Re: SSL and 408 error code (incomplete request)
Thanks very much for this detailed answer. We don't see a reason for the client to delay data sending (request is small and unconditional, network is stable with no firewalls in the middle). So given your helpful explanation, we'll also ask in the Chrome forums :) thanks again - Original Message - From: André Warnier a...@ice-sa.com To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Thursday, August 1, 2013 1:56 AM Subject: Re: SSL and 408 error code (incomplete request) sol myr wrote: Hi, Has anyone happened to stumble onto this issue, please: Our Ajax works perfectly as long as its non-secure. However, when switching to SSL we sometimes see 408 errors (incomplete request). This only happens on ajax, and inconsistently (similar requests might succeed on one moment, but fail on the other). Please note: 1. Our client is Chrome browser, using JQuery for ajax 2. Server is Tomcat 7 3. Network is fast and stable, and the ajax requests are small 4. Problem occurs for both our connectors: APR and Http (both with SSL enabled) 5. Our x509 certificate is valid (otherwise it would have failed on *all* ajax ssl requests, not to mention the non-ajax ssl) The HTTP RFC 2616 states : 10.4 Client Error 4xx The 4xx class of status code is intended for cases in which the client seems to have erred. and 10.4.9 408 Request Timeout The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time. On the face of it thus (and barring some real bug in Tomcat), this looks like a client error, scenario : - the client opens a TCP connection to the server, with the purpose of sending a request on that connection - but then the client fails to send a request on that connection, for a time sufficient for the server to declare a time-out (or takes an inordinate amount of time to send the request line - such as in one kind of DOS attack). Any idea why some of your client requests may have such a behaviour ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and 408 error code (incomplete request)
Thank very much, that sounds like a good property to tweak. we'll try it out :) - Original Message - From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Thursday, August 1, 2013 1:07 AM Subject: RE: SSL and 408 error code (incomplete request) what happens if you increase the connectionTimeout (on your ssl connector) to a longer interval e.g.? $CATALINA_HOME/conf/server.xml Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true connectionTimeout=3 Martin __ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Date: Wed, 31 Jul 2013 14:32:39 -0700 From: solmy...@yahoo.com Subject: SSL and 408 error code (incomplete request) To: users@tomcat.apache.org Hi, Has anyone happened to stumble onto this issue, please: Our Ajax works perfectly as long as its non-secure. However, when switching to SSL we sometimes see 408 errors (incomplete request). This only happens on ajax, and inconsistently (similar requests might succeed on one moment, but fail on the other). Please note: 1. Our client is Chrome browser, using JQuery for ajax 2. Server is Tomcat 7 3. Network is fast and stable, and the ajax requests are small 4. Problem occurs for both our connectors: APR and Http (both with SSL enabled) 5. Our x509 certificate is valid (otherwise it would have failed on *all* ajax ssl requests, not to mention the non-ajax ssl) Thanks :) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
Hi, I am not sure if this is the right List to post this on, please advise if it isn't and let me know where is best to post. I am getting the following error on one of our applications running on our intranet: 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Servlet.service() for servlet action threw exception java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx.LOCAL at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187) at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150) at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287) at java.lang.Thread.run(Unknown Source) In my tomcat/conf/server.xml file I have: Realm className=com.viatel.tomcatrealms.ADJNDIRealm debug=01 resourceName=ActiveDirectory connectionURL=ldap://xxx:xxx; alternativeURL=ldap://xxx:xxx; connectionName=LDAP@xxx.local connectionPassword=xxx referrals=follow userBase=dc=vtlwavenet,dc=local userSearch=(sAMAccountName={0}) userSubtree=true roleBase=dc=xxx,dc=local roleSearch=(member={0}) roleName=cn roleSubtree=true / I have 2 .war files running from this tomcat - 1) intranet portal A, 2) intranet helpdesk page and also another intranet portal B (both run from slightly different URLs). When tomcat was restarted the intranet portal A runs, intranet portal B runs but the intranet helpdesk portal doesn't run. For this we get the error message shown above. I don't know if it is the java code, some setting in the tomcat catalina base or if it is a tomcat network issue. We are running Tomcat 5.5.29. java version 1.5.0_22 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03) Java HotSpot(TM) Client VM (build 1.5.0_22-b03, mixed mode, sharing) It is on a Windows Server 2003 R2 SP2 VM box. Any help on this is appreciated. Thanks in advance Seema
