Anybody got a chance to look at this ? or reproduce this error. Thank you,
Kavita Tipnis On Thu, Jul 23, 2009 at 12:11 PM, Kavita Tipnis <[email protected]>wrote: > Sorry all for being a little impatient about this! But I had spent two days > on this problem to solve it last night just to see it back again today > morning. > > So here is the whole issue in brief > > *Test Server* : > 1) Modified JAVA_OPTS environment variable @ Marvin (not using service.bat > on this) > 2) Restarted Tomcat,all apps were good > 3) A java update got installed > 4) Tomcat would start, and after CAS login, this error would show up. > > Steps take to avoid this error > 1) Followed all the steps involving certificate generation/import issues > specified very elaborately at > > http://www.ja-sig.org/wiki/display/CASUM/Demo > > 2) Everything worked fine! > > *Live Server *: > > 1) Modified JAVA_OPTS environment variable > > Added the following to service.bat(because Tomcat is installed as a service > on this server) > > (check in bold) > > @echo off > rem Licensed to the Apache Software Foundation (ASF) under one or more > rem contributor license agreements. See the NOTICE file distributed with > rem this work for additional information regarding copyright ownership. > rem The ASF licenses this file to You under the Apache License, Version 2.0 > rem (the "License"); you may not use this file except in compliance with > rem the License. You may obtain a copy of the License at > rem > rem http://www.apache.org/licenses/LICENSE-2.0 > rem > rem Unless required by applicable law or agreed to in writing, software > rem distributed under the License is distributed on an "AS IS" BASIS, > rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or > implied. > rem See the License for the specific language governing permissions and > rem limitations under the License. > > if "%OS%" == "Windows_NT" setlocal > rem > --------------------------------------------------------------------------- > rem NT Service Install/Uninstall script > rem > rem Options > rem install Install the service using Tomcat6 as service > name. > rem Service is installed using default settings. > rem remove Remove the service from the System. > rem > rem name (optional) If the second argument is present it is > considered > rem to be new service > name > rem > rem $Id: service.bat 600659 2007-12-03 20:15:09Z jim $ > rem > --------------------------------------------------------------------------- > > rem Guess CATALINA_HOME if not defined > set CURRENT_DIR=%cd% > if not "%CATALINA_HOME%" == "" goto gotHome > set CATALINA_HOME=%cd% > if exist "%CATALINA_HOME%\bin\tomcat6.exe" goto okHome > rem CD to the upper dir > cd .. > set CATALINA_HOME=%cd% > :gotHome > if exist "%CATALINA_HOME%\bin\tomcat6.exe" goto okHome > echo The tomcat.exe was not found... > echo The CATALINA_HOME environment variable is not defined correctly. > echo This environment variable is needed to run this program > goto end > rem Make sure prerequisite environment variables are set > if not "%JAVA_HOME%" == "" goto okHome > echo The JAVA_HOME environment variable is not defined > echo This environment variable is needed to run this program > goto end > :okHome > if not "%CATALINA_BASE%" == "" goto gotBase > set CATALINA_BASE=%CATALINA_HOME% > :gotBase > > set EXECUTABLE=%CATALINA_HOME%\bin\tomcat6.exe > > rem Set default Service name > set SERVICE_NAME=Tomcat6 > set PR_DISPLAYNAME=Apache Tomcat > > if "%1" == "" goto displayUsage > if "%2" == "" goto setServiceName > set SERVICE_NAME=%2 > set PR_DISPLAYNAME=Apache Tomcat %2 > :setServiceName > if %1 == install goto doInstall > if %1 == remove goto doRemove > if %1 == uninstall goto doRemove > echo Unknown parameter "%1" > :displayUsage > echo. > echo Usage: service.bat install/remove [service_name] > goto end > > :doRemove > rem Remove the service > "%EXECUTABLE%" //DS//%SERVICE_NAME% > echo The service '%SERVICE_NAME%' has been removed > goto end > > :doInstall > rem