2. About Sun GlassFish Enterprise Server
3. Known Issues and Limitations
Enterprise Server does not detect conflicts with the heartbeat port of a cluster (Issue number 1967)
Domain creation stops on NFS server running 64-bit Linux (Issue Number 1961)
Performance degradation seen when a huge log file is rotated (6718611)
Failed to Deploy Generic RA Resource Adapter against IBM MQ (Issue 6605)
Standalone instances sometimes obtain files from other instances (6698604)
Startup Message from the start-cluster command are too verbose (6728317)
Failed to Deploy Generic RA Resource Adapter against IBM MQ (Issue 6605)
The package-appclient script does not work if domain1 is not present (6171458)
Starting the Server with additional JMX Agent is not supported (6200011)
.asadmintruststore file not described in the Enterprise Server documentation (6315957)
Clustered instances fail to start due to a timeout in reaching the JMS broker (6523663)
Cannot display jmaki chart in Netscape 8.1.3, Mozilla 1.7 and Safari 2.0.4 browsers (6543014)
Default ports changing in each AS major release (6566481)
The create-domain command fails with custom master password in AIX (6628170)
Solution: (AIX) To Create a Domain With a Custom Master Password
Apache and Load Balancer Plugin
SGES 2.1.1 Patch 2 LB plugin on WS7u8 crashes the web server on SUSE Linux 10 SP2 (6928066)
Must start Apache Web Server as root (6308021)
Library JAR packaged in Application Client Archive overwrites MANIFEST file (6193556)
ACC always tries to connect to localhost:3700 (6527987)
Unable to start domain , missing sunpkcs11.jar (6571044)
PreparedStatement errors (6170432)
Java DB is not started after machine reboot or server start (6515124)
Autodeployment fails on a cluster sometimes (6610527)
Bundled ANT throws java.lang.NoClassDefFoundError (6265624)
Application specific classloader not used by JSP compilation (6693246)
Javadoc Inconsistencies (various IDs)
GlassFish 2.x documentation referring to invalid create-session-store command (6935976)
HTTP Service Statistics attributes discrepancies (7018903)
Glassfish GFv2 Mod_JK AJP listens to all interfaces (7008190)
[UB]The *Global Transaction support box* is nowhere to be found (7536)
Misleading Documentation for Configuring JMS Physical Destinations
Upgrade Procedure is Confusing
Resouce Injection does not work in HandlerChain (6750245)
HADB Configuration with Double Networks (no ID)
HADB Database Creation Fails (no ID)
hadbm set does not check resource availability (disk and memory space) (5091280)
Heterogeneous paths for packagepath not supported (5091349)
hadbm createdomain may fail (6173886, 6253132)
Starting, stopping, and reconfiguring HADB may fail or hang (6230792, 6230415)
The management agent terminates with the exception "IPV6_MULTICAST_IF failed" (6232140)
clu_trans_srv cannot be interrupted (6249685)
hadbm does not support passwords containing capital letters (6262824)
Install/removal and symlink preservation (6271063)
Management agents in global and local zones may interfere (6273681)
Non-root users cannot manage HADB (6275319)
The Management Agent should not use special-use interfaces (6293912)
Reassembly failures on Windows (6291562)
Session state not maintained if the browser has another cookie with / path (6553415)
LB does not work with IIS 6; SASL32.DLL and ZLIB.DLL missing under as-install/lib (6572184)
DAS creation/startup and HA package propagation issues in Global Zone (6573511)
Enable/disable LB for an instance/cluster should show correct status (6595113)
Installer decoration image shows old product version (6862674)
The start-domain Command Times Out on OpenSolaris 2008.11 (6820169 and 6741572)
Enterprise profile installation is not supported with a 64-bit JVM on a 64-bit platform (6977626)
Installation with 64-bit JDK Fails (6796171)
Enterprise Server installer crashes on Linux (6739013)
Installation shutdown hanging on some Linux systems after clicking the "Finish" button (5009728)
On Windows, the imq directory needs to be created during installation (6199697)
IFR. Was not able to install AS in the sparse local zone, MQ packages issue. (6555578)
After upgrade, the following exceptions are seen in the log when a domain is started. (6774663)
TopLink expects my Collection field/property to be cloneable (Issue Tracker 556)
GenerationType.IDENTITY and DataDirect Driver with SyBase (Issue Tracker 2431)