RE:Tomcat and IP transparency
Hi Joan I think your problem is not easy to solve. If it is possible to know which requests could be for this blackbox (from client IP or destination IP) then you should serve all these requests without using your cache at all. How to achieve this ? Maybe by using an IP-based Virtual Host on your server and forwarding all requests coming to this IP to the blackbox, at the OS level (iptables). The other listening IP (that you've been using till now) will still accept the other requests. Maybe, you have to add a round-trip in your servlet for redirecting all requests for the blackbox with a 302 Redirect to the other IP, if your clients handle such redirects. Probably to do all this, but not in 5 minutes Eugene De : Joan Balagueró Ventus Proxy [joan.balagu...@ventusproxy.com] Envoyé : mercredi 31 juillet 2013 21:04 À : users@tomcat.apache.org Objet : Tomcat and IP transparency Hello, I already asked this question to the Apache HttpClient Forum. They don't know if this is possible with java/Tomcat. I have developed a proxy servlet with an xml cache, running in a Tomcat 6.0.37 on Linux Centos6.4. When the incoming xml request (sent from an external client) is not found in the proxy cache, I use HttpClient 4.2.5 to create a new http request and redirect it to the provider application servers to get the xml response. So far, everything worked ok with all our clients. But now we've a provider that needs ip transparency. Then, the request created by httpclient needs to carry the origin ip address (that from the external client), not the proxy ip. My proxy gets correctly the external IP (using request.getRemoteAddr()), but when the provider application reads the IP provided by the http client using request.getRemoteAddr(), they obviously get the proxy IP. The provider software is a blackbox, then reading ips with 'request.getRemoteAddr()' is something that they cannot change now. Therefore, things like adding a 'X-Forwarded-for' header cannot be implemented in this scenario. Is it possible tot achieve this at Tomcat level? Has anyone found an scenario like this? Thanks in advance, Joan. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
Seema Patel wrote: Hi, I am not sure if this is the right List to post this on, please advise if it isn't and let me know where is best to post. I am getting the following error on one of our applications running on our intranet: 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Servlet.service() for servlet action threw exception java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx.LOCAL at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187) at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150) at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287) at java.lang.Thread.run(Unknown Source) I believe that you should read this page carefully, in particular the blue text at the beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html Can you have a look at the WEB-INF/web.xml file *of your application*, and check if there is a servlet filter configured there, which matches the name above ? If so, make a backup copy of that web.xml file, and then edit it to remove that filter from it, and try again. I am not quite sure, but it looks possible to me that you have a duplicate authentication mechanism in use : one at the container (Tomcat) level, and one at the application level. And the one used at the application level is obsolete, unsupported, unmaintained etc.. In my tomcat/conf/server.xml file I have: Realm className=com.viatel.tomcatrealms.ADJNDIRealm debug=01 resourceName=ActiveDirectory connectionURL=ldap://xxx:xxx; alternativeURL=ldap://xxx:xxx; connectionName=LDAP@xxx.local connectionPassword=xxx referrals=follow userBase=dc=vtlwavenet,dc=local userSearch=(sAMAccountName={0}) userSubtree=true roleBase=dc=xxx,dc=local roleSearch=(member={0}) roleName=cn roleSubtree=true / I have 2 .war files running from this tomcat - 1) intranet portal A, 2) intranet helpdesk page and also another intranet portal B (both run from slightly different URLs). When tomcat was restarted the intranet portal A runs, intranet portal B runs but the intranet helpdesk portal doesn't run. For this we get the error message shown above. I don't know if it is the java code, some setting in the tomcat catalina base or if it is a tomcat network issue. We are running Tomcat 5.5.29. java version 1.5.0_22 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03) Java HotSpot(TM) Client VM (build 1.5.0_22-b03, mixed mode, sharing) It is on a Windows Server 2003 R2 SP2 VM box. Any help on this is appreciated. Thanks in advance Seema - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
