 557765. nsapi.h has incorrect vs_is_default_vs() macro.

Problem 553002. Intermittent fork() hangs when accessing files over NFS.

Problem 558278. Crash with misconfigured LDAP entry in dbswitch.conf.

Problem 556642. License file has an extra blank line.

Problem 546926. Search engine does not index certain hi-bit characters.

Problem 556074. DOC: StrictHttpHeaders default value is on.

Problem 559705. Admin: Global|SNMP Master Trap Warning displays “managerwhich" or "communitystring."

Problem 558501. Quotes not stripped from charset value.

Problem 553055. Need match-browser functionality.

Problem 557766. Allow stats-xml elements to be selectively disabled.

Problem 557278. Administration Server shows HTML code embedded in access log.

Problem 557461. iWS60 providing 400 bad request response for windows media content.

Issues Resolved in SP1

This section lists issues resolved in Web Server 6.0 SP1.

Problem 550665. Specifying a Relative URI in a CGI Program's Location: Header Fails.

In previous versions of the server, CGI programs that wanted to redirect a browser to another location were forced to supply a URL, for example http://server/index.html, or an absolute URI, such as /index.html. Starting with SP1, relative URIs, such as index.html, are also accepted.

Problem 544444. No Way to Log Time Server Spent Processing Requests.

Prior to SP1 there was no way to log time the server spent processing requests. A new flex-log format variable, %duration%, has been added. %duration% records the time in microseconds the server spent handling the request. Statistics must be enabled for the server instance before %duration% can be used. See the iPlanet Web Server, Enterprise Edition Administrator's Guide for information on enabling statistics. For more information on log file formats, refer to the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide and the iPlanet Web Server, Enterprise Edition Administrator's Guide.

Problem 550505. Server Does Not Track the Number of Times the Keep-alive Subsystem Was Full.

Prior to SP1 there was no way to track when the keep-alive subsystem was full. The server now tracks the number of times a connection was not added to the keep-alive subsystem because the keep-alive subsystem was full. This information is presented as KeepAliveRefusals in .perf output. For more information on .perf, refer to the iPlanet Web Server 6.0 Performance Tuning, Sizing, and Scaling Guide.

Problem 549754. Cannot Use an Arbitrary URI as an Error Page.

Prior to SP1 it was not possible to use an arbitrary server resource, such as a JSP or SHTML page, as the error page. As of SP1, the parameter uri has been added to the send-error Error SAF. uri specifies the URI of a resource to use when an error is encountered.

Consider the following line from obj.conf:

Error fn="send-error" reason="Not Found" uri="/notfound.jsp" path="/usr/iplanet/servers/docs/notfound.html"

This line instructs send-error to behave as though the client had requested /notfound.jsp when the client requests a URI that does not exist. If an error is encountered when accessing /notfound.jsp, the HTML file at /usr/iplanet/servers/docs/notfound.html will be displayed instead. For more information on the send-error Error SAF, refer to the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide.

Problem 554157. Search: Guided Search Screen Does Not Show Up Using IE. Problem 551659. Search: Guided Search Does Not Work Over SSL.

Problem 553775. JAVA: SECURITY Authentication Rules Broken Based on Role-mapping.

Problem 547682. JDK 1.3.1 Shuffled Parameters in Output Using Classic JVM.

Problem 551907. Filters Not Reloaded when the Classes in a Web Application Are Changed.

Problem 554353. Migration: Migration Page Throws Errors During Migration of Hardware Virtual Servers via virtual.conf

Problem 554465. wdeploy: Hard Delete Failed if Server Instance Not Running.

Problem 555730. Migration: Unable to Start Migrated Server Instance on NT.

Problem 546765. NCA Failure with Certain SAFs.

Problem 545375. VS: Using “any”,”ANY”,”INADDR_ANY” IP Could Not Select Matching IP.

Problem 545609. Hardware Virtual Servers Configured by obj.conf Do Not Get Migrated Properly.

Problem 552229. Web Application: Sample HelloWorld.war Needs Updating since the JAXP v1.1 Enforces DTD Conformance.

Problem 550920. getResource() Does Not Work on Resources Bundled in .jar files.

Problem 552001. WDEPLOY: Need to Have a Type Checking for the [-n] parameter.

Problem 551491. FileStore Fails to Report init Failure.

Problem 551144. New NSS Ciphers Are Automatically Enabled.

Problem 551103. Serialization Fix Causes JSP Recompilation Errors.

Problem 549900, 549774. Document Root Does Not Support Dash (-).

Problem 549762. Java Web Application Admin Screen Should Create Non-existent web-apps XML Files.

Problem 549749. wdeploy Does Not Work on VSs Other Than the Default One.

Problem 549618. VS: Couldn't Add Any Group Member when Select “any.”

Problem 543265. Admin: Dist. Admin Default Prompt Should Not Be ' '.

Problem 538648. VS: Do Not Allow VS State “off” While It Is the Default VS.

Problem 543245. Distributed Administration Issues an Error When LDAP Server is Down, Cannot Get to Web Server Administration Server.

Problem 550847. Update JAXP XML Parser to v1.1 (currently 1.0.1).

Problem 551863. wdeploy Doesn't Create Directory (under document root) When -d Is Omitted.

Problem 549749. Session Failover/Persistence Does Not Work with Legacy Servlets.

