Problem with IIS with Multi ColdFusion Server Configuration - coldfusion

This is a multi ColdFusion configured server with cf7 and cf8 and the jrun located in the main C:\ .
After editing the JVM.config and increasing the memory size to Xms1024m Xmx1024m
and GC to XX:MaxPermSize=256m, and then restarting.
I am unable to get any of my sites to load in the browser. One gives me a 404 and the other gives me an ACL 403 (Access Denied). If I try browse the site with the 403 to a subdirectory (ex.http://site.com/folder), I see the CFML code. If I do the same with the site giving me the 404, I get The request is not supported.
This server originally had CF7 and then CF8 was installed in Multiserver Config.
I can get to the CF8 Admin on port 8300 but nothing on port 80 with IIS.
I returned the JVM.config file back to its default by taking the back up file and restoring to the directory, but that didn't work.

Ok, So I solved the issue. The issue was that the Server orignally used a Multiserver configuration because CF 7 and CF 8 are both installed on the machines. When I looked at the MultiServer Configuration for CF 8, everything seemed correct. However, when I looked at the Single Server CF 8 configuration there was no configuration. Although the this type of scenario worked worked prior, I decided to add configurations to the Single CF 8 configuration and both sites came up.

These are guesses, but...
Has "index.cfm" been removed from the list of default documents?
Perhaps the CF connector needs to be re-run.

Related

change port in wso2 sample

I am executing sample programm of wso2. I have installed wso2is on different machine and tomcat is on local machine. I have changed localhost:9443 to my ipaddress(eg 192.168.1.xxx) from travelocity.properties and avi.properties. But when I execute sample from click on login button it always redirecting me localhost and giving error.
I think you need to try the following,
While the tomcat is running,
Open the travelocity.war with an archive manager
Edit the travelocity.properties file,
update SAML2.IdPURL value
eg : SAML2.IdPURL=https://192.168.1.7:9443/samlsso
Save and update the travelocity.com web app
Restart the tomcat server just to be sure (You don't really have to do this since tomcat hot deploys once it detects a change)
I tried this locally and it redirected me to the IP address I put in SAML2.IdpURL. Clearly the problem seems to be a configuration error on the travelocity.com web app side :)
You need to change <HostName> and <MgtHostName> attributes at repository/conf/carbon.xml of your Identity Server with your IP address. By default they are set as localhost, so when logging it will be redirected to location specified there.

ColdFusion 11 RDS in Homesite

Has anyone been able to get an RDS connection working between ColdFusion 11 and HomeSite? If so, I'd sure appreciate some specifics. I've tried about everything, and I get an error "HTTP Error :404".
Thanks. -bg
CF6 through 9 used JRun, so I can image that HomeSite's RDS implementation was suited to that server. Now that CF 10 and 11 run on Tomcat instead of JRun, I can't imagine that the RDS connection will work. Nor can I see Adobe issuing a patch for a piece software they never supported.
If you want an IDE with ColdFusion 10/11 RDS support, you're going to have to bite the bullet and move to ColdFusion Builder. If you want a better editor and can do without the RDS support, I'd suggest Sublime Text.
The following Apache directive fixed the 404 issue with RDS:
<Location "/CFIDE/main/ide.cfm">
SetHandler jakarta-servlet
</Location>
Turns out Apache tries to verify that the file exists but this one doesn't, hence the 404. The /CFIDE/main/ide.cfm location is mapped to the RDS servlet in the Tomcat config so you need to tell Apache to route requests to that location to Tomcat.
I got it working. It was a problem with the configuration on the server. It works now in ColdFusion Builder 3 AND HomeSite+.

cfhttp unable to read data from https sites even after importing the certificate

I have ColdFusion 9 installed on my system.
I need to read data from an SSL encrypted site (https). I have followed all the steps described in CF documentation.
That is:
Go to a page on the SSL server in question.
Double-click the lock icon.
Click the Details tab.
Click Copy To File.
Select the base64 option and save the file.
Copy the CER file into C:\ColdFusion8\runtime\jre\lib\security (or whichever JRE ColdFusion is using).
Run the following command in the same directory (keytool.exe is located in C:\CFusionMX7\runtime\jre\bin):
keytool -import -keystore cacerts -alias giveUniqueName -file filename.cer
In CMD, it showed "certificate was added successfully"
But it is still showing the same error peer not authenticated.
Is there anything more required?
If you are trying to call web services in CF 11 (and maybe 10 but check that yourself), CF expects the web service or any CFHTTP call to use the WebSocket Service and port 8577 in a standard setup. This is because the WebSocket Services have been optimized for web services and CFHTTP also uses WebService Sockets.
I run CF 11 on my IIS server and port 8577 is blocked by a firewall. When I tried to connect, it sends back this error for CFHTTP and web services:
"I/O Exception: sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target"
It would seem like it requires adding custom certificates to the CACERT for JRE, but that is not the solution for me.
There is a simple fix to get this running with IIS (at least IIS) if you do not want to unblock the WebSocket Service and you don't need that performance to run natively. All you have to do is go in to the CF Admin dashboard and change the WebSocket Service to "Use Proxy". This will send all calls to the CF WebSocket Service or CFHTTP through IIS as a proxy. Restart the CF Application Server service and it should work just fine. If these directions are not perfect I apologize but it will lead you to get it working. See also Using WebSocket with ColdFusion 11.
Although the documentation doesn't specifically mention it, restarting the ColdFusion service is required. If you haven't already, that should be the first thing you try.