Date: Thu, 1 Aug 2013 12:06:39 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx Seema Patel wrote: Hi, I am not sure if this is the right List to post this on, please advise if it isn't and let me know where is best to post. I am getting the following error on one of our applications running on our intranet: 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Servlet.service() for servlet action threw exception java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx.LOCAL at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187) at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150) at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287) at java.lang.Thread.run(Unknown Source) I believe that you should read this page carefully, in particular the blue text at the beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html Can you have a look at the WEB-INF/web.xml file *of your application*, and check if there is a servlet filter configured there, which matches the name above ? If so, make a backup copy of that web.xml file, and then edit it to remove that filter from it, and try again. I am not quite sure, but it looks possible to me that you have a duplicate authentication mechanism in use : one at the container (Tomcat) level, and one at the application level. And the one used at the application level is obsolete, unsupported, unmaintained etc.. I have found out that JCIFS is no longer supported, but it will take a lot of time, development and resources to update it to the recommended Jespa. In my web.xml file I have the following: filter filter-nameNtlmHttpFilter/filter-name filter-classjcifs.http.NtlmHttpFilter/filter-class !-- always needed for preauthentication / SMB signatures -- init-param param-namejcifs.smb.client.domain/param-name param-valuexxx/param-value /init-param !-- SMB message signing requires a valid existing login -- init-param param-namejcifs.smb.client.username/param-name param-valuexxx/param-value /init-param init-param param-namejcifs.smb.client.password/param-name param-valuexxx/param-value /init-param !-- Set the logging level -- init-param param-namejcifs.util.loglevel/param-name param-value3/param-value /init-param !-- allow non-IE browsers to use basic auth -- init-param param-namejcifs.http.insecureBasic/param-name param-valuetrue/param-value /init-param /filter filter filter-nameHRADGroupFilter/filter-name filter-classxxx.ADGroupFilter/filter-class init-param param-nameAllowedGroups/param-name param-valueG-HR,G-MIS/param-value /init-param /filter filter filter-nameSuggestionsGroupFilter/filter-name filter-classxxx.ADGroupFilter/filter-class init-param param-nameAllowedGroups/param-name param-valuexxx, xxx/param-value /init-param /filter filter-mapping filter-nameNtlmHttpFilter/filter-name url-pattern/suggestions/*/url-pattern /filter-mapping filter-mapping filter-nameSuggestionsGroupFilter/filter-name url-pattern/suggestions/*/url-pattern /filter-mapping filter-mapping
RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
From: Seema Patel [mailto:seema...@hotmail.com] Subject: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx I am not sure if this is the right List to post this on This is the correct list, but... jcifs.http.NtlmHttpFilter Not supported: http://jcifs.samba.org/src/docs/ntlmhttpauth.html We are running Tomcat 5.5.29. Not supported. java version 1.5.0_22 Not supported. You really, really need to upgrade your environment. Using unsupported versions of the JVM and Tomcat leaves you open to numerous attacks and other bugs that will never be addressed in those versions. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat and IP transparency