Problem 551553. Migration - JSPs: Getting Servlet Service Exception When Migrating JSPs from iWS 4.1 to iWS 6.0.

Problem 552516. JAVA: Failure in Authenticating a Valid User.

Problem 549797. Session Tracking Failed When No Session Manager Is Specified.

Problem 543748. jvm.serializeFirstRequest=1 Not Working Correctly.

Problem 543882. URL-Pattern Suffix Matching Misses Intended Mapping.

Problem 549541. Dist Admin: Set ACL for Preferences to a Particular User Gives a ‘Permission Denied’ when Click on Browse Button.

Problem 531704. NSAPI Configuration Doesn’t Migrate from 4.X to 6.0.

Problem 537073 (NT only). Migrate Server Page Throws Errors.

Problem 542994. AsyncDNS is not Supported in this Release of the Server.

Problem 519936. Entering an Extra Space on the Listen Socket Generates an Error.

Problem 544385. Help for Clusters.

Problem. 544449. Cannot Change Groups Settings in Edit Listen Socket when Listen Sockets Table IP Is Set to ‘Any’.

Problem 544902. Virtual Server User Interface Does not Accept “.” or “-” characters for Either the Listen Socket ID and the Virtual Server ID.

Problem 545947. Cannot Transfer magnus.conf to More than One Cluster at a Time.

Problem 535158. Unable to Stop the Server when using JDK version 1.2.2_07.

Problem 543691. Mail and News Collections Show Physical Path in URL.

Problem 539908. Unable to Generate Report for Server Statistics for Different Virtual Servers.

Problem 542976. Distributed Administration: Internal Error when “Allow end user access: = no”.

Problem 543876. “method Not allowed” for Manage Language List.

Problem 543902. Administration Server User Interface does Not Show the Entry for an User While ACL File Does Indicate the Entry.

Problem 545568. With Distributed Administration, End User Access not Loading User Page on Login.

Problem 544902. (Solaris only) JVM Options: Default JVM Options Should Be Optimal.

Problem 545874. (Windows NT only). An Error May Occur When Creating or Maintaining a Collection

Problem 543196. (Windows NT only) System Hangs When Adding Two Collections.

Known Problems and Solutions

This section lists known problems. Information is organized into the following areas:

Installation & Migration

Problem 5013974. Java disabled instance will fail the Web Server migration

While installing Web Server 4.1, if the user selected 1,2 and 8 (i.e. not selected java support), jvm12.conf,, and files will not be created.

If the user then migrates this instance to Web Server 6.0, the migrated server will also not get these files. Web Server 6.0 does not support this configuration (without java support).


If the user installs Web Server 4.1 without Java, and then migrates to Web Server 6.0, they have to copy the three files (jvm12.conf,, and from the Web Server 60 instance to the migrated server.


Problem 4975675. Dynamic reconfiguration of Application Server load balancer xml file fails when server is under load.

Problem 5014545. SSI: Muliple SSI includes that pass parameters are not passed properly.

Problem 4991487. SEC_ERROR_BAD_DATABASE errors

Errors are logged from NSS after the DBM's in-memory cache reaches the maximum allowable size. When this behavior happens, DBM will try and create temporary files in order to expand its memory space. If it fails to create temporary files, it starts logging the following errors:

[11/Dec/2003:10:52:54] failure (20073): Error receiving connection (SEC_ERROR_BAD_DATABASE - Problem using certificate or key database)
[11/Dec/2003:10:52:54] failure (20073): Error receiving connection (SEC_ERROR_BAD_DATABASE - Problem using certificate or key database)
[11/Dec/2003:10:52:54] failure (20073): Error receiving connection (SEC_ERROR_BAD_DATABASE - Problem using certificate or key database)

This in turn results in the SEC_ERROR_BAD_DATABASE errors.


Set $TMP in the start script of web server to point to a file system (dir) writable by webserver user.

Problem 4963468. When ACL shortcut occurs, the ‘list’ right has no effect on directory listing.

According to the Sun ONE Web Server 6.1 Administrator's Guide, the ‘list’ right is required to obtain directory listings from directories that do not contain an index file. However, it is possible to obtain a directory listing even if the applicable ACLs deny the ‘list’ right. For this reason, if you need to restrict directory indexing, it is recommended that you do so by disabling indexing as documented in the Content Management chapter of the Administrator’s Guide, apart from or in addition to, denying the ‘list’ right.

Problem 4842812. Restrict access applet does not work on Mac browsers.

Access control applets do not work on browsers on the Mac OS since the LiveConnect feature, which allows Java methods to be invoked from JavaScript™ methods, is not supported. This is due to an inherent problem in the browser plugins bundled with the Mac OS. To use the Administration Server user interface to perform restrict access operations, you must use a browser on a different platform.

Problem 4900922. Certificate migration from 3.6 to 6.0.

Certificate migration from Netscape Enterprise Web Server 3.6 to Sun ONE Web Server 6.x is not supported.

Problem 4929913. Search engine does not extract index FTS information (FTS_Author/FTS_Title) from pdf files.


Edit the install-dir/plugins/search/common/style/pdf/style.ddd file in the following way:

Problem 4880304. Migration doesn't remove/modify the config files properly.

