November 19, 2012
ColdFusion 10 update 5 – security update – now available
Comments
(44)
November 19, 2012
ColdFusion 10 update 5 – security update – now available
Staff 109 posts
Followers: 40 people
(44)

The ColdFusion 10 Update 5 is now available for install within your administrator. Update 5 is a security update that resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation.

Refer the security bulletin for all the details associated.

44 Comments
2013-02-14 11:22:41
2013-02-14 11:22:41

I did make adjustments according to https://coldfusion.adobe.com/post.cfm/tuning-coldfusion-10-iis-connector-configuration

There are only three items discussed in that thread:
Max-Reuse Connections
Connection pool size
Connection pool timeout

Here is what I have:
worker.list=BLB_Live
worker.BLB_Live.type=ajp13
worker.BLB_Live.host=localhost
worker.BLB_Live.port=8013
worker.BLB_Live.max_reuse_connections=350
worker.BLB_Live.connection_pool_size=600
worker.BLB_Live.connection_pool_timeout=60

I set Max-Reuse to 350, since this same CF instance is used for other sites.

Though I have not run into any hiccups yet myself, it appears some of our visitors are? I’m seeing sporadic events as shown below in isapi_redirect.log

[info] ajp_send_request::jk_ajp_common.c (1658): (BLB_Live) all endpoints are disconnected, detected by connect check (1), cping (0), send (0)
[info] ajp_connection_tcp_get_message::jk_ajp_common.c (1305): (BLB_Live) can’t receive the response header message from tomcat, tomcat (127.0.0.1:8013) has forced a connection close for socket 2408
[error] ajp_get_reply::jk_ajp_common.c (2212): (BLB_Live) Tomcat is down or network problems. Part of the response has already been sent to the client
[error] ajp_service::jk_ajp_common.c (2677): (BLB_Live) sending request to tomcat failed (unrecoverable), (attempt=1)
[error] HttpExtensionProc::jk_isapi_plugin.c (2293): service() failed with http error 502

For the record, this one CF instance drives 7 individual web sites, but only 2 of them generate any significant traffic. The other 5 are internal and extremely low traffic. At this point, configuring the connector outside of wsconfig, the rest is groping in the dark. How does one go about measuring what the needs are for tuning Tomcat and the connector? What is considered “heavy load” and what adjustments do you make to avert problems?

@charlie
I understand and agree about “regular practice”.

Something has definitely changed recently as all of this has worked in the past. Past version of CF, include CF10, up until recent weeks. Take a look at the “Last Error”. The only way I get any response out of the charts is to switch between views within Server monitor, and then it only updates a couple of times and errors out. For the record, other instances aren’t yet exhibiting this same problem.

http://www.blueletterbible.org/adobe/cfMonitor.png

/Dan

BTW: My first submission of every post here always fails with:
“Oops… The following fields are required to post a comment: Sorry, but your comment appears to be spam and could not be submitted. “

Like
2013-02-14 10:16:12
2013-02-14 10:16:12

Hi Dan,

Did you get a chance to tune in the connector. Please let us know, if you are still facing issues.

Regards,
Anit Kumar

Like
2013-02-13 22:13:00
2013-02-13 22:13:00

@Dan, I had to ask. 🙂 Even if those are now regular practice for you, they aren’t for most, so we couldn’t presume it.

As for the Server Monitor showing blank charts, that’s really nothing new. If you also don’t see the “start” buttons at the top, it’s just that for some reason the SWF was not able to talk to the server. If you refresh the browser page (click the browser button to do it, as ctrl-r or f5 won’t work as normal, because of Flash taking over the screen), you should find that now the start buttons appear and charts that can be populated will be.

That said, it’s worth noting as well that the top 2 charts on the overview page don’t populate if you don’t have “start monitoring” enabled. I realize you may know that. Saying it as much for other readers, too.

Finally, while you may need to do some of that web server config tweaking as Kiran (and the entry) proposes, I’ll suggest that the Server Monitor (and some key reports) as well as its alerts may help you to better pin down if there may be more at play here than just “poor configuration of the CF/web server connection”, though it could well be that.