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ilya, On 7/31/13 3:11 PM, Ilya Kazakevich wrote: They may use RemoteIpValve to fetch real ip from x-forwarded-for and set it to remote_addr where getRemoteAddr will get it. +1 Assuming you can modify the webapp by inserting a Valve, you can use it to do exactly what you want to do: http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_IP_Valve - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJR+l8/AAoJEBzwKT+lPKRY1oEQAIBga6U1jQdOXA217pVaZ9K5 6e6LRVuZfebUwztrHdN64MiHglGdtIOLOB+yZC4pCd3yvH+PfaHOZdyKrEY7osoI aXBBy40S1u+1YQGvovfVhMRO4UUUs7S5jxkQNlvHtib7VVoILUBfHDf0cW2tilRf SPAwvn3p1DeAuNq/m+VruRNDwHD270j9+OO0TSh+rWR6TK2XaSNIJ6eb4hWdmvPV CoISQpadS8l4XawW09wrKKq7EN0WOrhKgj9o2U4fIQfayX8T3rvaLu1LQpHunEWV Z9Cs3eliP09Uxhi2VWov5cx2mf9pxtLu3p+0400s/9MqHjutT6rkEOyuvs7BPtRD JJ3wlrWY3Ah9SrFxHKv7FdJ5ycS5BX9+x+KzvIuuBUTDg/nB7Uz2aF1AwSzws2lI 5YSkw+5dRpnZqz2GY3W8gYwLjSLImYuPgJhWCiel/6I13HcwFllseR9GqxWXx0Zj g0ChufG/WtVusH/uBcAt5FTUNfepiMBaYjjsZfG2VR7PQT64U3GqcHmeIf+OzOUH oEIknGvozRWMytqGs8ZZ934vtX2mMkwqkpvlMS1sfor7KLDLWtIDEIR56DrXpecp 02y85wHZkf3FiPHR2QhDYKwWnhGg+3vknogPBgtWsgv6gLd130+jv/gBnlGzJC6T H2gbsz1RLKEWvVEITxSb =BAxw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and 408 error code (incomplete request)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sol, On 7/31/13 5:32 PM, sol myr wrote: Has anyone happened to stumble onto this issue, please: Our Ajax works perfectly as long as its non-secure. However, when switching to SSL we sometimes see 408 errors (incomplete request). This only happens on ajax, and inconsistently (similar requests might succeed on one moment, but fail on the other). Please note: 1. Our client is Chrome browser, using JQuery for ajax 2. Server is Tomcat 7 3. Network is fast and stable, and the ajax requests are small 4. Problem occurs for both our connectors: APR and Http (both with SSL enabled) 5. Our x509 certificate is valid (otherwise it would have failed on *all* ajax ssl requests, not to mention the non-ajax ssl) How often is sometimes? Can you give a rough idea of the volume you are serving, and what percentage seem to be failing? Is there any pattern -- like certain IP addresses fail more often than others, etc.? Do you have mobile clients? Or is all your testing local? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJR+mAeAAoJEBzwKT+lPKRYWNMP/iPaCTc07jMkpJ079rYB/R1H aDb8rIrXMdEXb4iMqNiMRg3PlFpu5CfM2Z5XYClhpbdkFs6EW9lyD7KRPyPseFyg G4TleXSCaKYCMlhOmW4biM3HE9Dj1+H2UEI+q4qcQWE3K0+PvQCB6IADg6Q1mT2y bV7Yv5nOIyZY9Wq7LGTPe9TAfInfdPohb/fT5deu9vEhb/3bj+nbIbwrAfKXEfic lpockmZxiq/tkQA1Ijjfi6nXkItmR+0VjQa+wHKg6lW43XHq3UCA4AVsH3cZde5C K74WOv8OosTmacyeKeze/kNFtpf6HrkoSPfJ7OVP966iQ9RmYHMBf/t2X0Qe45Lt vcjOMZCVAWzjqsJKe71Mi3WgDmqbGOyGYq0jTpI39CdqU/71juyQMxJe0mpJpUPk MGjBWQYXg1cSCKSQjDPsdUSN7uRZfo9dmMQrcVyOcI5UAmap95KciyGeW1z8PKs8 x0E8bP2/c38INdGHAbbjgGwVacnav37VKNn0Yky4eCWjiMFwoym3L/eL/DvrtGVu Be4V3ei7Dzju7R9x90KaumpG4OzC+SUI9oCFgDiVgbN5yQwsuP8Gaz0A/RCqdJFZ EhvCbNKog9JU8hTmeCUiH/ACGzW7RjWFl8KZgZzmxbLHRGOjc3BGRIXKtB1G7OjU o6LNmVxkLXLHERIleY4d =zy5F -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chuck, On 8/1/13 7:50 AM, Caldarale, Charles R wrote: From: Seema Patel [mailto:seema...@hotmail.com] Subject: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx I am not sure if this is the right List to post this on This is the correct list, but... jcifs.http.NtlmHttpFilter Not supported: http://jcifs.samba.org/src/docs/ntlmhttpauth.html We are running Tomcat 5.5.29. Not supported. java version 1.5.0_22 Not supported. You really, really need to upgrade your environment. Using unsupported versions of the JVM and Tomcat leaves you open to numerous attacks and other bugs that will never be addressed in those versions. +1 For what it's worth, upgrading the JVM is usually painless (with a few exceptions, but it's easy to try!). Since you were already on Tomcat 5.5, the transition from 5.5 - 7.0 (latest) is pretty much a drop-in replacement (you'll need to re-write your server.xml from scratch, but it shouldn't be a big deal to re-configure your Connectors). http://tomcat.apache.org/migration-6.html http://tomcat.apache.org/migration-7.html - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJR+mFbAAoJEBzwKT+lPKRYyZ4QAMpa71PhxVktGiTwX0W49H2D Irbt9EQ88BYjwawl0vgpcrt48ofMBOwErhsyFyYhk/zaaKRQOkP9Yf+lhq2sHkOQ FNMzF52ZyYPcaPhlN7DsGMbEZtYqq07SkTPXYQ9bY7+CAbWUF/4CZ4vG3q0q7MiY h48SIUs4EKF0UBmDFBcLdJj0xo+Lbnd6mx4WmasjJTDuniZsK6qZtxnn66UQBw2P 7n8hLCOBXvsjol9m5z/bJt1SifjQVNSfyoxlL7A7Pf1QP9zh1bAYen9efPKoa2Za TM0KGYa9Vb8hNRGPGZH7/Rs0ZfIdpFrPqJtWTVeZBbt7EtABZbvDW3bsh5WYgzv1 G0pyJQl8tnVpem9QvniX4POHEuboSfco53k3SBe8dp6M+798zLAr4DcamRsvxR0d 2nJxLkl3XZiF3IaxyfeIjIz00gqU3AXj4T+yOtMb2g6ok3eRJlaTqraHyeMSPFQ0 IEzcHEUwuYlRfm4+IBqwlQUjRpKTkkM7rjqGQIQz1BqCrZ4amcjM7QlW9/3wj+p+ I803eFy+XfNJ5EwE2t/s1H+zzMM7uzsvR4dMkak4IMcV8r1TRYF+8ddR6AKYNuzX pKwuFEXRaDycPkxaWoh9OO2UZ5OXk6VPU9QCuEcaLgDLjH3UHpAAFvM27dkmi/5P tlQKaspmVeRFL8u+i8a3 =udXh -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