  1. During migration from a version 4.1 release to the 6.0 release of the Web Server, the Address directive from the magnus.conf file is also unnecessarily migrated. This leads to the following warning message at server startup: “Warning ( ): Address directive ignored.”
  2. The iPlanet Web Server, Enterprise Edition Installation Guide states that if your iPlanet Web Server 4.x Web application specified MMapSessionManager as the class name for the session manager, the application would remain unchanged after migration. However, this is incorrect because the package name of the SessionManager has been changed from com.netscape.server.http.session in the 4.1 version to com.iplanet.server.http.session in the 6.0 version of the Web Server.

Problem 4856890. I18n servlets and JSPs are failing with jdk 1.4 version.

The Web Server file that defines international character encoding is named i18n.jar; in the JDK 1.4 however, this file is named charsets.jar. Because of this discrepancy, the character encoding of Web resources cannot be resolved against the correct file.


Rename the file i18n.jar, located in the <install-dir>/https-admserv/start-jvm directory to charsets.jar, and restart the server.

Problem 4707739. JDK loading problem.


The server-id/https-admserv/start-jvm file bundled with Web Server 6.0 SP5 allows you to configure JVM environment settings. The server assumes that any file in the server-id/https-admserv directory with a name that begins with start- is a configuration file. So, for custom configuration activity, you can add more configuration files to the server-id/https-admserv directory taking care that the file names begin with start-.

Problem 4735410. Information lacking about how to correctly configure the .perf utility.


In order to enable perfdump, ensure that the .perf nametrans directive is specified before the document-root nametrans directive in the default object. Example:

NameTrans fn=assign-name from="/.perf" name="perf"

NameTrans fn=document-root root=/usr/server1/docs

Problem 4728951. Error encountered while using POST request to upload zipped files.


As of Web Server 6.0 SP5, if you are writing an NSAPI program that reads binary data, using the netbuf_getc function would cause a significant performance overhead in case of network error. You can use the netbuf_getbytes function instead to read binary data.


NSAPI_PUBLIC int netbuf_getbytes(netbuf *buf, char *buffer, int size)


The total number of bytes read from a network buffer. If an error occurs, it returns NETBUF_EOF or NETBUF_ERROR.


netbuf *buf: the network buffer from which to retrieve bytes.

char *buffer: the character array from where to retrieve bytes.

int size: the initial size of the character array.

Problem 4738873. Reconfig throws messages on the console.


As of Web Server 6.0 SP5, when you reconfigure the server dynamically either by executing the reconfig command on the command line or by applying the Load Configuration option through the Administration Server, additional informational messages appear on the console. These messages are identified by the "info:" prefix and can be safely ignored.

Problem 4680491. CSS causes oserr=130 in iWS 6.0 logs.


If you are using the Cisco Content Services Switch (CSS) with Sun ONE Web Server and have set the value of the sticky bit setting in CSS to on, the following error is logged periodically in the error logs:

failure ( 2210): Error accepting connection -5928, oserr=130 (Connect aborted)

This is caused not by a defect in Sun ONE Web Server but by the setting of the sticky bit in CSS. To avoid the error logging, set the value of the sticky bit in CSS to off.

Problem 4615230. Unable to create a search collection for a document root directory that has changed.


As of Web Server 6.0 SP5, to index a new document root directory, use the Administration Server to go to <server instance> | Virtual Server Class | Default Class | Content Mgmt | Additional Document Directories, and create a mapping for the new directory. The new directory will now appear listed in the Search -> New Collection directory index options.

Problem 4652585. Enabling distributed admin disables the local admin user in 6.0.x.


Before enabling distributed administration, create a user with the name and password of the local superuser (the user name and password you specified during installation), and add it to the distributed administration group.

Problem 4659434. web-apps allows URI to be created as /search.


Do not use reserved URIs to deploy web applications; for example, because /search is a reserved URI, do not use it as a URI for deployment, otherwise you will not be able to access the Search functionality. For a list of reserved URIs, see the obj.conf file directives in the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide.

Problem 4658415. Large stack size causing problems with JVM in JDK 1.3.


Because stack size requirements of different JDK versions are different, if you are using a JDK version that is different from the default JDK bundled with Web Server 6.0 SP5, you might experience stack overflow problems. In case you do, edit the StackSize directive in the server-id/config/magnus.conf file to modify the stack size for the request handling thread. The stack size limits for JDK 1.2.2 (for Solaris) and JDK 1.3.1 are as follows:

Problem 4618374. iWS unnecessarily decodes cookies passed between the client and the server.


To prevent default cookie encoding, change the value of the property in the server-root/server-instance/config/ file to false.

Problem 4637844. Cannot login to admin server, when run as non-root.


If you need to run the admin server with a non-root userid, invoke setup with the same userid.

Problem 4551032. LDAP auth succeeds but ACL fails when presented credentials contain whitespace.


During login, ensure that your user name does not contain any white spaces, otherwise the authentication attempt will fail and an error will be logged in the server's /logs/errors file.

Problem 4551470. VS Command line: Should Add an Option for Accept Lang on/off When Creating VS CLASS.

A new optional parameter, acptlang, has been added for creating a virtual server class. You must add [-acptlang] to the command line to enable accept language header parsing for your server. The default is ‘off’ if this parameter is not added.

Problem 4552476 (Unix only). Setuid Cgistub Shouldn't Allow Execution of Root-owned Binaries.

As of SP1, the set-user-ID-on-execute (suid) Cgistub will not allow a non-root user to execute programs owned by root. This change enhances the security of the suid Cgistub system.