This is the sort of thing where sometimes having someone with experience to “look over your shoulders” can help. Adobe may offer that for free, but if not, there are consultants (myself included) who do that sort of thing for a living. I keep a list of such consultants (meaning, yes, me and my “competitors”) at http://www.cf411.com/cfconsult/. But as you can see, many of us also like to help for free on forums and blog entries. It just isn’t always the most practical/expedient solution for some.

Hope you sort out your challenges soon, one way or another.

Like
2013-02-13 09:57:16
2013-02-13 09:57:16

@charlie,
I’m at update 7 as of last week. Because this one was cumulative, and the fact that it stated to reconfigure the connectors, I certainly did. Being Server 2008 R2, one has to build a habit of running installs and updates like this “As Administrator”. It has become common place around here.

@Kiran,
1)
Our server is dual socket E5-2640 hex-core Xeon and 32GB of memory. I have this particular CF instance configured to use 8192MB for the JVM heap. It averages about 2GB of memory usage and <10% CPU during it's "heavy load". We receive about 800k – 900k page view per day. So, as to under load, it's pretty busy all day long. CF 8 & 9 seemed to handle this load without issue, so I doubt we're stressing Cf, though those were JRun and this is Tomcat.

2 & 3)
I did reconfigure the connector. My isapi_redirect.dll claims it is version 1.2.32 dated 11/18/2012. I'll try reaching 8500 the next time it burps.

4)
I am using individual and not 'All'

5)
I did follow the tweaks from said blog post. so far things are running, but I am seeing some interesting log entries. these aren't happening regularly, but sporadic and in clusters of one or two minutes.

[info] ajp_connection_tcp_get_message::jk_ajp_common.c (1305): (BLB_Live) can't receive the response header message from tomcat, tomcat (127.0.0.1:8013) has forced a connection close for socket 2556
[error] ajp_get_reply::jk_ajp_common.c (2212): (BLB_Live) Tomcat is down or network problems. Part of the response has already been sent to the client
[error] ajp_service::jk_ajp_common.c (2677): (BLB_Live) sending request to tomcat failed (unrecoverable), (attempt=1)
[error] HttpExtensionProc::jk_isapi_plugin.c (2293): service() failed with http error 502

I'll poke around some more the next time to burps. I don't have much time as this server/site is production and users get accustomed to and come to expect 99.999% uptime. Something interesting I just noticed, the server monitor is not updating the flash charts on the overview page. It's been a while since I've been here, maybe a few weeks, so something isn't talking to somebody.

Like
2013-02-12 18:35:08
2013-02-12 18:35:08

Dan, I know you want to shortcut our asking if you did x, y, or z, but by saying simply “yes, yes, and yes”, you leave us no choice. 🙂

While you say you have followed “the rules for applying the hotfixes”, but there are so many potential rules and gotchas that we have to ask what you may or may not have done.

So more specifically, did you remember to run the web server configuration tool after applying the hot fix? This one (Update 5) requires it. Are you saying this is the one you did? Or might you have done update 6 or 7? While those do not require it, if you (or anyone reading this) is applying this (or the later CF10 updates) as your first one, do note that this one and all before it are included (they are cumulative). This one, and updates 4 and 3, required the web server reconfiguriiton. Many miss that.

So are you saying you DID do that? And that you used the “run as administrator” option in launching the web server config tool?

Like
2013-02-12 13:57:49
2013-02-12 13:57:49

I’ve recently been experiencing an increase in the number of problems our CF10 Ent install has been exhibiting. It wasn’t until last week that I was hit with the 503 Unavailable response and several second latency in delivering content. A restart of CF “ALWAYS” resolves the problem.

I’m curious if https://coldfusion.adobe.com/post.cfm/tuning-coldfusion-10-iis-connector-configuration will solve my problems or not. I’ll paste a few of the errors that are causing me concern with respect to the connector and provide a link to the entire file below. Before you ask, the answers are yes, yes, & yes. I strictly adhere to the rules for applying the hotfixes as Charlie continues to point out to people in this thread and many others.

