Recently on CF-Talk I participated with super-gurus Dave Watts, Russ Michaels, Wil Genovese, Jochem Van Dieten and others trying to help Brook Davies overcome a ticklish obstacle. After updating here ColdFusion 8 server with the updater he was unable to start Coldfusion. Instead the /runtime/bin/cfusion-out.log presented him with this unhelpful error message.
"Error loading: C:/ColdFusion8/runtime/jre\bin\server\jvm.dll".Brook tried different paths and different JVMs - all to no avail. Finally he fell to frantically uninstalling and reinstalling, updating and rolling back and (presumably) consuming large quantities alcohol. The list was helpful with a variety of suggestions. Suggestions ranged from a bit depth mismatch (a 32 bit OS trying to run a 64bit JVM for example), to paths, bad downloads, file I/O, wrong updaters - the whole gamut. But nothing seemed to work.
Finally, user "Mack" (a newcomer to me) figured it out. The install in question was using a custom or incorrect version of the msvcr71.dll file. This is a core library on a windows machine. The jvm.dll cannot be instantiated without it - and in this case the version of that file was important as well. Mack copied the newest version into the /runtime/bin directory and the JVM was able to load. There are a couple things to note here. First, I don't now what the exact version should be. My information has Mack copying the dll from a running install into the bin directory and that did the trick. Secondly, you don't need to register the dll or overwrite it in the system32 directory. Apparently Jrun looks first in the /bin directory and then elsewhere - so as long as it's in the bin directory it's cool.
Finally, user Leigh (a princess I presume) noticed these 2 bugs in the Sun bug tracker for 1.6 which could be related.
As we continue our saga against the evil empire our intrepid Jedi, Master Muse, has a new chapter of knowledge to share. So with this post I'm adding a few things you may need to know to work with .NET integration on ColdFusion - in this case ColdFusion 8.01 enterprise in "multi-server" mode. Before I continue it might behoove you to read my previous post on Muse vs. .NET integration Part I and Muse Vs. .NET Integration Part 2. These 2 previous posts provide a blow-by-blow description of issues faced and resolved to get this running. My father used to say "behoove" so I pulled it out of the attic to use here. It means "It might be in your interest" but as a child I always thought it had to do with goats or fauns or something - but I digress.
Here is the latest information we have uncovered in our never ending quest to get .NET integration working smoothly on ColdFusion 8 64bit. Many thanks to fellow guru and very large brained friend Guy Rish for his tireless efforts to uncover some of these items. I'd also like to thank Dennis N for his part, a brilliant engineer in his own right who has kept at this with us till we solve it or die trying. I'd mention his last name but I don't have his permission :) Meanwhile......Read More
When last we left our story the Muse had put in a 6-7 hour marathon coding session through the night to create a CFC proxy work-around for his .NET problem. This temporary solution allowed the customer to continue working the following day so we could go back to scratching our heads over why .NET integration on our 64bit Multi-server was experiencing a failure to communicate. If you want to catch up on the story read my previous Part 1 post.
To recap, no matter what we tried we could not get CF to communicate with .NET on our production server (CF 8 Enterprise 64bit Multi-instance Install). We had tried installing and de-installing the service a few times to no avail. The first task was to get a successful recompile in 64bit that would run in a test environment. Team member (and all around genius developer) Guy Rish took charge of that effort. In fact, he got the assembly to recompile and he was able to instantiate and access its methods from his local CF8 64bit developer install running on Win7. From this we knew it was possible to get this working. We only needed to tease out the environmental differences to figure out what was blocking us. That task fell to me...Read More
When Adobe (then Macromedia) came out with Coldfusion 8 one of the oft touted features was the .NET integration service. The idea was to provide the same easy-to-use accessibility that create object used to give to COM (although COM itself was unstable) and still gives to Java and web services. Just like ColdFusion gives you handy access to the universe of Java, the .NET integration service was designed to give you equally handy access to the world of .NET assemblies and managed code.
In practice however, I found that few developers chose to use it as a solution. Why? I think one reason is likely the emergence of Web Services and SOAP as a practical intermediate middle layer between various technologies - and especially between .NET and Java. When the integration service worked it was an effective painless solution. When it did not work however, it proved difficult to troubleshoot and configure. The fact that it was not a commonly adopted solution meant that fewer developers where asking questions about it or choosing it as solution to .NET-to-Java integration problems.
The Muse and his merry men (and women) were no exception in this regard. As an active ColdFusion shop doing over 1000 hours of ColdFusion consulting each month, we have worked with .NET integration only a handful of times in the years since its release. In each of those cases it was very simple implementation. The .NET service was usually chosen because of the use of client certificates or some other special requirement that included a bit of managed code that was not easy to duplicate in CF. In most cases, however, the web service implementation meant more "pure" CF code and better compatibility. For that reason the Muse never really delved into how this service was set up or how to troubleshoot or configure it. Until recently that is....Read More
I was recently brought in at the 11th hour to an issue where a web service worked fine on an older 32 bit install of ColdFusion, but was not working on the new 64bit install. All the keystore certs were up to date and the client was scratching their collective heads. The web service in question used SSL and presented a client certificate. Now in order to do this in CF you have to manually construct your SOAP request and pass it as XML using CFHTTP. This is because only CFHTTP has an attribute for clientcert and clientcertpassword (as of CF 8 I believe).