If you require pre-SP1 functionality, log in as ‘root’ and perform the following steps from a command line to modify the suid Cgistub for instance https-instance in server root server_root:

  1. Change to the instance directory:

      cd server_root/https-instance

  2. Stop the server


  3. Change to Cgistub's private directory

      cd private

  4. Allow root to write to the private directory

      chmod 700

  5. Tell Cgistub to trust programs owned by user 0 (root)

      ./Cgistub -s "trusted_uid 0"

  6. Disallow writes to the private directory

      chmod 500

  7. Change to the instance directory

      cd ..

  8. Restart the server


Loading More Than 1000 Virtual Servers Slows Performance.

Adding more than 1000 software virtual servers under one class slows the loading of the Class Manager Members page.

Problem 4552549 (Windows 2000 only). Cluster Management: Transfer File Hangs the Admin Server and Creates a 0KB File Size.

Files are transferred by the master of the cluster requesting the remote machine's admin to run clxfer. The clxfer process of the remote machine requests the master to transfer the file, and the master runs clxfer to return the file. The master receives the host name of remote machine from the request, and finds the required file in /cluster/hostname/instance-names. If, for example, a remote machine named ‘charis’ is added to a cluster named ‘’, the request header with ‘charis’ as host name will fail to find the file in ‘cluster/charis’. The remote machine will receive a 0 byte file due to the error.


Ensure that all machines have the full name. To do that go to control panel -> system ->network identification -> property in your remote machine. Enter the primary DNS suffix to match the master machine.

Problem 4556698 (Solaris only). Cannot Throw Exceptions from -compat=5 plug-ins.


  1. When using version 5.0 or higher of the Sun/Forte WorkShop C++ compiler to create an NSAPI plug-in that throws exceptions, the -compat=4 option should be specified. This is necessary because, by default, WorkShop 5.0 generates object code that is not binary compatible with WorkShop 4.2 object code. Specifying -compat=4 makes newer WorkShop versions behave like version 4.2.
  2. If you are unable to specify -compat=4, add shlib_flags="(default|parent|group)" to your plug-in's Init fn="load-modules" line in magnus.conf. For example:

Problem 4561404. Use of conf_getglobals() in NSAPI Init Functions.

The following is an issue for NSAPI plug-in developers or for users of third party NSAPI plug-ins that have not been certified with iWS 6.0 by their developers.

  1. If you are the developer of an NSAPI Init function, here is the technical information needed to check if your plug-in suffers from this problem and if so, how to correct it:

    The use of the NSAPI conf_getglobals() function, or the various macros in the nsapi.h header file that refer to conf_getglobals(), is not recommended within NSAPI Init functions in iWS 6.0. conf_getglobals() can only return the properties of a single virtual server. In iWS 6.0, a single web server may have many virtual servers defined with completely distinct properties, such as port, hostname, and security. Also, the configuration of any virtual server in iWS 6.0 can dynamically change over time. Therefore, a plug-in should not attempt to retrieve and store the server configuration information during NSAPI Init time, but rather retrieve the configuration in an ephemeral way during request processing time, when the server configuration information is actually needed (e.g., to build links in a dynamic web page).

    The default behavior of conf_getglobals(), if called during Init in iWS 6.0 is to leave the following fields initialized with a default value (e.g., 0 , NULL): Vport, Vaddr, Vserver_hostname, Vsecurity_active, Vssl3_active, Vssl2_active, and Vsecure_auth. If your Init function relies on the values of these global fields but does not have error checking, it could crash and prevent the web server from coming up; or it could cause crashes at a later time if these null values are saved and later reused in other plug-in functions.

    If you are currently calling conf_getglobals() in your Init function, you should modify your code to eliminate any such calls. This will ensure proper operation of your plug-in in iWS 6.0 when multiple virtual servers exist. The conf_getglobals() NSAPI function will only return the proper values corresponding to the connection and virtual server on which the request was made if called during an NSAPI request processing phase - e.g., during an NSAPI AuthTrans, NameTrans, Service, or other NSAPI request processing phases.

    iWS 6.0 supports a compatibility mode for older plug-ins suffering from this problem. As noted in the user section, it requires the NSAPI Init functions to be marked as LateInit. When called

    from a LateInit Init function, conf_getglobals() will return the properties of the default virtual server of the default connection group of the legacy listen socket. In terms of the new XML configuration attributes, this means that conf_getglobals() now returns the properties of the defaultvs of the defaultgroup of the legacyls of the SERVER. It is recommended that the server should only have that single virtual server defined in this case to ensure consistent server and plug-in operation.

  2. If you are the user of an NSAPI Init function of a plug-in developed by a third party, you should contact the plug-in developer to find out if it is compatible with iWS 6.0 based on the technical information for developers stated in 1. Many Init functions will not be affected and are expected to continue to function unmodified with iWS 6.0, however, the determination of compatibility and possible need for an update should be made by the plug-in developer.

    If your plug-in vendor does not certify their Init function for use with iWS 6.0, and the function is found to suffer from the specific programming problem described in 1., you may work around the problem if:

Problem 4557651. TempDir Must be on Local File System.

For the magnus.conf TempDir directive, the TempDir directory must be located on a local file system in order for the server to function correctly. If the TempDir directory is on an NFS mount, the server may fail to function correctly.

Problem 4558476. Couldn’t Update Latest Data on UI Using IE 5.0.