These log entries tend to happen just prior to a complete shutdown and 503. Sometimes things “appear” to recover, but usually they do not. CF doesn’t crash or stop, Tomcat just seems to stop responding. Because we’re focusing on the isapi connector, I thought to take a look at the isapi_rediect.log, and WHOA. (blb.org/downloads/isapi_redirect.log.txt)

[info] ajp_process_callback::jk_ajp_common.c (2058): current reuse count is 6 of max reuse connection 250 and total endpoint count 250
[warn] ajp_process_callback::jk_ajp_common.c (2035): AJP13 protocol: Reuse is set to false
[info] ajp_connection_tcp_get_message::jk_ajp_common.c (1313): (BLB_Live) can’t receive the response header message from tomcat, network problems or tomcat (127.0.0.1:8013) is down (errno=54)
[error] ajp_get_reply::jk_ajp_common.c (2182): (BLB_Live) Tomcat is down or refused connection. No response has been sent to the client (yet)
[info] ajp_service::jk_ajp_common.c (2684): (BLB_Live) sending request to tomcat failed (recoverable), (attempt=1)
[info] jk_open_socket::jk_connect.c (626): connect to 127.0.0.1:8013 failed (errno=61)
[info] ajp_connect_to_endpoint::jk_ajp_common.c (1047): Failed opening socket to (127.0.0.1:8013) (errno=61)
[error] ajp_send_request::jk_ajp_common.c (1669): (BLB_Live) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
[info] ajp_service::jk_ajp_common.c (2684): (BLB_Live) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[error] ajp_service::jk_ajp_common.c (2703): (BLB_Live) connecting to tomcat failed.
[error] HttpExtensionProc::jk_isapi_plugin.c (2293): service() failed with http error 503

I’m working on applying the IIS connector config mention in the thread mentioned above, hoping it can solve my problems.

/Dan

Like
2012-12-05 06:49:14
2012-12-05 06:49:14

A bit of follow-up regarding the problem I noted in comments #8 and #9, above: Krishna of the Adobe CF team provided me with a work-around for this problem and indicated that it seems to be a random bug they have encountered a couple of times and not specifically associated with HF5 (I’m just lucky, I guess). I have logged it as bug #3378447 with Adobe.

In case some poor soul happens to share my luck and encounter this same behavior, the work-around provided by Krishna is to copy the cfusion context’s WEB-INF folder to the root of the drive and start the server. Server runs fine. Stop the server. Delete the copy of the WEB-INF folder at the root of the drive. Start the server. Runs fine. Go figure.

Troubling, but at least I have a working dev box again.

Like
2012-12-04 10:13:54
2012-12-04 10:13:54

Good to hear you solved it, Al. But I will wonder out loud (for you and other readers) if that problem may not have originated in your having run the web server connector tool while NOT having noticed the need to “run as administrator” (for those on Windows 2008 or 7, where their new tighter security makes this an issue.)

I know I keep harping on this need to “run as administrator” wherever the conversation turns to it, but I’m just saying I’ve seen it be THE solution for problems for some.

Sadly, as in a case like this, it may be that if it’s done AFTER having used the wsconfig without having run as admin, it may be that the tool doesn’t know enough about how to clean up problems caused in the previous (non-Admin) execution.

Tough situation for all of us, if this is the case. It will require such digging around to solve things (and Adobe will be blamed for the connector “not working”.)

I would argue strongly that the wsconfig should be modified to detect and warn the user (on such Windows OSs) if they are NOT “running as administrator”. (Some may have noticed that the mandatory update does this also–and they have noticed also that it says that even when you “are” technically “an administrator”. The issue again is that you MUST use the “run as administrator” option.)

As more and more people fail to do that (if indeed they even think to re-run the web connector after running the CF10 updater), they will only continue to make the accusation that the problem is “with CF10”. It’s just not always “its fault”. But perhaps it could do more to protect people from this Windows problem.