GlassFish Server (open source) ColdFusion "requested resource is not available" error

We are in the process of moving a website coded in ColdFusion and Fusebox framework to a new host (from GoDaddy who is ceasing to support CF to HostMySite).
Our url structure is currently setup like /index.cfm/home.register redirecting through a cfscript to the "full" url of /index.cfm?fuseaction=home.register
We are receiving the following error message:
HTTP Status 404 -
type Status report
message
descriptionThe requested resource () is not available.
GlassFish Server Open Source Edition 3.1
I am not a CF or Windows guy, this is an old site and we are just trying to get it to run on another server to bide us some time until we can rewrite it.
Any clue as to how to what is wrong and how to get it to work? HostMySite support has been completely unresponsive thus far.
Any help would be greatly appreciated!
Brandon, just for the sake of correctness; Glassfish is Oracle's java server and comes in an open source flavour. http://glassfish.java.net/
Glassfish is not a ColdFusion server.
It is possible to deploy j2ee versions of Adobe ColdFusion, Railo or OpenBD using glassfish.
JRun is the only Java server that comes with the SES rewriting built in. However, it is possible to rewrite urls using most Java servers or at the least by fronting the java server with a web server such as IIS, Apache or nginx.
After several discussion with tech support, we confirmed that "GlassFish Server" is an open source ColdFusion server, and it does not support the search engine friendly URL code we were using. We had to switch hosts to a host that used actual CF server.

Windows Integrated Authentication fails ONLY if web svcs client is on same machine as IIS server

I have a web service running under IIS7 on a server with a host header set so that it receives requests made to http://myserver1.mydomain.com.
I've set Windows INtegrated Authentication to Enabled and everything else (basic, anonymous, etc) to Disabled.
I'm testing the web service using a powershell script, and it works fine when I run it from my workstation against http://myserver1.mydomain.com
However, when I run the same exact script on the IIS server itself, I get a 401-Unauthorized message.
In addition, I've tried installing the web service on a second server, myserver2.mydomain.com. Again I can call my test script fine from BOTH my workstation and from myserver1.
So it seems the only issue is when the client is on the same box as the web server itself - somehow the windows credentials are not being passed or recognized.
I tried playing with IE settings on myserver1 (checked and unchecked 'Enable Windows Integrated Authentication', and added the URL to Local Sites). That did not seem to have an effect.
When I look at the IIS logs, I see the 401 unauthorized line but very little other information.
I see basically the same behavior when testing with IE (v9) - works from my workstation but not when IE is running on the IIS server.
I found the answer after several hours:
By default, there is something called a LoopbackCheck which will reject windows authentication if the host header used for the site does not match the local host's name. This behavior will only be seen when the client is on the local host. The check is there to defeat possible reflection attacks.
More details here:
http://support.microsoft.com/kb/896861
The kb item discusses ways to disable the Loopback check, but I ended up just switching from using host headers to ports to distinguish the different sites on the IIS server.
Thanks to those who gave assistance.
Try checking the actual credential that is being passed when you are running on the server itself. Often times you will be running on some system account that doesn't have access to the resource in question.
For example, on your box your credentials are running as...
MYDOMAIN\MYNAME
and the server will be something like...
SYSTEM\SYSTEM_ACCOUNT
and so this will fail because 'SYSTEM\SYSTEM_ACCOUNT' doesn't have credentials.
If this is the case, you can fix the problem in one of two ways.
Give 'SYSTEM\SYSTEM_ACCOUNT' access to the resource in question. Most people would avoid this strategy due to security concerns (which is why the account has no access in the first place).
Impersonate, or change the credentials of the client manually to something that does have access to the resource, 'MYDOMAIN\MYNAME' for example. This is what most people would probably go with, including myself.