When using Micosoft’s Internet Explorer web browser, version 5.0 is supported for end users only. For administrators, changes to the Sun ONE Web Server Administration Server configuration can be saved only when using Internet Explorer version 5.5.

Problem 4555642. A Change Made to Edit Listen Sockets Groups page Does not Allow Another Change to the Edit Listen Sockets Page.

When editing a Connection Group Settings value from the Edit Listen Sockets Groups Page, a server update occurs when the OK button is pressed. Following this, if you go to Edit Listen Sockets page again and change another property, such as the Security value from Off to On, then click OK, an error message may appear that states, ‘Please refresh your screen, data update by another user.’ The Security value has not changed.


To change a property on the Edit Listen Sockets page after changing a property on the Edit Listen Sockets Groups page, click the OK button twice to effect the change.

Problem 4555669. Load Configuration Files Button Should be Disabled When There are Changes in magnus.conf.

After administrative actions lead to changes in magnus.conf (e.g., enabling Search capabilities), the Load Configuration Files button cannot be used.


Use the Apply Changes button to load the changes applied to magnus.conf.

Problem 4538806. Add Certificate (or Replace Certificate) Page Help Button is Linked Incorrectly.

After installing a certificate and clicking OK, the Add Certificate page (or Replace Certificate page) appears. Clicking the Help link here takes you to the wrong area: Add Certificate Revocation List Page, instead of Add Other Certificate page.

Problem 4556358. Help Button from Compromised Key List (CKL) Page is Linked to Help for Certificate Revocation List (CRL) Page.

From the add CRL/CKL link, you can select the CKL file to display the ADD Compromised Key List page. The Help button on this page is linked to help for the CRL page.


Scroll down the help window until you see the help for ‘Add CRL.’

Problem 4535970 (NT only). SSL: ncipher GUI Does Not Show on Admin UI Under Security Section.

This problem shows up inconsistently and will be addressed in a future release.

Java and Java Servlets

Problem 4550099. JSP: <jsp:include page=”*.html” flush=”true” /> Throws Exception If Using With POST Method.


POST method is permitted on static content by default.

Problem 4549719. Web Deploy GUI: Internal Error When User Re-enters “empty” for URI.

If you have only one web application deployed, and you are trying to edit the URI, the URI cannot be empty.

Problem 4552103. JDK1.3.1:jvm12.conf: Server Doesn't Start with Default Min/MaxHeapSize.


Set the minHeapSize to 3.5 M and maxHeapSize to 64M.

Problem 4550675. (NT and W2K only) wdeploy: Can’t Run wdeploy Command.


Ignore the following error message when using the command line tools wdeploy and HttpServerAdmin: “A nonfatal internal JIT (3.10.107(x)) error 'Relocation error: NULL relocation target' has occurred in: 'org/apache/crimson/parser/Parser2.maybeComment (Z)Z': Interpreting method. Please report this error in detail to:

Problem 4555358 (Solaris only). JVM Options: Default JVM Options Should Be Optimal.


The version 6.0 SP1 release of Web Server supports JDK 1.3.1. Use /usr/lib/lwp threads for Java applications on Solaris 8. Most JVM and heap tuning are application specific.

You can find more details about these flags and other flags from:

Some of GC tuning flags are applicable to JDK1.2.2_07 as well.

Problem 4551911. JDK1.3.1: Configuring iWS for Debugging Servlets.


Please refer to JDK 1.3.1 debugging documentation:

You will need to configure Web Server 6.0 SP5 to use JDK instead of JRE before you can debug.

On Unix platforms only, make the following changes to the start-jvm script in the https-admserv directory:

  1. Add ${NSES_JDK}/lib/$arch substituting $arch with the appropriate string corresponding to the machine you are running on, for example sparc for SPARC boxes, to the end of the NSES_JRE_RUNTIME_LIBPATH variable.
  2. Make the following changes have to jvm12.conf:
    1. jvm.enableDebug=1
    2. java.compiler=NONE
    3. jvm.option=-classic
    4. jvm.option=-Xnoagent
    5. jvm.option=-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=<port> where <port> should be replaced by an arbitrary unused port number to which the debugger will connect, such as address=5000
  3. Start the Web Server.
  4. Connect to the web server using jdb specifying the port number configured above.

    jdb -attach <port>

    for example: jdb -attach 5000

You are now ready to debug your servlet or JSP.

Problem 4555386. (Solaris only) Negative jsps/servlets Result in Memory Leaks.

JSP compilation errors, such as incorrect JSP syntax, have resulted in an increase in memory (heap memory) on Solaris.


To work around this problem, pre-compile JSPs offline to catch such errors, or remove the offending JSP if the error logs contain compilation error messages for that JSP.

Platform-Specific Issues

Problem 4988370. Contents does not get updated under a particular situation on HPUX 11.0 platforms.

HP-UX operating system has two cache spaces called Page Cache and Buffer Cache for acessing files. Normally, when the application performs the mmap function, the file is mapped to Page Cache. However, currently the operating system has no responsibility to synchronize the date between the Page Cache and Buffer Cache, if the mmap is performed as PRIVATE option.

Even if the user copys the file, the operating system refreshes the cached data only in the Buffer Cache.


Use a vi editor to update the contents each time.