nslookup DomainName if you still call no joy there is nothing we can do (without contacting your Domain Admin and asking if DomainName is live) Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. From: seema...@hotmail.com To: users@tomcat.apache.org Subject: RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx Date: Thu, 1 Aug 2013 12:02:34 +0100 Date: Thu, 1 Aug 2013 12:06:39 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx Seema Patel wrote: Hi, I am not sure if this is the right List to post this on, please advise if it isn't and let me know where is best to post. I am getting the following error on one of our applications running on our intranet: 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Servlet.service() for servlet action threw exception java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx.LOCAL at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187) at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150) at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287) at java.lang.Thread.run(Unknown Source) I believe that you should read this page carefully, in particular the blue text at the beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html Can you have a look at the WEB-INF/web.xml file *of your application*, and check if there is a servlet filter configured there, which matches the name above ? If so, make a backup copy of that web.xml file, and then edit it to remove that filter from it, and try again. I am not quite sure, but it looks possible to me that you have a duplicate authentication mechanism in use : one at the container (Tomcat) level, and one at the application level. And the one used at the application level is obsolete, unsupported, unmaintained etc.. I have found out that JCIFS is no longer supported, but it will take a lot of time, development and resources to update it to the recommended Jespa. In my web.xml file I have the following: filter filter-nameNtlmHttpFilter/filter-name filter-classjcifs.http.NtlmHttpFilter/filter-class !-- always needed for preauthentication / SMB signatures -- init-param param-namejcifs.smb.client.domain/param-name param-valuexxx/param-value /init-param !-- SMB message signing
RE: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces.
-Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Wednesday, July 31, 2013 12:27 PM To: Tomcat Users List Subject: Re: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces. TRAN Trung Thanh wrote: Hi all, I am newbie here. Today, I tried to start apache tomcat 7.0.42 in Linux environment. Server path contains two consecutive spaces. When I run ./catalina.sh run, server cannot start and there is the following exception in console ./catalina.sh run Using CATALINA_BASE: /home/example/twoconsecutive spaces Using CATALINA_HOME: /home/example/twoconsecutive spaces Using CATALINA_TMPDIR: /home/example/twoconsecutive spaces/temp Using JRE_HOME:/home/example/java/jdk1.6 Using CLASSPATH: /home/example/twoconsecutive spaces/bin/bootstrap.jar:/home/example/twoconsecutive spaces/bin/tomcat-juli.jar Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/startup/Bootstrap Caused by: java.lang.ClassNotFoundException: org.apache.catalina.startup.Bootstrap at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:247) Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit. Tomcat server can start if server path does not contain consecutive space. Do anyone face to the same issue with me in this case? Have you any suggestion to fix this issue? Yes : don't do that (using spaces in paths). It is quite important for my deployment. That's a pity. Spaces in paths (and filenames) are evil, and should never have been allowed in the first place. A special place in hell is reserved for the genius who first allowed this stupid thing in an OS. I wish I had 0.1 cent for every programming hour lost because of this. Technically, you can certainly find the correct way to quote them in any particular place and environment. But usually, this is merely moving the problem to some other place further down the line, where it is even less visible and harder to find the bugs. I suppose the same could be said about any non-visible character, but spaces (along with TAB) are specially evil because in most environments, they are considered either as valid separators between words/tokens or as non- significant. My serious recommendation would be to think really hard about a way to nip this in the bud, and avoid allowing them and using them in the first place. Think that if you allow them somewhere, and even if you quote them correctly there, you will have to continue quoting them (appropriately) everywhere else that you are using the corresponding strings. It is almost guaranteed that this will bite you somewhere. Agree with everything Andre says here. Even under Windows, where the OS seems to handle it fine, as long as you're in the GUI, it is a problem. You have to remember to quote the path everytime you want to use it at the command line level, or in PowerShell, etc. It is really easier to remember that if you want the look of a space, but need a non-printable character, to just use the underbar. How much easier things could be if instead of My Documents you could write My_Documents. Still looks like two words but it is only one. As long as you have control over the naming, you should follow this advise. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