Like
2012-12-04 07:49:10
2012-12-04 07:49:10

After a some more research I was able to find out what was generating the issue. The binding for Jakarta’s Virtual Directory was not pointing to the correct folder in the applicationHost.Config file.

I was able to locate the applicationHost.config fixed the virtualDirectory physicalPath to point to the correct wsconfig connector. Restarted IIS and it started working. There is also a way to do this withing the IIS interphase for those who prefer not to read the XML file.

Like
2012-12-04 07:05:59
2012-12-04 07:05:59

@Aaron Neff – Thanks for the reply, I did actually several times. I resulted in removing all the conectors, and files in the WSCONFIG folder and reinstalling all the conectors. Nothing seems to work. What’s very interesting is that I have several sites on the same server, some of the sites do have all the .cfm pages working but some of them only the index.cfm will work when referred to as the directory, in other words http://www.url.com/dir/ if I try http://www.url.com/dir/index.cfm I get a 404 just like http://www.url.com/dir/anything-else.cfm

I’ve never seen this with CFML9.

Like
2012-12-03 17:58:34
2012-12-03 17:58:34

@pkucera, I basically do what Charlie hints at (whenever CF Admin’s Updates page fails to install an update):

1) Download: http://download.adobe.com/pub/adobe/coldfusion/hotfix_005.jar
2) Run via command line: java -jar c:pathtodownloadedhotfix_005.jar

(‘005’ indicating Update 5)

@Adobe, CF Admin _knows_ the URL to the .jar file (since it reads it from the XML). So, can the Updates page also display a download link?

@Al, After installation did you run wsconfig.exe to unconfigure/reconfigure the web server connector?

Thanks,
-Aaron

Like
2012-12-03 16:15:55
2012-12-03 16:15:55

Installation went well – HOWEVER – after the installation the only .cfm page that would work is the index.cfm any other .cfm extention will not work. Has anyone else experience this’?

Like
2012-11-28 18:07:04
2012-11-28 18:07:04

I could have been a little more clear in my next to last paragraph about solving your specific challenge. By saying the FAQ “shows how you can download the fix from another machine”, I meant that it offers the URL to get the hotfix in your browser (in other words, you don’t need to have installed CF on another machine to get it, though of course that would work also.)

And as long as I’m adding this, I’ll share the URL: http://download.adobe.com/pub/adobe/coldfusion/xml/updates.xml

Like
2012-11-28 18:02:29
2012-11-28 18:02:29

Pete, there’s a solution for you. Before sharing it, let me take a moment to share (for you and all readers) something that I think a lot of people have missed.

These blog entries about each new updater do not provide each time all that one may need to know about the new CF10 updater mechanism. They mainly just announce the newest one, and with the least that most need to know for how to apply them.

There are plenty of scenarios that need much more detail. Fortunately, there are a couple of resources from Adobe that do provide more.

First, the CF manual, “Configuring and Administering ColdFusion 10” has a section on the updater mechanism, at http://help.adobe.com/en_US/ColdFusion/10.0/Admin/WSe61e35da8d318518-33adffe0134c60cd31c-8000.html.

Second, far more details are offered in a great blog entry from Adobe engineer Krishna, with nearly 50 questions/answers about the CF 10 autohotfix mechanism: http://www.krishnap.com/2012/09/coldfusion-10-hotfix-update-installer.html. It was written after the release of CF10, and documents some things that are new or have been learned since then.

For your specific challenge, see the question there, “What can be done if the ColdFusion server is behind the firewall and can’t access the Adobe’s Update site URL?”, which shows how you can download the fix from another machine, and put it in place to run on the CF server (whether from the Admin or the command prompt.)

There is also info there for those behind a proxy, who would need to configure a proxy host, port, user, and/or password.

Hope that helps.