Setting ejb-timer-service property causes set command to fail (6193449)
Error thrown when list JMS physical destinations within non-DAS config (6532532)
Win2003 only: Non-paged pool leak memory, breaking tcp stack and richaccess test (6575349)
Setting debug statement for access,failure causes hang in server startup (6180095)
Log level Setting for Persistence Cannot Be Made Persistent (13253247)
Enterprise Server Does Not Start If MQ Broker is Not Started (6740797)
MQ broker fails to start with cluster profile on Linux (6524871)
Mismatch of old and new classes is created when imqjmsra.jar is loaded before upgrade (6740794)
Open JNDI Browsing from Admin UI dumps a huge amount of exceptions in the server.log (6591734)
AIX: monitor command doesn't work on AIX (6655731)
Solution: To Install the Missing libcliutil.so Library File
Installation Log Shows Failures for Samples Installation (6802286)
After upgrade Enterprise Server samples and JES5 portal samples compete on derby port 1527 (6574563)
Expired Root CA for CN=GTE CyberTrust Root 5, OU=GTE CyberTrust Solutions, Inc. (17405362)
To Delete the GTE CyberTrust Root 5 Certificate From the Truststore
Modify Policy Files for Existing Domains (17419736 and 17574160)
CA Certificate bundled with Enterprise Server v2.1.1 has expired (12287499)
OutofMemory Error in SSL Scenarios During Heavy Stress (JDK 6 Issue 23)
AIX: WSS dynamic encrypt key test failed due to server side certification validation error (6627379)
SSL termination is not working (6269102)
Socket connection leak with SSL (6492477)
General Vulnerability Assessment (Issue 17287)
Different domains are lost during upgrade when different build combinations are used (6546130)
Localized Online Help for asupgrade GUI Does Not Exist (6610170)
Solution: To Preserve All Node Agents in a Side-by-Side Upgrade of Multiple Domains
In-place upgrade does not update the index.html file of existing domain (6831429)
Unable to compile JSP page on resource constrained servers (6184122)
Enterprise Server does not support auth-passthrough Web Server 6.1 Add-On (6188932)
AS 9.1 b50e.Linux. Can not start WS after AS LB installation: libjvm.so:cannot open shared (6572654)
Ant task wsimport fails with Java EE SDK b33d (using JDK 1.6) with NoClassDefFoundError (6527842)
publish-to-registry commands fail in IFR EE builds (6602046)
wscompile fails with "package javax.xml.rpc does not exist" on JDK6 u4 b3 (6638567)
This section describes known administration issues and associated solutions.
When a cluster is created, Enterprise Server randomly assigns a heartbeat port between 1026 to 45556. For default-cluster, which is the default cluster created by a Enterprise Server installation, a random number selected between 0 to 45556. The cluster creation process does not accurately detect if the heartbeat port is already being used by another service.
If automated cluster creation configuration selects a heartbeat port that is in conflict with another service that is already using that port, update the cluster heartbeat port to a port that is not being used by the system.
To change the heartbeat port of a cluster, use the following asadmin command:
asadmin set cluster-name.heartbeat-port=newportnumber
The asadmin create-domain command may fail while attempting to create a domain on a Network File System (NFS) mounted file system with the NFS server running on 64-bit Linux.
No known solution.
When a huge log file is rotated, a slight increase in the response time is observed.
Performance degradation can be minimized by modifying the values for File Rotation Limit and File Rotation Time Limit in the Logger settings. The values for these properties would depend on your application and environment.
Deployment of a generic RA adapter against IBM Message Queue product fails. The permissions granted in the server.policy file is as follows.
grant { permission java.util.logging.LoggingPermission "control"; permission java.util.PropertyPermission "*", "read,write"; }
Change the permissions in the server.policy file as follows:
grant codeBase "file:${com.sun.aas.installRoot}/lib/install/applications/adminapp/-" { permission java.util.logging.LoggingPermission "control"; };
In some circumstances, files installed on the DAS intending to be synchronized with a specific instance actually get sent to additional instances.