Platform-Specific Information

This section describes platform-specific known problems and workarounds for the following platforms:


If you are running Web Server 6.0 SP10 on Windows 2000, we recommend that you have the Windows Service Pack 3 installed on your system.

It is recommended that you use the Internet Explorer 5.X browser with Windows 2000 SP2 or later Server Edition.

Problem 4769670. Deletion of migrated instance in windows disables the original instance.

If you are migrating a 4.x version of the Web Server to version 6.0 or a Service Pack release of version 6.0, ensure that the newly migrated instance has a unique name.

If the migrated instance has the same name as the older instance of the server, you must take care not to delete either of the two instances; deleting any one instance would disable the other.

Problem 4806999. On W2K, Master Admin Server in cluster hangs when transferring a file.

When using Cluster Management on Web Server 6.0 SP5 on the Windows 2000 SP2 platform, the master Administration server hangs during file transfer. (See also the description of Problem 4552549.)


To resolve this problem, perform the following tasks:

  1. Ensure that all machines have the full name. To do so, on your remote machine, go to Control Panel -> System -> Network Identification -> Properties -> More -> and enter the primary DNS suffix to match the master machine.
  2. Configure kernelthreads property to set its value to on in the master administration server’s magnus.conf file.

    KernelThreads on

Problem 4638785. Deadlock problems with CGIs on Windows Platform.

If you are using CGIs on the Windows platform, edit the magnus.conf file to set the KernelThreads parameter to 1, as follows:

KernelThreads 1

For more information, see


Monitoring server activity with SNMP

To monitor server activity with the Simple Network Management Protocol (SNMP) on Web Server 6.0 SP6, use the native SNMP master agent available on the AIX platform, and not the SNMP master agent that is bundled with Web Server 6.0 SP6.

Refer to the section Reconfiguring the SNMP Native Agent in the Administrator's Guide, for more information on running SNMP on AIX.

Problem 4870599. ns-httpd crashes on AIX in digest-auth plugin with unencrypted iplanetReversible.


Problem 4651420. Web Server hangs on shutdown using the command line or the web interface.


This problem does not occur on Solaris 2.8 with the following patches installed:

However, it does occur on Solaris 2.6 because the corresponding patch for Solaris 2.6 is not available. To avoid the problem, you must upgrade to Solaris 2.8.


Problem 4766488. Internationalization: Search Page does not show up in HP-UX platform after migration.

The Search page cannot be accessed in a localized installation of Sun ONE Web Server 6.x on the HP-UX platform.

Corrections to Documentation


The documentation is several places refers to the IOTimeout directive in the server-id/config/magnus.conf file, which specifies the number of seconds the server waits for data to arrive from the client before closing the connection. In Sun ONE Web Server, this functionality is actually achieved by the AcceptTimeout directive. For example, to configure the server to wait for 60 seconds before closing connection, add the following line in the server-id/config/magnus.conf:

AcceptTimeout 60

Corrections to SP9 Documentation

Problem 6229343. Release note clarification on JDK vendors for Linux.

A note added in the Sun ONE™ Web Server Release Notes 6.0 SP10 to clarify JDK vendors for Linux.

Problem 6295335. nsessions is invalid keyword in dbswitch.conf. Replace it by the sessions keyword.

The iPlanet Web Server, Enterprise Edition Programmer's Guide documents an invalid keyword in dbswitch.conf. The valid keyword is `sessions'.

Problem 6021135. There is contradiction in terms of JDK1.4.1 support on HPUX in the release note of 6.0SP8.

JDK support information for HPUX is rectified in Sun ONE™ Web Server Release Notes 6.0 SP10.

Corrections to SP8 Documentation

Problem 5016571. Help page under "Generic Thread Pools" lists incorrect information.

The last line of the first paragraph says "To change thread pool settings once you've added the pool, edit obj.conf."
The instructions should specify magnus.conf instead of obj.conf.

Problem 4922165. Documentation incorrectly states that regular expressions can be used for the web-apps.xml web-app element's uri attribute.

The uri attribute of the web-app entry in the web-apps.xml Element Reference section in "Chapter 2, Web Applications," of the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets should read as follows:

Corrections to SP5 Documentation

Problem 4734710. Documentation needed on setting up Chroot using chroot directive in magnus.conf.

Web Server 6.0 SP5 does not support the magnus.conf directive chroot on the server instance.

Problem 4765021. No help related to upper and lower arrows in restrict access page.

The online help for the Edit Access Control Page does not include a description of the up arrow and down arrow glyphs that are used to swap access control restrictions. Clicking on the up arrow glyph swaps the access control restriction with the access control restriction preceding it. Clicking on the down arrow glyph swaps the access control restriction with the access control restriction succeeding it.

Problem 4756431. admin guide: server does not need to run as root to run SNMP master agent.

In the iPlanet Web Server, Enterprise Edition Administrator's Guide, the section titled Installing the SNMP Master Agent states that you cannot use the Server Manager to install and start the master SNMP agent unless the server is running as root. This is incorrect and should read as follows:

Problem 4698810. URL prefix is not working properly.

In the online help for Sun ONE Web Server 60 SP5, the online help page for server-id | Class Manager | Content Management | URL Forwarding incorrectly states that the URL Prefix setting forwards requests to a URL prefix, keeping the absolute path, and substituting one prefix for another. In fact, if the URL prefix you specify is /info and the forwarded URL Prefix is, then /info/movies gets redirected to

Problem 4685983. Documentation on exporting with pk12util needs to be corrected.