Like
2012-11-28 14:16:53
2012-11-28 14:16:53

@charlie, The problem is that for security reasons my server has no outbound service to download which makes it hard to use the CF Admin (I guess I did not specifically provide that information). Is using the CF Admin the only way to patch CF10? If so, why provide the command line option?
-Pete

Like
2012-11-28 12:14:47
2012-11-28 12:14:47

@pkucera, you download the updates from within the CF Admin (even if you will apply them using the command line), in the new “Server Update” page at the bottom of the nav bar on the left.

BTW, you filled in n/a for your website on the comment form. No need to put anything at all if you don’t want to.

Like
2012-11-28 11:48:34
2012-11-28 11:48:34

The blogs mention command line vs administrator installation of updates. I have performed manual command line updates, but I am unable to locate the updates for download from anywhere. The only update that i can find to download for command line install has been the mandatory CF10 update for version control. Can someone point me to the update 5 download?
Regards,
Pete

Like
2012-11-27 14:36:51
2012-11-27 14:36:51

So really now more issues now? Finally CF10 is stable?

Like
2012-11-26 15:50:28
2012-11-26 15:50:28

@Christian, very cool and you’re welcome. Additionally, I should’ve written “cumulative” (not “comprehensive”), but that word eluded me as I was out-and-about when writing those msgs. Anyhow, about the same difference =P

Like
2012-11-26 13:28:17
2012-11-26 13:28:17

@Aaron, That makes sense.

Thanks,
Christian

Like
2012-11-26 13:10:13
2012-11-26 13:10:13

Actually, the connector issue that Update 5 fixes was introduced in Update 1 (as mentioned in the security bulletin). But main point is that updates are comprehensive.

Like
2012-11-26 13:00:49
2012-11-26 13:00:49

@Christian, updates are comprehensive as they include the fixes from prior updates. I believe Update 5 is essentially just a fixed Update 3 and includes Updates 1 and 2.

Thanks,
-Aaron

Like
2012-11-26 07:51:37
2012-11-26 07:51:37

@Rupesh
If only the connector was changed in Update 5, then why does the change log show that many others files were modified?

Modified: C:ColdFusion10cfusionbincf-startup.jar
Modified: C:ColdFusion10cfusionbincfcompile.bat
Modified: C:ColdFusion10cfusionbincfcompile.sh
Modified: C:ColdFusion10cfusionbincfinfo.bat
Modified: C:ColdFusion10cfusionbincfinfo.sh
Modified: C:ColdFusion10cfusionbincoldfusion.exe
Modified: C:ColdFusion10cfusionbincoldfusionsvc.exe
Modified: C:ColdFusion10cfusionlibib6core.jar
Modified: C:ColdFusion10cfusionlibib6http.jar
Modified: C:ColdFusion10cfusionlibib6swing.jar
Modified: C:ColdFusion10cfusionlibib6util.jar
Modified: C:ColdFusion10cfusionruntimelibtomcat-coyote.jar
Modified: C:ColdFusion10cfusionruntimelibwsconfig.jar
Added: C:ColdFusion10cfusionlibupdateschf10000005.jar
Modified: C:ColdFusion10cfusionwwwrootCFIDEadminapiadministrator.cfc
Modified: C:ColdFusion10cfusionwwwrootCFIDEadminapisecurity.cfc
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorApplication.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorarchiveswizardsarchivewizard_page_scheduledtasks.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorarchiveswizardscontroludfs.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratordebuggingindex.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorschedulerscheduleedit.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorsettingsversion.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorupdates_sysinfo.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorupdates_updates.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorupdatesApplication.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorupdatesdownload.cfc
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorupdatesindex.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEadministratorupdatesinstaller_input.cfm
Modified: C:ColdFusion10cfusionwwwrootCFIDEscriptsajaxpackagecfwebsocketCore.js
Removed: C:ColdFusion10cfusionlibupdateschf10000004.jar

Like
2012-11-26 00:06:48
2012-11-26 00:06:48

I’ve been running Updater 5 fine for a week now.

Verified the vulnerability is gone. Good.

Reviewed CF log files from May thru now. Found 0 errors introduced by Updater 5. And all previously reported errors are fixed. Good.