No known solution.
The asadmin start-cluster command shows too many messages even when non-critical components fail during startup. See the following example command output when non-critical elements (related to the instances in the cluster) fail:
./asadmin start-cluster --port 9898 cluster1 Please enter the admin user name>admin Please enter the admin password> The clustered instance, instance2, was successfully started. error 0 [#|2008-07-17T14:58:16.496+0200|WARNING|sun-appserver9.1|javax.jms| _ThreadID=10;_ThreadName=main; _RequestID=90bbbe3a-d654-4480-b295-7e317d945a4a;|[C4003]: Error occurred on connection creation [localhost:37676]. - cause: java.net.ConnectException: Connection refused|#] error 1 [#|2008-07-17T14:58:17.517+0200|WARNING|sun-appserver9.1|javax.jms| _ThreadID=10;_ThreadName=main; _RequestID=90bbbe3a-d654-4480-b295-7e317d945a4a;|[C4003]: Error occurred on connection creation [localhost:37676]. - cause: java.net.ConnectException: Connection refused|#] error 2 [#|2008-07-17T14:58:30.596+0200|WARNING|sun-appserver9.1| javax.enterprise.system.container.ejb| _ThreadID=13;_ThreadName=pool-1-thread-4;TimerBean; _RequestID=5954a044-df06-4a3e-902a-0c40b4b6cddb; |EJB5108:Unable to initialize EJB Timer Service. The likely cause is the database has not been started or the timer database table has not been created.|#] error 3 [#|2008-07-17T14:58:32.512+0200|WARNING|sun-appserver9.1| javax.enterprise.resource.resourceadapter|_ThreadID=10;_ThreadName=main; __CallFlowPool;_RequestID=90bbbe3a-d654-4480-b295-7e317d945a4a;| RAR5005:Error in accessing XA resource with JNDI name [__CallFlowPool] for recovery|#] The clustered instance, instance1, was successfully started. error 0 [#|2008-07-17T14:58:21.117+0200|WARNING|sun-appserver9.1| javax.enterprise.system.container.ejb| _ThreadID=13;_ThreadName=pool-1-thread-4;TimerBean; _RequestID=30827d9a-72ac-4854-b216-06494b6a9fb5; |EJB5108:Unable to initialize EJB Timer Service. The likely cause is the database has not been started or the timer database table has not been created.|#] error 1 [#|2008-07-17T14:58:23.106+0200|WARNING|sun-appserver9.1| javax.enterprise.resource.resourceadapter| _ThreadID=10;_ThreadName=main;__CallFlowPool; _RequestID=b41d76fa-0203-49f7-a2ae-83bf242d3e7a; |RAR5005:Error in accessing XA resource with JNDI name [__CallFlowPool] for recovery|#] Command start-cluster executed successfully.
No known solution. These (exceptions) messages can be ignored.
Deployment of a generic RA adapter against IBM Message Queue product fails. The permissions granted in the server.policy file is as follows.
grant { permission java.util.logging.LoggingPermission "control"; permission java.util.PropertyPermission "*", "read,write"; }
Change the permissions in the server.policy file as follows:
grant codeBase "file:${com.sun.aas.installRoot}/lib/install/applications/adminapp/-" { permission java.util.logging.LoggingPermission "control"; };
By default, there is a hard-coded value in as-install/lib/package-appclient.xml for the AS_ACC_CONFIG variable for domain1 that is pointed to by asenv.conf. If domain1 is deleted and a new domain created, the AS_ACC_CONFIG variable is not updated with the new domain name, which causes the package-appclient script to fail.
Do one of the following:
Leave domain1 intact, and create your other domains around it.
Remove domain1 and replace the hard-coded value for domain1 in as-install/lib/package-appclient.xml with the new domain name.
This will have to be done every time a new domain is created if domain1 is not present.
J2SE 1.4.x, 5.0, or later can be configured on the server. An integral feature of J2SE 5.0 platform is the ability to start a JMX agent. This is activated when you explicitly set system properties at the server startup.