Step 6 in the section titled Exporting with pk12util in the iPlanet Web Server, Enterprise Edition Administrator's Guide contains an error in the example that illustrates the use of the pkutil command in Unix. The command should read as follows:

pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host-]

Problem 4743751. stats-xml docs incorrect, note that iwsstats.xml will be written to disk.

The iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets incorrectly states that the iwsstats.xml file that reports server performance statistics is written to disk at the following location:


The iwsstats.xml file is not written to disk but is dynamically generated only for URL access at the following URL:


Problem 4757928. Online "Help" for "Unauthorized" Error response is Misleading.

The Error Responses Page in the Web Server 6.0 SP5 online help is ambiguous about the conditions under which the web server returns the “Unauthorized” and “Forbidden” error responses.

The “Unauthorized” error response occurs if the client fails to send certain authorization headers that the server needs for authenticating the client against access control rules. It also occurs if the user name and password details sent by the client are incorrect. The “Forbidden” error response occurs when the client requests a resource that is denied access due to access control restrictions. It may also occur because the server does not have permission to access the requested resource.

Problem 4745284. Wrong info in programmer's guide for editing jvm12.conf while using Forte for Java.

In the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets, the section that describes remote debugging, Using Forte For Java to Debug Servlets and JSPs, incorrectly states that the jvm.conf file must be edited differently if JDPA is installed on the system.

Irrespective of whether JDPA is installed, Step 7 in this section should read as follows:

Problem 4751380. There is no help related to user in Magnus editor for Performance settings.

The online help for the Performance Settings | Magnus Editor page does not contain a description of the User parameter. For a complete description of the User parameter, see Table 2-1 (magnus.conf directives) in the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets.

Problem 4655945. Need to update the docs with reference to admin ACL help file.

The online help for the Administration Server’s Restrict Access Page incorrectly refers to the help instructions for restricting access on the instance server. The correct instructions can be found at the following location on your machine: http://hostname.domain-name:administration_port/https-admserv/manual/ag/esprefs.htm#1006194

Problem 4698045. Styles help does not show correct options.

The online help for the Class Manager | Manage Virtual Server | Styles | Edit a Style page incorrectly lists Cache Control, Require Stronger Security, Restrict Access, Dynamic Configuration, and Symbolic Links as style configuration categories supported by Sun ONE Web Server while the option for .htaccess Configuration is not documented.

Corrections to SP3 Documentation

Problem 4607112. After Cipher Default, SSL2, or SSL3 alg selection, web server won't start.

The "Selecting Ciphers" section of the iPlanet Web Server, Enterprise Edition Administrator's Guide omits to mention that irrespective of any changes made to the security settings of the Listen Socket, clicking the Cipher Default link configures the server with default cipher settings.

Problem 4629790. ADM:i18n: Latin1(ISO-8859-1) instance names are not displaying properly on JA-NT.

The Server Identifier used by the Administration Server to identify a server instance must be specified using ASCII and not Latin-1 characters.

Problem 4622241. DOC: admin and iWS do not require the same group.

The user you use to run the Sun ONE Web Server should, but not necessarily must, be in the same group as the user you use to run the Administration Server. The iPlanet Web Server, Enterprise Edition Installation Guide incorrectly specifies this as a mandatory requirement.

Problem 4550934. importCore doesn't migrate Init directives that span lines.

The iPlanet Web Server, Enterprise Edition Installation Guide omits to mention that during migration, multi-line Init directives are compressed to single-line directives in the server-id/config/magnus.conf file

Problem 4535864. Chapter 15 Deploying Web Applications doc error.

In Chapter 15 of the iPlanet Web Server, Enterprise Edition Administrator's Guide, Step 5 under the section “Deploying Web Applications” should read as follows:

In the same chapter, the command parameter incorrectly specified as idirectory should read directory.

Problem 4537301. DOC: Steps for using the Solaris Network Cache and Accelerator fails.

In the iPlanet Web Server 6.0 Performance Tuning, Sizing, and Scaling Guide, the section “Using the Solaris Network Cache and Accelerator” omits to mention that if you are using a version of Solaris that is lower than Solaris 8 Update 5, you would need the following additional patches:

Problem 4537391. NSAPI Programmer’s Guide net_read documentation error.

The documentation for the net_read function in the iPlanet Web Server, Enterprise Edition NSAPI Programmer's Guide should read as follows: “The net_read function returns the number of bytes read, which will not exceed the maximum size, sz. A negative value is returned if an error has occurred.”

Problem 4537696. Admin:Global|SNMP MA Community|Help: Wrong Operation Title.

In the online help, operations allowed for the SNMP Master Agent Community should read as follows: “Allow ALL Operations”, “Allow GET Operations”, and “Allow SET Operations.”

Problem 4536922. With IE 5.x, clicking the Help button, in some cases, incorrectly links to the top of the help page.

Problem 4543590. DOC: Errors in Help file on Dynamic config.

The <Limit> directive in the section titled “Example of a .htaccess File” of the iPlanet Web Server, Enterprise Edition Administrator's Guide has been incorrectly documented. The text should read <Limit GET POST> instead of <Limit> GET POST, and <Limit PUT DELETE> instead of <Limit> PUT DELETE.

Problem 4651997. Docs imply that Microsoft FrontPage ‘00/’02 Server Extensions are supported.