As far as Updater 5 goes, very good!

FWIW: On _one_ machine, installing updates via Updates page of CF Admin *always* fails. After a few seconds, the right frame flashes white for a second – but CF never stops and updater never starts. Had same issue on same machine w/ earlier updates. Installing updates via command line always works fine tho.

Thanks,
-Aaron

Like
2012-11-22 08:22:08
2012-11-22 08:22:08

@Krishna: As I noted above in my response to Rupesh, I am on holiday until this weekend. I will send the requested log files late Saturday or early Sunday when I return. Thanks for the follow-up.

Like
2012-11-22 03:58:58
2012-11-22 03:58:58

@Ron:
Can you please send all the .log files that are under
1. cfusionhf-updateshf-10-00005
2. And also please send us the following logs that are under cfusionlogs
coldfusion-out.log,coldfusion-err.log,exception.log

Please mail me at: krishnapATadobeDOTcom

Thanks,
Krishna

Like
2012-11-22 02:53:34
2012-11-22 02:53:34

@Ron:
Can you please send all the .log files that are under
1. cfusionhf-updateshf-10-00005
2. And also please send us the following logs that are under cfusionlogs
coldfusion-out.log,coldfusion-err.log,exception.log

Please mail me at: krishnapATadobeDOTcom

Thanks,
Krishna

Like
2012-11-21 05:12:48
2012-11-21 05:12:48

@Rupesh: Thanks for the follow-up. I applied the update within the CFadmin, using the “download and install” button. It appeared to download and install in the same manner as all of the other updates applied previously on this same box, but rather than sending me back to the CFadmin login page at the conclusion of applying the update and restarting the server, the right-side frame within the CFadmin interface where the update screen appears just went white. I also didn’t see the bump in CPU utilization normally associated with starting the server. When I tried to go to the CFadmin login page in the browser, and got nothing back, I knew I had some sort of problem and started trying to figure out what went wrong. I’m heading on holiday until this weekend in just a few hours, but if I can provide anything off the box before I leave and/or before I attempt to uninstall HF5 (e.g., the install logs?), please let me know either here or via email. I will do anything I can to help trouble-shoot, as we have three other boxes configured similarly that we’re not going to update until we know we won’t render them non-functional.

Again, thanks for the follow-up and let me know how I can help…

Like
2012-11-20 17:09:55
2012-11-20 17:09:55

@Ron, wow, bummer. But it would seem there just has to be some difference somewhere, right? Let’s hope someone from Adobe may jump in at some point.

Like
2012-11-20 12:58:46
2012-11-20 12:58:46

@Charlie: Interesting idea. I pulled a copy of the cfusion folder off of the HF5 box and used diffmerge to compare that to the working HF4 box. 5532 identical files, 306 different, 330 without peers (e.g., exist one one side but not the other), 669 folders. If I throw out the differences between the hf-updates, logs, and wwwroot/WEB-INF/cfclasses folders, there are very few differences… after spending an hour looking at the differences between the files I do see there, I’m coming up empty as to any of them that would be causing the breakage. The differences are things related to the fact that I am “ron” on one box and “stewrp” on the other, a couple of differences in paths, differences in how CF itself is configured on the two servers (e.g., differences in the various neo-*.xml files). Nothing there jumps out as a potential cause for the breakage.

Like
2012-11-20 08:29:01
2012-11-20 08:29:01

@Ron, yep it would seem so. Though I’d just personally be less inclined to think it’s necessarily “something wrong with the hotfix” (which would affect everyone) and instead maybe something about your environment which may either be unique, or may be less common than most, since we’ve (as a community) not yet heard others reporting it.

In fact, you’re saying that the instance still won’t start at all, right? I’d think we’d hear a lot of screaming if it was happening to others.

But still, I appreciate it’s very important to you. I’m still inclined to think there’s some configuration matter that’s somehow been affected (and I don’t think it’s necessarily the cache-filter specifically. It could be something else, for which that is more a secondary problem than the primary one.)