Example values include:
name="com.sun.management.jmxremote" value="true" name="com.sun.management.jmxremote.port" value="9999" name="com.sun.management.jmxremote.authenticate" value="false" name="com.sun.management.jmxremote.ssl" value="false"
After configuring JMX properties and starting the server, a new jmx-connector server is started within the Virtual Machine. An undesirable side-effect of this is that the administration functions are affected adversely, and the Administration Console and command—line interface may produce unexpected results. The problem is that there are some conflicts between the built in jmx-connector server and the new jmx-connector server.
If using jconsole (or any other JMX-compliant client), consider reusing the standard JMX Connector Server that is started with server startup.
When the server starts up, a line similar to the one shown below appears in the server.log. You can connect to the JMXService URL specified there and perform the same management/configuration operations after successfully providing the credentials; for example:
[#|2004-11-24T17:49:08.203-0800|INFO|sun-appserver-ee8.1| javax.enterprise.system.tools.admin|_ThreadID=10;|ADM1501: Here is the JMXServiceURL for the JMXConnectorServer: [service:jmx:rmi:///jndi/rmi://hostname:8686/management/ rmi-jmx-connector]. This is where the remote administrative clients should connect using the JSR 160 JMX Connectors.|#]
For more information, refer to the Sun GlassFish Enterprise Server v2.1.1 Administration Guide.
When setting up the load balancer configuration with an application that has an EJB module that exports a web service URL, the context root for the web service isn't in the resulting loadbalancer.xml file.
Edit the loadbalancer.xml file to add the missing web module as follows:
<web-module context-root="context-root-name" disable-timeout-in-minutes="30" enabled="true"/>
Replace context-root-name value with the context root name of the web service that was exposed as an EJB.
The .asadmintruststore file is not described in the Enterprise Server documentation. If this file does not exist in the server administrator's home directory, you may experience serious bugs when upgrading certain applications hosted on the server.
If possible, the asadmin start-domain domain1 command should be run by the user who installed the server.
If it is not run by that user, the .asadmintruststore should be moved or copied from the home directory of the user who performed the installation to the home directory of the user who is running the server.
Note that if the file is moved (not copied) from the installing user's home directory to the running user's home directory, you might experience application upgrade problems, as described in bugs 6309079, 6310428 and 6312869, because the upgrade/install user (normally root in Java ES) will no longer have the .asadminstruststore file in his or her home directory.
The default MQ integration mode for a Enterprise Server cluster instance is LOCAL. When Enterprise Server is installed in a location (PATH) that is long (read “not short”), imqbrokerscv.exe crashes when the cluster instance starts. The problem is a memory allocation problem in imqbrokersvc.
The JMS service type for the cluster instance must be changed from the default LOCAL to REMOTE. In this configuration, all the instances point back to the DAS broker. Follow the instructions below to configure a cluster in REMOTE mode.
Note - When using REMOTE mode, all instances are using one broker (DAS) , and therefore no broker cluster is created when the Enterprise Server cluster starts up. See “Auto-clustering” in Section 4.1, Division iii of the one-pager at http://wikis.sun.com/display/GlassFish for more information. The above functionality will not be available!
Before You Begin
Modify the port and password file according to your environment. Note that in the instructions below, the cluster name is racluster, the DAS admin port is 5858, and the DAS JMS port is 7676.
as-install/bin/asadmin.bat set --port 5858 --user admin --passwordfile \ as-install/bin/password_file racluster.jms-service.type=REMOTE
as-install/bin/asadmin.bat create-jms-host --port 5858 --user admin --passwordfile \ as-install/bin/password_file --target racluster --mqhost localhost --mqport 7676 \ --mquser admin --mqpassword admin dashost
as-install/bin/asadmin.bat set --port 5858 --user admin --passwordfile \ as-install/bin/password_file racluster.jms-service.default-jms-host=dashost
Hostname: localhost
Port: 7676
Admin user: admin
Password: admin
Modify these settings as appropriate for your DAS JMS service.
When trying to display a chart from the Log Statistics Monitoring page using some unsupported browsers, the following error may be thrown:
Error loading jmaki.widgets.jmaki.charting.line.Widget : id=form1:jmaki_chart11 Script: http://easqelx5.red.iplanet.com:4848/resources/jmaki/charting/ \ line/component.js (line:5437). Message: area.initialize is not a function
Use a supported browser. Refer to Browsers for a list of browsers supported by Enterprise Server v2.1.1.