Seema Patel wrote: Date: Thu, 1 Aug 2013 12:06:39 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx Seema Patel wrote: Hi, I am not sure if this is the right List to post this on, please advise if it isn't and let me know where is best to post. I am getting the following error on one of our applications running on our intranet: 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Servlet.service() for servlet action threw exception java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx.LOCAL at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187) at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150) at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287) at java.lang.Thread.run(Unknown Source) I believe that you should read this page carefully, in particular the blue text at the beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html Can you have a look at the WEB-INF/web.xml file *of your application*, and check if there is a servlet filter configured there, which matches the name above ? If so, make a backup copy of that web.xml file, and then edit it to remove that filter from it, and try again. I am not quite sure, but it looks possible to me that you have a duplicate authentication mechanism in use : one at the container (Tomcat) level, and one at the application level. And the one used at the application level is obsolete, unsupported, unmaintained etc.. I have found out that JCIFS is no longer supported, but it will take a lot of time, development and resources to update it to the recommended Jespa. In my web.xml file I have the following: filter filter-nameNtlmHttpFilter/filter-name filter-classjcifs.http.NtlmHttpFilter/filter-class !-- always needed for preauthentication / SMB signatures -- init-param param-namejcifs.smb.client.domain/param-name param-valuexxx/param-value /init-param !-- SMB message signing requires a valid existing login -- init-param param-namejcifs.smb.client.username/param-name param-valuexxx/param-value /init-param init-param param-namejcifs.smb.client.password/param-name param-valuexxx/param-value /init-param !-- Set the logging level -- init-param param-namejcifs.util.loglevel/param-name param-value3/param-value /init-param !-- allow non-IE browsers to use basic auth -- init-param param-namejcifs.http.insecureBasic/param-name param-valuetrue/param-value /init-param /filter filter filter-nameHRADGroupFilter/filter-name filter-classxxx.ADGroupFilter/filter-class init-param param-nameAllowedGroups/param-name param-valueG-HR,G-MIS/param-value /init-param /filter filter filter-nameSuggestionsGroupFilter/filter-name filter-classxxx.ADGroupFilter/filter-class init-param param-nameAllowedGroups/param-name param-valuexxx, xxx/param-value /init-param /filter filter-mapping filter-nameNtlmHttpFilter/filter-name url-pattern/suggestions/*/url-pattern /filter-mapping filter-mapping filter-nameSuggestionsGroupFilter/filter-name url-pattern/suggestions/*/url-pattern /filter-mapping filter-mapping filter-nameNtlmHttpFilter/filter-name url-pattern/xxx/*/url-pattern /filter-mapping
RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
Date: Thu, 1 Aug 2013 15:55:37 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx Seema Patel wrote: Date: Thu, 1 Aug 2013 12:06:39 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx Seema Patel wrote: Hi, I am not sure if this is the right List to post this on, please advise if it isn't and let me know where is best to post. I am getting the following error on one of our applications running on our intranet: 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Servlet.service() for servlet action threw exception java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx.LOCAL at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187) at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150) at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287) at java.lang.Thread.run(Unknown Source) I believe that you should read this page carefully, in particular the blue text at the beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html Can you have a look at the WEB-INF/web.xml file *of your application*, and check if there is a servlet filter configured there, which matches the name above ? If so, make a backup copy of that web.xml file, and then edit it to remove that filter from it, and try again. I am not quite sure, but it looks possible to me that you have a duplicate authentication mechanism in use : one at the container (Tomcat) level, and one at the application level. And the one used at the application level is obsolete, unsupported, unmaintained etc.. I have found out that JCIFS is no longer supported, but it will take a lot of time, development and resources to update it to the recommended Jespa. In my web.xml file I have the following: filter filter-nameNtlmHttpFilter/filter-name filter-classjcifs.http.NtlmHttpFilter/filter-class !