In any case, the code our customer was using was straightforward. It assembled a soap request and then issued a call to CFHTTP like so:
The problem here is that a vulnerability in TSL (that's "SSL version 3.1" - see my previous post to learn more about the various SSL versions) was discovered in fall of 2009. This vulnerability allowed a "man in the middle" attacker to force a "renegotiation" of the handshake - thus allowing the insertion of arbitrary code into the request. Obviously this is a serious flaw. The fix was for vendors to simply disable the renegotiation feature in their products. So, for example, IIS 7 does not allow renegotiation by default.
So why is this issue not out there in the CF blogging world yet? First, I think that the use of client certs is a fairly small universe of ColdFusion applications. Second, Sun followed suit and fixed this issue with version 1.6.0_19 by disabling renegotiation. I think that many CF Servers are still using 1.6.0_18b or below - so this issue has yet to really rear its ugly head.
In any case, regular SSL requests continue to work as always with renegotiations disabled. A client certificate driven request is different however. It often requires renegotiation because of the complexity of the handshake (with 2 certificate pairs involved. That means client certificate driven CFHTTP SSL requests using the 1.6.0_19+ JVM will often fail to successfully negotiate a secure session. I want to say they will probably or certainly fail, but I'm not positive on that score.
You have two ways of fixing this. You can roll back to 1.6.0_18. Seeing as how the current build is _20 you may not want to do this. Or, if you want to stay on 1.6.0_19+ you can add the following argument to your JVM.config file or files.
Many thanks to my good friend and troubleshooting colleague Vlad Friedman from the Edge Web for figuring this out. I would also recommend that your read Chris Mahns blog entry on TLS Remediation.
This is a follow up to my post titled 64bit on Windows 2k3 Web Edition. In that post I did a play by play of an issue trying to install 64 bit ColdFusion 8 Enterprise on a Windows 2003 "Web Edition" platform. I have just finished a troubleshooting session with a nearly similar issue on Windows 2003 "Data Center" edition. If you have this problem you will know it because the install will silently fail after the files are extracted. Check in your temp directory and you will see a cryptic folder beginning with "I" containing two folders "windows" and "installdata". These 2 folders contain the extracted install files. Inside the "windows" folder you will also see an hotspot error log. It looks like "hs_err_pidXXX.log". You may have seen such files in your ColdFusion8/runtime/bin directory. They occur when the hot spot compiler has an unhandled exception.
Under the hood the ColdFusion install is firing off the "adobe_cf.exe" from that same windows folder. This exe file uses the adobe_cf.lax file as a launch settings file. Taking a closer look at the lax file and you will see some Java settings including two important settings. One is lax.nl.current.vm and the is lax.installer.win32.internal.property.0. Both of these settings point to a Java.exe file. By default the Java.exe file it points to is contained in that other temp folder called 'installerdata'. My guess is that the reason that the ColdFusion fails because the 64 bit JVM in the /installerdata folder is not compatible with something in the windows installation. In particular I think that there is a missing 64bit class or object.
The fix is as follows.
I had an interesting troubleshooting session recently with a customer. This customer had a very high powered server - SAS drives, 16 gigs of RAM, 64 bit throughout, Coldfusion 9 and an 8 gig Java Heap. The site had 70 or 80 search collections and they had switched to CF9 specifically to get beyond the limitations of Verity. Everything was performing well when suddenly the search service stopped responding to requests and simply started throwing "collection not found" errors. Coldfusion seemed fine and dandy. It continued to be responsive and it had no hanging threads. It was as if the search service had lost it's handles to the various collections. Restarting Solr solved the issue, but why was Solr locking up?Read More
This post is a rundown of a recent troubleshooting adventure (If you don't know what a rundown is, ask Charles). I write these little post-mortems for a couple reasons. For one thing, I will need this solution (or some part of it) again at some point and my little pea brain is not going to retain all of this information. But what I usually do retain is the knowledge that somewhere on my blog I have a post about an issue with a Win2k3 64 bit CF install - or as Tevye would say, "Somewhere in the good book it must say something about a chicken!" The other reason is to benefit those of you in the ColdFusion universe who may be struggling with this issue. The Muse is all about community. If you are battling an install where the installer is failing silently after the splash screen, then this post will likely be a valuable read for you. If it doesn't solve your problem send me a note via Ask-A-Muse and I'll see if I can think of anything else you might try.
I was tasked with installing and optimizing ColdFusion 8 Enterprise 64 bit on a new server for a customer. I do this kind of task pretty often for companies who wish to have a clean and fully optimized install for migration. The new server was running Windows 2003 64 bit "Web Edition". Previously (in Windows 2000 I believe) the Web Edition would only support 2 Gigs of memory. But 2003 server supports up to 8 Gigs. I wanted to use 64 bit because the server was going to manage a large pool of modestly trafficked sites. It really didn't need the full fledged "multi-server" install. It just needed a nice big heap size. For that purpose the standalone Jrun install is perfect. In short order however, I found myself pitted against Win2k3 in a no holds barred install death match. Here's my story.Read More