The default admin port has changed in each of the past three major Enterprise Server releases. Specifically, the default admin ports in 7.x, 8.x, and 9.x are as follows:
AS 7.x: 4848
AS 8.x: 4849
AS 9.x: 4848
This is not a bug, but something to be aware of. The default admin port is just a recommendation. It is anticipated that future Enterprise Server releases going forward will retain the default 4848 port.
On the AIX operating system, an attempt to create a domain with a custom master password fails with the following error:
keytool error (likely untranslated): java.lang.NullPointerException Enter keystore password: New keystore password:
Note - In the procedure that follows, only the options that are required in each step are provided. If you require additional options for a command, specify these options in the command. For information about Enterprise Server commands, see Sun GlassFish Enterprise Server v2.1.1 Reference Manual.
#!/bin/sh changeKeystorePass() { keytool -storepasswd -keystore ${KEYSTORE} -storepass ${OLD} -new ${NEW} } changeTruststorePass() { keytool -storepasswd -keystore ${TRUSTSTORE} -storepass ${OLD} -new ${NEW} } changeKeyPass() { keytool -keypasswd -alias s1as -keystore ${KEYSTORE} -storepass ${NEW} -keypass ${OLD} -new ${NEW} } changeDomainPasswordEntry() { keytool -storepasswd -storetype JCEKS -keystore ${DOMAINPASSWORDS} -storepass ${OLD} -new ${NEW} } deleteMasterPasswordFile() { if [ -f ${DOMAIN_PATH}/master-password ] ; then echo Deleting ${DOMAIN_PATH}/master-password rm -f ${DOMAIN_PATH}/master-password fi } DOMAIN_PATH=$1 OLD=$2 NEW=$3 if [ $# != 3 ] ; then echo Usage: $0 domain-path old-master-pass new-master-pass exit 1 fi echo Processing ... if [ ! -f ${DOMAIN_PATH}/config/domain.xml ] ; then echo "Domain with folder ${DOMAIN_PATH} does not exist, create it first" exit 2 else KEYSTORE=${DOMAIN_PATH}/config/keystore.jks TRUSTSTORE=${DOMAIN_PATH}/config/cacerts.jks DOMAINPASSWORDS=${DOMAIN_PATH}/config/domain-passwords changeKeystorePass changeTruststorePass changeKeyPass changeDomainPasswordEntry deleteMasterPasswordFile fi
aadmin create-domain {--adminport aminportno|--portbase portbase} domain-name Please enter the admin user name>admin-user Please enter the admin password>admin-user-password Please enter the admin password again>admin-user-password Please enter the master password [Enter to accept the default]:> Please enter the master password again [Enter to accept the default]:>
The default master password is changeit.
To change the master password, run the script that you created in Step 1.
script-name domain-path old-password new-password
asadmin start-domain domain-name
Because the domain has a custom master password, you are prompted for the master password.
asadmin create-node-agent --port portno --user admin-user
asadmin start-node-agent
Because the domain has a custom master password, you are prompted for the master password.
See Also
The following Enterprise Server man pages:
create-domain(1)
create-node-agent(1)
start-domain(1)
start-node-agent(1)
On the AIX operating system, some OS-related operations might fail with the following error:
0403-027 The parameter list is too long
Examples of OS-related operations are deploying applications or running the application client container.
This issue is commonly caused by long file paths in the CLASSPATH environment variable.
Use one of the following solutions:
Increase the maximum length of the command line. For more information, see (AIX) To Increase the Maximum Length of the Command Line.
Use the xargs command to construct the argument list and start the command. The xargs command allows commands to exceed the maximum length of the command line.
The ncargs attribute determines maximum length of the command line, including environment variables. On the AIX operating system, the default value of the ncargs attribute is four, 4–Kbyte blocks. To ensure that Enterprise Server commands do not exceed the maximum length of the command line , increase this value to 16 4–Kbyte blocks.
Note - After the value of the ncargs attribute is changed, no reboot or refresh of daemons is required.
lsattr -EH -l sys0 | grep ncargs
chdev -l sys0 -a ncargs=16