-- always needed for preauthentication / SMB signatures -- init-param param-namejcifs.smb.client.domain/param-name param-valuexxx/param-value /init-param !-- SMB message signing requires a valid existing login -- init-param param-namejcifs.smb.client.username/param-name param-valuexxx/param-value /init-param init-param param-namejcifs.smb.client.password/param-name param-valuexxx/param-value /init-param !-- Set the logging level -- init-param param-namejcifs.util.loglevel/param-name param-value3/param-value /init-param !-- allow non-IE browsers to use basic auth -- init-param param-namejcifs.http.insecureBasic/param-name param-valuetrue/param-value /init-param /filter filter filter-nameHRADGroupFilter/filter-name filter-classxxx.ADGroupFilter/filter-class init-param param-nameAllowedGroups/param-name param-valueG-HR,G-MIS/param-value /init-param /filter filter filter-nameSuggestionsGroupFilter/filter-name filter-classxxx.ADGroupFilter/filter-class init-param param-nameAllowedGroups/param-name param-valuexxx,
GetRealPath Alternative for WAR Deployment
I've seen multiple postings online that state that when you deploy a WAR file rather than using an exploded WAR, then the request.getServletContext().getRealPath() method returns null. Due to a requirement by my team lead, I cannot deploy the application in any other fashion besides a precompiled WAR file (deploying a folder fixes this issue) and I was using the request.getServletContext().getRealPath() method so that I could get the version # of the WAR that I have deployed (ex: myWAR##001.war). Is there another way to get the version number? I also looked online to see if there was a way to get the docBase parameter from the context file, but all the postings for that said to use request.getServletContext().getRealPath(), which is returning null. Any guidance would be greatly appreciated. Thanks, Jeremy
Re: Using the bin/daemon.sh script on ubuntu.
Thanks for the great responses. @Ognjen: Yes, currently we also use the setenv.sh (because it will not be touched by an update). The *ln -s* Tipp is not bad. But the problem is, it stores the files in the folder (/opt/tomcat/logs). On our (AWS) installation we have limited space on /opt, therefore we attached an EBS volume to /var/, - otherwise we would get problems with the log files. Now it can grow above some GB. But because the log dirs are defined in the logging.properties (what get shipped and overridden by updates) we put this hack into our setenv.sh: sed -i 's/${catalina.base}\/logs/\/var\/log\/tomcat\//g' \/opt\/tomcat\/conf\/logging.properties This will replace the sting *${catalina.base}\/logs* with */var\/log\/tomcat * everytime setenv.sh is executed. Now we will never forget to touch the logging.properties after an update. But i still think it is not that elegant... Best Regards, Christian. 2013/7/30 Ognjen Blagojevic ognjen.d.blagoje...@gmail.com Christian, On 30.7.2013 11:58, Christian Schneider wrote: But what about: * set env. variables (maybe: catalina.sh?, /etc/profiles?) /etc/profiles is executed when you enter bash shell, so if Tomcat starts at boot time, it won't be able to access environment variables defined in /etc/profile. I set JAVA_HOME, CATALINA_BASE and CATALINA_HOME environment variables in /etc/init.d/tomcat (which is a copy of daemon.sh), but I guess there may be a better place to do that. This link [1] recommends to put environment variables in /etc/default/tomcat, and then to source them from /etc/init.d/tomcat. * adjust the heap size Create file $CATALINA_BASE/bin/setenv.sh: export CATALINA_OPTS='-Xms...m -Xmx...m' * logging to the right directory (like: /var/log/tomcat/...) Maybe something like: ln -s /var/log/tomcat $CATALINA_BASE/logs * specifying the User: tomcat User 'tomcat' is already specified in daemon.sh, though you may override that with $TOMCAT_USER environment variable. -Ognjen [1] http://unix.stackexchange.com/**questions/44370/how-to-make-** unix-service-see-environment-**variableshttp://unix.stackexchange.com/questions/44370/how-to-make-unix-service-see-environment-variables --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Do you know how to configure Tomcat in ipv6 ?