The iPlanet Web Server, Enterprise Edition Administrator's Guide incorrectly states that the Sun ONE Web Server can be extended to support Microsoft FrontPage webs. Third-party server extensions that extend server-side support for Microsoft FrontPage webs are not supported by Sun ONE Web Server.

Problem 4682979. Cluster Management - Documentation for using variables in file transfer is inadequate.

The “Adding Variables” section in the chapter “Managing Server Clusters” in the iPlanet Web Server, Enterprise Edition Administrator's Guide does not adequately describe how variables are transferred within a cluster. The paragraph at the end of the specified section should read as follows:

“The variable must also be added to the server’s configuration file you are transferring to the slave. For example, if you are transferring the variable port, the variable should be declared in a server configuration file, say server.xml, as shown below:

<SERVER legacyls="ls1" qosactive="no" qosmetricsinterval="30" qosrecomputeinterval="100">

<LS id="ls1" ip="" port="$port" security="off" acceptorthreads="1" blocking="no">

You can set variables with different values for each slave in the configuration file. Once added, variables can also be edited and deleted using the drop-down Option list in the Add Variables page.”

Problem 4687544. Cannot enable remote servlet debugging with JDK 1.3.1.

The instructions for remote servlet debugging as documented in the iPlanet Web Server 6.0, Enterprise Edition Programmer's Guide to Servlets require the use of JDK 1.2.

Problem 4691967. obj.conf mis-spelled as obj.con in the Cluster management help page.

The configuration file obj.conf has been incorrectly spelled as obj.con in the online help page for Cluster Management | Cluster Control.

Corrections to SP2 Documentation

Problem 4547170. Correction to NSAPI Programmer’s Guide.

By default, the server sends the requested file to the client by calling the send-file function. The directive that sets the default should read:

Service method="(GET|HEAD)" type="*~magnus-internal/*" fn="send-file"

Problem 4549669. Core: Restore Configuration Fails to Restore web-apps version .1 and server.xml version.1 file.

Removal of the web-apps.xml column of Restore Configuration page in the Server Manager causes the online help for that page to be inaccurate.

Problem 4549692. Changed Web Applications: No Clear Indication If Application is Enabled or Disabled.

A new column for ‘State’ has been added to the ‘Edit Web Application’ page of the Virtual Server Manager, which displays whether the installed application is ‘Enabled’ or ‘Disabled’, depending on the enable value (enable=TRUE/FALSE) in the web application file for that application (URI). This screen change was made after Web Server 6.0 SP1, and is not reflected in the Administrator’s Guide or online help.

Problem 4551328. AcceptLanguage documentation is incorrect.

Corrections to SP1 Documentation

The AIX platform is listed as a supported platform in some documents; however, it is not supported at this time.

Problem 4549807. A problem in the Programmer’s Guide.

The default value for StrictHttpHeaders was changed from ‘on’ to ‘off’ in SP2b.

Problem 4536620. A problem in the Programmer's Guide to Servlets.

Numerous chapters refer to themselves as “in this appendix.”

Problem 4549780. Incorrect Parameter Naming in Programmer's Guide to Servlets.

jvm.compiler found twice on page 52 under ‘Debugging Servlets and JSPs’ is not a recognized parameter in VM. jvm.compiler should read java.compiler.

Problem 4537261. Duplication of Content in Administrator’s Guide.

The steps on page 234 ‘Configuring the SNMP Master Agent’ are a duplication of ‘Installing the SNMP Master Agent’ on page 230, and are inaccurate. The steps should read ‘Configuring the SNMP Subagent’:

  1. From the Administration Server, select the server instance and click Manage.
  2. Select the Monitor tab.
  3. Select SNMP Subagent Configuration.
  4. (Unix only) Enter the name and domain of the server in the Master Host field.
  5. Enter the Description of the server, including operating system information.
  6. Enter the Organization responsible for the server.
  7. Enter the absolute path for the server in the Location field.
  8. Enter the name of the person responsible for the server and the person’s contact information in the Contact field.
  9. Select On to Enable the SNMP Statistics Collection.
  10. Click OK.
  11. Click Apply.
  12. Select Apply Changes to restart your server for changes to take effect.

How to Report Problems and Provide Feedback

If you have problems with Sun ONE Web Server, contact Sun customer support using one of the following mechanisms:

So that we can best assist you in resolving problems, please have the following information available when you contact support:

Additional Sun Resources

Useful Sun ONE information can be found at the following Internet locations:

Copyright © 2004 Sun Microsystems, Inc. All rights reserved.

Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at and one or more additional patents or pending patent applications in the U.S. and in other countries.


U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.

Use is subject to license terms.

This distribution may include materials developed by third parties.

Portions may be derived from Berkeley BSD systems, licensed from U. of CA.

Sun, Sun Microsystems, the Sun logo, Java and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries.

Copyright © 2004 Sun Microsystems, Inc. Tous droits réservés.

Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés à l'adresse et un ou les brevets supplémentaires ou les applications de brevet en attente aux Etats - Unis et dans les autres pays.


L'utilisation est soumise aux termes du contrat de licence.

Cette distribution peut comprendre des composants développés par des tierces parties.

Des parties de ce produit pourront être dérivées des systèmes Berkeley BSD licenciés par l'Université de Californie.

Sun, Sun Microsystems, le logo Sun, Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays.

Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays.