Error when Migrating SOAP Web Services from Adobe ColdFusion 8 to CF 11

ColdFusion logo

After moving a CF 8 app to CF 11, I ran into a difficulty in trying to set up the Web Service in the CF 11 Administrator.

CF Administrator error message

Since I couldn’t get the CF 11 server to accept a new entry in the Web Services list, I had to do a little more troubleshooting using what was already there. I changed the HOSTS file on the CF 11 server such that the name old server running the Web Service successfully on CF 8 would temporarily point at the new CF 11 server. This caused an interesting error!

The code that came back is below – slightly edited for readability and also to make if render in a browser correctly:

<!-- AxisFault faultCode: {http://xml.apache.org/axis/}HTTP faultSubcode: faultString: (401)Unauthorized faultActor: faultNode: faultDetail: {}:return code: 401 -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 401.2 - Unauthorized</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} .content-container p{margin:0 0 10px 0; }#details-left{width:35%;float:left;margin-right:2%; }#details-right{width:63%;float:left;overflow:hidden; }#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; font-size:1em;color:#FFF;text-align:right; }#server_version p{margin:5px 0;} table{margin:4px 0 4px 0;width:100%;border:none;} td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:normal;border:none;} th{width:30%;text-align:right;padding-right:2%;font-weight:bold;} thead th{background-color:#ebebeb;width:25%; }#details-right th{width:20%;} table tr.alt td,table tr.alt th{} .highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} .clear{clear:both;} .preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 401.2 - Unauthorized</h3> <h4>You are not authorized to view this page due to invalid authentication headers.</h4> </div> <div class="content-container"> <fieldset><h4>Most likely causes:</h4> <ul> <li>No authentication protocol (including anonymous) is selected in IIS.</li> <li>Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.</li> <li>Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.</li> <li>The Web server is not configured for anonymous access and a required authorization header was not received.</li> <li>The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.</li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><h4>Things you can try:</h4> <ul> <li>Verify the authentication setting for the resource and then try requesting the resource using that authentication method.</li> <li>Verify that the client browser supports Integrated authentication.</li> <li>Verify that the request is not going through a proxy when Integrated authentication is used.</li> <li>Verify that the user is not explicitly denied access in the "configuration/system.webServer/authorization" configuration section.</li> <li>Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click <a href="http://go.microsoft.com/fwlink/?LinkID=66439">here</a>. </li> </ul> </fieldset> </div> <div class="content-container"> <fieldset><h4>Detailed Error Information:</h4> <div id="details-left"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Module</th><td>&nbsp;&nbsp;&nbsp;IIS Web Core</td></tr> <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;AuthenticateRequest</td></tr> <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;ISAPI-dll</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070005</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Requested URL</th><td>&nbsp;&nbsp;&nbsp;http://mywebsite:80/jakarta/isapi_redirect.dll</td></tr> <tr><th>Physical Path</th><td>&nbsp;&nbsp;&nbsp;D:\ColdFusion11\config\wsconfig\1\isapi_redirect.dll</td></tr> <tr class="alt"><th>Logon Method</th><td>&nbsp;&nbsp;&nbsp;Not yet determined</td></tr> <tr><th>Logon User</th><td>&nbsp;&nbsp;&nbsp;Not yet determined</td></tr> </table> <div class="clear"></div> </div> </fieldset> </div> <div class="content-container"> <fieldset><h4>More Information:</h4> This error occurs when the WWW-Authenticate header sent to the Web server is not supported by the server configuration. Check the authentication method for the resource, and verify which authentication method the client used. The error occurs when the authentication methods are different. To determine which type of authentication the client is using, check the authentication settings for the client. <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&amp;amp;IIS70Error=401,2,0x80070005,9600">View more information &amp;raquo;</a></p> <p>Microsoft Knowledge Base Articles:</p> <ul><li>907273</li><li>253667</li></ul> </fieldset> </div> </div> </body> </html> {http://xml.apache.org/axis/}HttpErrorCode:401 

When rendered, this code would look like this:

HTTP 401.2 error from IIS

This reminded me of a problem I’d had before!

Sure enough, Anonymous Access was not enabled on the jakarta virtual directory. After enabling that and disabling Windows Authentication on that folder, everything worked properly!

Bindings not Working on ColdFusion Server

cache web paths option + Adobe CF logo

Just a quick note here. If you are running ColdFusion and you know that your bindings are set up correctly, but web requests being sent to the default root of websites on your server other than the intended one, it it highly likely that the “Cache web server paths” option was mistakenly (or unwittingly) set, causing all manner of havoc in directing among multiple sites.

CFCaching Web Server Paths option

Turn it off, restart the ColdFusion Application Server service, and enjoy proper web routing once again!

Connecting to an Oracle Database RAC with ColdFusion 11

ColdFusion Data Source Management page

Recently we’ve been moving quite a few servers and databases into our new datacenter, so I’ve been having to learn – more quickly than usual – about the often obscure differences between older and newer versions of various software including Solaris and Oracle Database.

A change to an Oracle RAC system caused the most interesting trouble I’ve had so far during this move.

In ColdFusion 11, there are native JDBC drivers for Oracle that are normally selected in the Data Source Management page using the logical and expected “Oracle” selection.

ColdFusion Data Source Management page

However, I was chagrined to find out that if you use this to try to connect to an Oracle Database that is load balanced with RAC, this selection will not work. Upon trying to connect, you will receive the error:

“[Macromedia][Oracle JDBC Driver][Oracle]ORA-12505 Connection refused, the specified SID (whatever string you put in the SID field) was not recognized by the Oracle server”

Neither Oracle nor Adobe documentation was much help on this. Fortunately, I came across a thread on the Adobe forum where a user was having this problem.

The answer is to, instead of selecting “Oracle”, select “other” in the Driver drop-down list. Then, use this connection string. The last variable (AlternateServers), appears to be optional. I’m not certain whether or not the IP addresses also need to be enclosed in parentheses.

jdbc:macromedia:oracle://(ORACLE SERVER):1521;SERVICENAME=(serviceName);sendStringParametersAsUnicode=false;MaxPooledState ments=1000;AlternateServers=((IP ADDRESS1),(IP address 2))

This is basically how I ended up setting the connection up:

CF other driver for Oracle RAC

Scheduled Tasks and Anonymous Access in ColdFusion 11

ColdFusion Scheduled Task setup form

I have been converting applications from ColdFusion 8 to CF 11 over the last several months, and some of the challenges have been quite a bit more daunting than this one. Even so, I felt this was worth mentioning.

After copying all the code for my most recent upgrade candidate from the old server to the new one and setting it up in IIS, I proceeded to set up the CF Scheduled Tasks on the new server.

One of the tasks that I set up runs under a blank user name. In order for that to work, you have to make certain that several settings related to authentication are set properly in IIS. First of all, if the app as a whole runs under anything other than Anonymous Authentication (such as Windows Integrated Authentication or Forms Authentication), your Scheduled Task URL will have to be inside a folder that has Anonymous Authentication enabled, even if it’s turned off for the rest of the app.

Secondly, you have to make sure that the “jakarta” virtual folder that is set up during IIS configuration of the website also has Anonymous Authentication enabled.

Having Anonymous Authentication disabled on the jakarta folder will cause no end of irritation if you don’t have the output of the URL sent to a file, as neither the application log file nor the Security log in Windows Event Viewer will tell you exactly why the task is failing. If you send output to a text file, you can rename that text file with an HTML extension (I’m still not sure why Adobe doesn’t just allow output as HTML for this…) and then see more clearly why your task was failing.

IIS authentication error

So set your authentication properties correctly to avoid this frustration!