Since you DO have that other CF10 implementation on the other box, just at Updater 4, how about doing a full directory compare. If you don’t have a tool to facilitate that, I’ll note that BeyondCompare is wonderful on Windows, but I don’t know what’s great on OSX. Maybe you’ll say something’s built-in. I will note that I keep a list of such file/directory comparison tools as a part of my CF411.com site of tools and resources, specifically http://www.cf411.com/filecomp.

Let’s see if you may spot something. It could be literally just a single missing closing bracket or something in an XML file, or it may be something more (like some files missing). It could in the end be some sort of permission thing. We’ll have to wait in see.

Of course, these are just my ideas. Someone from Adobe or another reader may have better thoughts for you.

Like
2012-11-20 06:27:11
2012-11-20 06:27:11

@Charlie: the only reference I can find to the CFCacheFilter in any of the configuration files is in cfusion/wwwroot/WEB-INF/web.xml. I have access to a second box configured similarly but still on HF4. I’ve done a diff between the web.xml file from the non-functional HF5 box and the functioning HF4 box, and the two web.xml files are identical with the exception that I’ve added an additional welcome-file in the welcome-file-list on the HF4 box. Based on that, it would seem to be something much more fundamental with the hotfix than just a change to the configuration file.

Like
2012-11-20 04:27:32
2012-11-20 04:27:32

@Charlie: Thanks for the follow up. The file is indeed present at /Applications/ColdFusion10/cfusion/wwwroot/WEB-INF/cfform/flex-config.xml, with a file date of Nov 24, 2004 and a file size of 24453b. Permissions on the file are identical to the other files in that folder. As I noted, my install was fine prior to applying HF5, but fails to start after. As a bit of background, this box is running Mac OS X 10.6.8 and Java 1.6.0_37, and has worked well with CF10 to this point. I run CF9 behind Apache, with CF10 and Tomcat in standalone mode, on this box and have been using to to move some of our apps to CF10. If it is one of the configuration files, it would have had to have been changed as part of applying HF5 and I am kicking myself for not backing up the various Tomcat configuration files prior to applying the hotfix. I guess I’ve gotten lazy in that regard where I’ve not had problems with any of the prior hotfixes. Hopefully, someone from Adobe can shed some light on this…

Like
2012-11-19 20:56:18
2012-11-19 20:56:18

That’s really odd, Ron. I’ve helped a lot of people with such challenges, but that’s not one I’ve seen before.

I’ll note that that file (within my CF10 install) is not only there but hasn’t changed since 2004. Can you confirm first if it’s there (C:ColdFusion10cfusionwwwrootWEB-INFcfform)?

Assuming it is, then I might wonder if perhaps instead the problem is that some configuration entry that points to the file–or to the web-inf or perhaps even the [cf10]cfusionwwwroot path entirely, is what’s gotten changed somehow.

Hopefully someone from Adobe (or else) would perhaps connect some dots better for you.

Like
2012-11-19 20:35:20
2012-11-19 20:35:20

I should be more specific: the lumps related to being unable to find /WEB-INF/cfform/flex-config.xml and problems starting the CFCacheFilter (?) are the pieces that have appeared after applying HF5.

Like
2012-11-19 20:12:11
2012-11-19 20:12:11

Looking in ../cfusion/logs/coldfusion-error.log, I see lumps that look like the following for each attempt to start ColdFusion after applying HF5, and these same lumps do not exist prior to applying HF5:

