Sorry all for being a little impatient about this! But I had spent two days on this problem to solve it last night just to see it back again today morning.
So here is the whole issue in brief *Test Server* : 1) Modified JAVA_OPTS environment variable @ Marvin (not using service.bat on this) 2) Restarted Tomcat,all apps were good 3) A java update got installed 4) Tomcat would start, and after CAS login, this error would show up. Steps take to avoid this error 1) Followed all the steps involving certificate generation/import issues specified very elaborately at http://www.ja-sig.org/wiki/display/CASUM/Demo 2) Everything worked fine! *Live Server *: 1) Modified JAVA_OPTS environment variable Added the following to service.bat(because Tomcat is installed as a service on this server) (check in bold) @echo off rem Licensed to the Apache Software Foundation (ASF) under one or more rem contributor license agreements. See the NOTICE file distributed with rem this work for additional information regarding copyright ownership. rem The ASF licenses this file to You under the Apache License, Version 2.0 rem (the "License"); you may not use this file except in compliance with rem the License. You may obtain a copy of the License at rem rem http://www.apache.org/licenses/LICENSE-2.0 rem rem Unless required by applicable law or agreed to in writing, software rem distributed under the License is distributed on an "AS IS" BASIS, rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. rem See the License for the specific language governing permissions and rem limitations under the License. if "%OS%" == "Windows_NT" setlocal rem --------------------------------------------------------------------------- rem NT Service Install/Uninstall script rem rem Options rem install Install the service using Tomcat6 as service name. rem Service is installed using default settings. rem remove Remove the service from the System. rem rem name (optional) If the second argument is present it is considered rem to be new service name rem rem $Id: service.bat 600659 2007-12-03 20:15:09Z jim $ rem --------------------------------------------------------------------------- rem Guess CATALINA_HOME if not defined set CURRENT_DIR=%cd% if not "%CATALINA_HOME%" == "" goto gotHome set CATALINA_HOME=%cd% if exist "%CATALINA_HOME%\bin\tomcat6.exe" goto okHome rem CD to the upper dir cd .. set CATALINA_HOME=%cd% :gotHome if exist "%CATALINA_HOME%\bin\tomcat6.exe" goto okHome echo The tomcat.exe was not found... echo The CATALINA_HOME environment variable is not defined correctly. echo This environment variable is needed to run this program goto end rem Make sure prerequisite environment variables are set if not "%JAVA_HOME%" == "" goto okHome echo The JAVA_HOME environment variable is not defined echo This environment variable is needed to run this program goto end :okHome if not "%CATALINA_BASE%" == "" goto gotBase set CATALINA_BASE=%CATALINA_HOME% :gotBase set EXECUTABLE=%CATALINA_HOME%\bin\tomcat6.exe rem Set default Service name set SERVICE_NAME=Tomcat6 set PR_DISPLAYNAME=Apache Tomcat if "%1" == "" goto displayUsage if "%2" == "" goto setServiceName set SERVICE_NAME=%2 set PR_DISPLAYNAME=Apache Tomcat %2 :setServiceName if %1 == install goto doInstall if %1 == remove goto doRemove if %1 == uninstall goto doRemove echo Unknown parameter "%1" :displayUsage echo. echo Usage: service.bat install/remove [service_name] goto end :doRemove rem Remove the service "%EXECUTABLE%" //DS//%SERVICE_NAME% echo The service '%SERVICE_NAME%' has been removed goto end :doInstall rem Install the service echo Installing the service '%SERVICE_NAME%' ... echo Using CATALINA_HOME: %CATALINA_HOME% echo Using CATALINA_BASE: %CATALINA_BASE% echo Using JAVA_HOME: %JAVA_HOME% rem Use the environment variables as an example rem Each command line option is prefixed with PR_ set PR_DESCRIPTION=Apache Tomcat Server - http://tomcat.apache.org/ set PR_INSTALL=%EXECUTABLE% set PR_LOGPATH=%CATALINA_BASE%\logs set PR_CLASSPATH=%CATALINA_HOME%\bin\bootstrap.jar Set the server jvm from JAVA_HOME set PR_JVM=%JAVA_HOME%\jre\bin\server\jvm.dll if exist "%PR_JVM%" goto foundJvm set the client jvm from JAVA_HOME set PR_JVM=%JAVA_HOME%\jre\bin\client\jvm.dll if exist "%PR_JVM%" goto foundJvm set PR_JVM=auto :foundJvm echo Using JVM: %PR_JVM% "%EXECUTABLE%" //IS//%SERVICE_NAME% --StartClass org.apache.catalina.startup.Bootstrap --StopClass org.apache.catalina.startup.Bootstrap --StartParams start --StopParams stop if not errorlevel 1 goto installed echo Failed installing '%SERVICE_NAME%' service goto end :installed rem Clear the environment variables. They are not needed any more. set PR_DISPLAYNAME= set PR_DESCRIPTION= set PR_INSTALL= set PR_LOGPATH= set PR_CLASSPATH= set PR_JVM= rem Set extra parameters "%EXECUTABLE%" //US//%SERVICE_NAME% --JvmOptions "-Dcatalina.base=%CATALINA_BASE%;-Dcatalina.home=%CATALINA_HOME%;-Djava.endorsed.dirs=%CATALINA_HOME%\endorsed" --StartMode jvm --StopMode jvm rem More extra parameters set PR_LOGPATH=%CATALINA_BASE%\logs set PR_STDOUTPUT=auto set PR_STDERROR=auto "%EXECUTABLE%" //US//%SERVICE_NAME% ++JvmOptions "-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties " *--JvmMs 512 --JvmMx 1024* echo The service '%SERVICE_NAME%' has been installed. :end cd %CURRENT_DIR% 3) Restarted the service 4) No Error remaining day. 5) Yesterday morning, this error shows up, so got the system down. 6) Finished all the steps mentioned above on the Test Server and before making the changes to the Live Server, I thought let me reinstall the tomcat service and give it a shot 7) Reinstalled Tomcat as a service 8) No errors showed up!! This is just a brief of the log of events that took place. Sometime yesterday, Live tomcat server just ran out of memory, so this morning I am trying some settings to increase perm size on the *test server *and give it a try.( I haven't messed with the Live server yet) I modified catalina.bat to set JAVA_OPTS like this set JAVA_OPTS=%JAVA_OPTS% -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file="%CATALINA_BASE%\conf\logging.properties " -XX:MaxPermSize=64M and this error shows up again sadly, I removed the settings '-XX:MaxPermSize=64M' and it still showed the error until I restarted my machine. P.S : I have to restart my machine again because I reproduced this error. I hope this helps, it is a bit more descriptive issue report!! Thank you, JDK update that got installed on my test server (my production server did not install the update On Thu, Jul 23, 2009 at 11:30 AM, Sander Bos <[email protected]>wrote: > > > Hello Kavita, > > as was mentioned before the usual suspect for this error is the cacerts > file, and if I understand what you are saying now it does not matter what > options you use it does not work? (because then the options do not really > matter). > You also mentioned the problems started after a Java upgrade, which could > (although it should not) overwrite the cacerts file. > > Have you already done a command like > keytool -list -v -file "\path\to\jre\lib\security\cacerts" > to see whether your certificate is really still in there (password is > changeit). If there are certificates in there. Do the dates etc. look okay? > > Then personally, I never trust what I am looking at (I have about 10 JDKs > on my system, so 10 cacerts files), are you sure that that cacerts file is > really used. You can use a tool like procmon to filter on paths containing > 'cacerts', then start up tomcat and double check that the path cacerts is > found under matches the path you used in the command before. > > Met vriendelijke groet, > > Sander Bos > Developer > > Finalist IT Group > Never stop developing! > E: [email protected] > T: +31 88 217 0 856 > > Kavita Tipnis schreef: > > My error is back again now even though it was working yesterday, exactly > the same settings nothing different. > I can't pin it down if it is the jvm that is crashing or the cas or tomcat. > > Thank You :( > > On Thu, Jul 23, 2009 at 10:42 AM, Kavita Tipnis > <[email protected]>wrote: > >> I have been modifying my JAVA_OPTS settings under catalina.bat for Tomcat >> but CAS keeps firing this error, >> so I am completely clueless as to why is CAS errorring out if I make any >> changes to the JVM memory options?? >> >> Any help on this would be really appreciated, thank you >> currently my JVM settings are -Xms256M and -Xmx256M and when I try to set >> the -XX:MaxPermSize:128M, the cas shows this >> error even if the Tomcat starts smoothly. >> Now, I have removed the -XX:MaxPermSize:128M and CAS is still showing the >> same error >> >> Thanks! >> Kavita >> >> On Tue, Jul 21, 2009 at 3:52 PM, Kavita Tipnis >> <[email protected]>wrote: >> >>> Would this be a Tomcat bug/issue? >>> >>> Thank you. >>> Kavita >>> >>> On Tue, Jul 21, 2009 at 3:10 PM, Kavita Tipnis >>> <[email protected]>wrote: >>> >>>> I get it now. >>>> Here is something very weird >>>> >>>> After reconfiguring all the changes on my test environment(it works fine >>>> now), >>>> I wanted to make the same changes to production environment, but instead >>>> I just reinstalled Tomcat as a service and the 'Unable to validate >>>> ProxyTicketValidator' error message did not show up. >>>> >>>> As a result I am confused right now,because yesterday I made changes to >>>> increase the heap size in Tomcat and modified >>>> the service.bat file that comes with Tomcat.(Also the JAVA_OPTS >>>> environment variable is modified) ---- I know this has nothing to do with >>>> CAS, but today, I started getting the ProxyTicketValidator Error. >>>> To fix this on the production server I just resinstalled service.bat as >>>> a windows service and the error was gone. >>>> >>>> I spent more than 4 hrs and got a good solution and understanding of the >>>> ProxyTicketValidator and SSL trust issue but seems like the error was >>>> misleading (because I only changed environment variables for increasing >>>> heap >>>> size). >>>> >>>> Thank You, >>>> Kavita >>>> >>>> >>>> On Tue, Jul 21, 2009 at 2:54 PM, Marvin Addison < >>>> [email protected]> wrote: >>>> >>>>> > But the Tomcat documentation does not mention that. >>>>> >>>>> It has nothing to do with Tomcat, so would not be mentioned in that >>>>> context. The "infamous" ProxyTicketValidator you are getting is >>>>> caused by a connection initiated by a Java class to the CAS server. >>>>> The root cause an SSL trust issue between the JVM running your >>>>> application and the certificate presented by the CAS server. The >>>>> system keystore, $JAVA_HOME/jre/lib/security/cacerts, is the keystore >>>>> that matters in that case. >>>>> >>>>> M >>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>> >>>> >>>> >>>> -- >>>> Kavita Tipnis >>>> >>>> >>> >>> >>> -- >>> Kavita Tipnis >>> >>> >> >> >> -- >> Kavita Tipnis >> >> > > > -- > Kavita Tipnis > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Kavita Tipnis -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