Install the service > echo Installing the service '%SERVICE_NAME%' ... > echo Using CATALINA_HOME: %CATALINA_HOME% > echo Using CATALINA_BASE: %CATALINA_BASE% > echo Using JAVA_HOME: %JAVA_HOME% > > rem Use the environment variables as an example > rem Each command line option is prefixed with PR_ > > set PR_DESCRIPTION=Apache Tomcat Server - http://tomcat.apache.org/ > set PR_INSTALL=%EXECUTABLE% > set PR_LOGPATH=%CATALINA_BASE%\logs > set PR_CLASSPATH=%CATALINA_HOME%\bin\bootstrap.jar > Set the server jvm from JAVA_HOME > set PR_JVM=%JAVA_HOME%\jre\bin\server\jvm.dll > if exist "%PR_JVM%" goto foundJvm > set the client jvm from JAVA_HOME > set PR_JVM=%JAVA_HOME%\jre\bin\client\jvm.dll > if exist "%PR_JVM%" goto foundJvm > set PR_JVM=auto > :foundJvm > echo Using JVM: %PR_JVM% > "%EXECUTABLE%" //IS//%SERVICE_NAME% --StartClass > org.apache.catalina.startup.Bootstrap --StopClass > org.apache.catalina.startup.Bootstrap --StartParams start --StopParams stop > if not errorlevel 1 goto installed > echo Failed installing '%SERVICE_NAME%' service > goto end > :installed > rem Clear the environment variables. They are not needed any more. > set PR_DISPLAYNAME= > set PR_DESCRIPTION= > set PR_INSTALL= > set PR_LOGPATH= > set PR_CLASSPATH= > set PR_JVM= > rem Set extra parameters > "%EXECUTABLE%" //US//%SERVICE_NAME% --JvmOptions > "-Dcatalina.base=%CATALINA_BASE%;-Dcatalina.home=%CATALINA_HOME%;-Djava.endorsed.dirs=%CATALINA_HOME%\endorsed" > --StartMode jvm --StopMode jvm > rem More extra parameters > set PR_LOGPATH=%CATALINA_BASE%\logs > set PR_STDOUTPUT=auto > set PR_STDERROR=auto > "%EXECUTABLE%" //US//%SERVICE_NAME% ++JvmOptions > "-Djava.io.tmpdir=%CATALINA_BASE%\temp;-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager;-Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties > " *--JvmMs 512 --JvmMx 1024* > echo The service '%SERVICE_NAME%' has been installed. > > :end > cd %CURRENT_DIR% > > 3) Restarted the service > > 4) No Error remaining day. > > 5) Yesterday morning, this error shows up, so got the system down. > > 6) Finished all the steps mentioned above on the Test Server and before > making the changes to the Live Server, > > I thought let me reinstall the tomcat service and give it a shot > > 7) Reinstalled Tomcat as a service > > 8) No errors showed up!! > > > This is just a brief of the log of events that took place. > > Sometime yesterday, Live tomcat server just ran out of memory, > > so this morning I am trying some settings to increase perm size on the *test > server *and give it a try.( I haven't messed with the Live server yet) > > I modified catalina.bat to set JAVA_OPTS like this > > set JAVA_OPTS=%JAVA_OPTS% > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > -Djava.util.logging.config.file="%CATALINA_BASE%\conf\logging.properties " > -XX:MaxPermSize=64M > > and this error shows up again sadly, > > I removed the settings '-XX:MaxPermSize=64M' and it still showed the error > until I restarted my machine. > > P.S : I have to restart my machine again because I reproduced this error. > > I hope this helps, it is a bit more descriptive issue report!! > > > Thank you, > > > > > > > > > > > > JDK update that got installed on my test server (my production server did > not install the update > > > > > On Thu, Jul 23, 2009 at 11:30 AM, Sander Bos <[email protected]>wrote: > >> >> >> Hello Kavita, >> >> as was mentioned before the usual suspect for this error is the cacerts >> file, and if I understand what you are saying now it does not matter what >> options you use it does not work? (because then the options do not really >> matter). >> You also mentioned the problems started after a Java upgrade, which could >> (although it should not) overwrite the cacerts file. >> >> Have you already done a command like >> keytool -list -v -file "\path\to\jre\lib\security\cacerts" >> to see whether your certificate is really still in there (password is >> changeit). If there are certificates in there. Do the dates