Nov 19, 2012 9:00:57 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: .:/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java
Nov 19, 2012 9:00:58 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [“http-bio-8500”]
Nov 19, 2012 9:00:58 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler [“ajp-bio-8012”]
Nov 19, 2012 9:00:58 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Nov 19, 2012 9:00:58 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.23
javax.servlet.ServletException: The configuration file cound not be found at /WEB-INF/cfform/flex-config.xml
at flex.server.j2ee.cache.CacheFilter.setupFlexService(CacheFilter.java:93)
at flex.server.j2ee.cache.CacheFilter.init(CacheFilter.java:76)
at coldfusion.bootstrap.ClassloaderHelper.initFilterClass(ClassloaderHelper.java:151)
at coldfusion.bootstrap.BootstrapFilter.init(BootstrapFilter.java:34)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:277)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:258)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:382)
at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:103)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4624)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5270)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1525)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1515)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)
Nov 19, 2012 9:00:59 PM org.apache.catalina.core.ApplicationContext log
INFO: failed to load: flex.server.j2ee.cache.CacheFilter
Nov 19, 2012 9:00:59 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter CFCacheFilter
javax.servlet.ServletException: javax.servlet.ServletException: The configuration file cound not be found at /WEB-INF/cfform/flex-config.xml
at coldfusion.bootstrap.ClassloaderHelper.initFilterClass(ClassloaderHelper.java:159)
at coldfusion.bootstrap.BootstrapFilter.init(BootstrapFilter.java:34)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:277)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:258)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:382)
at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:103)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4624)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5270)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1525)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1515)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:680)
Caused by: javax.servlet.ServletException: The configuration file cound not be found at /WEB-INF/cfform/flex-config.xml
at flex.server.j2ee.cache.CacheFilter.setupFlexService(CacheFilter.java:93)
at flex.server.j2ee.cache.CacheFilter.init(CacheFilter.java:76)
at coldfusion.bootstrap.ClassloaderHelper.initFilterClass(ClassloaderHelper.java:151)
… 15 more
Nov 19, 2012 9:00:59 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error filterStart
Nov 19, 2012 9:00:59 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/] startup failed due to previous errors
Nov 19, 2012 9:00:59 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks
SEVERE: The web application [/] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@5f78dc08]) and a value of type [flex.util.ServletPathResolver] (value [flex.util.ServletPathResolver@77b5c22f]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
Nov 19, 2012 9:00:59 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler [“http-bio-8500”]
Nov 19, 2012 9:00:59 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler [“ajp-bio-8012”]
Nov 19, 2012 9:00:59 PM com.adobe.coldfusion.launcher.Launcher run
INFO: Server startup in 3142 ms

Like
2012-11-19 19:41:53
2012-11-19 19:41:53

I updated one of my development boxes, running CF10 in standalone mode (just Tomcat on port 8500). The update downloaded and appeared to stop the server fine, but it never restarted. I have manually stopped and restarted the server on the command line twice and it is completely non-responsive. Not serving static content, CFML, or the CF admin. The log in cfusion/hf-updates/hf-10-00005/ shows nothing but successes.

Any thoughts on where to start trouble-shooting would be greatly appreciated.

Like
2012-11-19 19:02:26
2012-11-19 19:02:26

Subscribing…

Like
2012-11-19 12:59:27
2012-11-19 12:59:27

Subscribing

Like
2012-11-19 12:54:51
2012-11-19 12:54:51

Subscribing

Like
2012-11-19 12:47:28
2012-11-19 12:47:28

The update worked for me. Requesting the URL that would cause failure before (kill the application pool) no longer does after the update.

And since this update 5 addresses issues related specifically to the IIS Connector for CF10, readers of this will also want to note the other new blog entry here created a couple of days ago, “Tuning ColdFusion 10 IIS Connector configuration”:

https://coldfusion.adobe.com/post.cfm/tuning-coldfusion-10-iis-connector-configuration

Like
2012-11-19 12:43:28
2012-11-19 12:43:28

Subscribing

Like
2012-11-19 10:10:09
2012-11-19 10:10:09

Is running C:ColdFusion10cfusionruntimebinwsconfig.exe -upgrade sufficient or do users need to uninstall and re-install the connector?

Like
2012-11-19 09:54:19
2012-11-19 09:54:19

My experiences thusfar:
http://adamcameroncoldfusion.blogspot.co.uk/2012/11/coldfusion-10-update-5-mostly-smooth.html

Note the title: “ColdFusion 10 Update 5: mostly smooth”

Good work. Let’s see how other people go…

Like
Add Comment