etc. look okay? >> >> Then personally, I never trust what I am looking at (I have about 10 JDKs >> on my system, so 10 cacerts files), are you sure that that cacerts file >> is really used. You can use a tool like procmon to filter on paths >> containing 'cacerts', then start up tomcat and double check that the path >> cacerts is found under matches the path you used in the command before. >> >> Met vriendelijke groet, >> >> Sander Bos >> Developer >> >> Finalist IT Group >> Never stop developing! >> E: [email protected] >> T: +31 88 217 0 856 >> >> Kavita Tipnis schreef: >> >> My error is back again now even though it was working yesterday, exactly >> the same settings nothing different. >> I can't pin it down if it is the jvm that is crashing or the cas or >> tomcat. >> >> Thank You :( >> >> On Thu, Jul 23, 2009 at 10:42 AM, Kavita Tipnis >> <[email protected]>wrote: >> >>> I have been modifying my JAVA_OPTS settings under catalina.bat for Tomcat >>> but CAS keeps firing this error, >>> so I am completely clueless as to why is CAS errorring out if I make any >>> changes to the JVM memory options?? >>> >>> Any help on this would be really appreciated, thank you >>> currently my JVM settings are -Xms256M and -Xmx256M and when I try to set >>> the -XX:MaxPermSize:128M, the cas shows this >>> error even if the Tomcat starts smoothly. >>> Now, I have removed the -XX:MaxPermSize:128M and CAS is still showing the >>> same error >>> >>> Thanks! >>> Kavita >>> >>> On Tue, Jul 21, 2009 at 3:52 PM, Kavita Tipnis >>> <[email protected]>wrote: >>> >>>> Would this be a Tomcat bug/issue? >>>> >>>> Thank you. >>>> Kavita >>>> >>>> On Tue, Jul 21, 2009 at 3:10 PM, Kavita Tipnis <[email protected] >>>> > wrote: >>>> >>>>> I get it now. >>>>> Here is something very weird >>>>> >>>>> After reconfiguring all the changes on my test environment(it works >>>>> fine now), >>>>> I wanted to make the same changes to production environment, but >>>>> instead I just reinstalled Tomcat as a service and the 'Unable to validate >>>>> ProxyTicketValidator' error message did not show up. >>>>> >>>>> As a result I am confused right now,because yesterday I made changes to >>>>> increase the heap size in Tomcat and modified >>>>> the service.bat file that comes with Tomcat.(Also the JAVA_OPTS >>>>> environment variable is modified) ---- I know this has nothing to do with >>>>> CAS, but today, I started getting the ProxyTicketValidator Error. >>>>> To fix this on the production server I just resinstalled service.bat as >>>>> a windows service and the error was gone. >>>>> >>>>> I spent more than 4 hrs and got a good solution and understanding of >>>>> the ProxyTicketValidator and SSL trust issue but seems like the error was >>>>> misleading (because I only changed environment variables for increasing >>>>> heap >>>>> size). >>>>> >>>>> Thank You, >>>>> Kavita >>>>> >>>>> >>>>> On Tue, Jul 21, 2009 at 2:54 PM, Marvin Addison < >>>>> [email protected]> wrote: >>>>> >>>>>> > But the Tomcat documentation does not mention that. >>>>>> >>>>>> It has nothing to do with Tomcat, so would not be mentioned in that >>>>>> context. The "infamous" ProxyTicketValidator you are getting is >>>>>> caused by a connection initiated by a Java class to the CAS server. >>>>>> The root cause an SSL trust issue between the JVM running your >>>>>> application and the certificate presented by the CAS server. The >>>>>> system keystore, $JAVA_HOME/jre/lib/security/cacerts, is the keystore >>>>>> that matters in that case. >>>>>> >>>>>> M >>>>>> >>>>>> -- >>>>>> You are currently subscribed to [email protected] as: >>>>>> [email protected] >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Kavita Tipnis >>>>> >>>>> >>>> >>>> >>>> -- >>>> Kavita Tipnis >>>> >>>> >>> >>> >>> -- >>> Kavita Tipnis >>> >>> >> >> >> -- >> Kavita Tipnis >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > > -- > Kavita Tipnis > > -- Kavita Tipnis -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