Hello to all, Please, could you help me about the following subject: How to configure Tomcat in ipv6 ? Thanks in advance. Best regards Olivier.
RE: Do you know how to configure Tomcat in ipv6 ?
In order to do what? Your question is too generic!! Kind regards Gilles Rubens Badouet Student ID: 3940347 Faculty of Engineering and Computing MSc Network Computing Course Mobile: 07424486426 From: olivier giorgi olivier_gio...@yahoo.fr Sent: 01 August 2013 17:17 To: users@tomcat.apache.org Subject: Do you know how to configure Tomcat in ipv6 ? Hello to all, Please, could you help me about the following subject: How to configure Tomcat in ipv6 ? Thanks in advance. Best regards Olivier. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Do you know how to configure Tomcat in ipv6 ?
-Original Message- From: olivier giorgi [mailto:olivier_gio...@yahoo.fr] Sent: Thursday, August 01, 2013 11:17 AM To: users@tomcat.apache.org Subject: Do you know how to configure Tomcat in ipv6 ? Hello to all, Please, could you help me about the following subject: How to configure Tomcat in ipv6 ? Thanks in advance. Best regards Olivier. Start here: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces.
Am 2013-08-01 15:41, schrieb Jeffrey Janner: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Wednesday, July 31, 2013 12:27 PM To: Tomcat Users List Subject: Re: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces. TRAN Trung Thanh wrote: Hi all, I am newbie here. Today, I tried to start apache tomcat 7.0.42 in Linux environment. Server path contains two consecutive spaces. When I run ./catalina.sh run, server cannot start and there is the following exception in console ./catalina.sh run Using CATALINA_BASE: /home/example/twoconsecutive spaces Using CATALINA_HOME: /home/example/twoconsecutive spaces Using CATALINA_TMPDIR: /home/example/twoconsecutive spaces/temp Using JRE_HOME:/home/example/java/jdk1.6 Using CLASSPATH: /home/example/twoconsecutive spaces/bin/bootstrap.jar:/home/example/twoconsecutive spaces/bin/tomcat-juli.jar Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/startup/Bootstrap Caused by: java.lang.ClassNotFoundException: org.apache.catalina.startup.Bootstrap at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:247) Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit. Tomcat server can start if server path does not contain consecutive space. Do anyone face to the same issue with me in this case? Have you any suggestion to fix this issue? Yes : don't do that (using spaces in paths). It is quite important for my deployment. That's a pity. Spaces in paths (and filenames) are evil, and should never have been allowed in the first place. A special place in hell is reserved for the genius who first allowed this stupid thing in an OS. I wish I had 0.1 cent for every programming hour lost because of this. Technically, you can certainly find the correct way to quote them in any particular place and environment. But usually, this is merely moving the problem to some other place further down the line, where it is even less visible and harder to find the bugs. I suppose the same could be said about any non-visible character, but spaces (along with TAB) are specially evil because in most environments, they are considered either as valid separators between words/tokens or as non- significant. My serious recommendation would be to think really hard about a way to nip this in the bud, and avoid allowing them and using them in the first place. Think that if you allow them somewhere, and even if you quote them correctly there, you will have to continue quoting them (appropriately) everywhere else that you are using the corresponding strings. It is almost guaranteed that this will bite you somewhere. Agree with everything Andre says here. Even under Windows, where the OS seems to handle it fine, as long as you're in the GUI, it is a problem. You have to remember to quote the path everytime you want to use it at the command line level, or in PowerShell, etc. It is really easier to remember that if you want the look of a space, but need a non-printable character, to just use the underbar. How much easier things could be if instead of My Documents you could write My_Documents. Still looks like two words but it is only one. As long as you have control over the naming, you should follow this advise. Jeff I guess for that reason Microsoft has replaced the C:\Documents and Settings folder. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GetRealPath Alternative for WAR Deployment
On 01/08/2013 17:45, Majors, Jeremy wrote: I've seen multiple postings online that state that when you deploy a WAR file rather than using an exploded WAR, then the request.getServletContext().getRealPath() method returns null. Due to a requirement by my team lead, I cannot deploy the application in any other fashion besides a precompiled WAR file (deploying a folder fixes this issue) and I was using the request.getServletContext().getRealPath() method so that I could get the version # of the WAR that I have deployed (ex: myWAR##001.war). Is there another way to get the version number? I also looked online to see if there was a way to get the docBase parameter from the context file, but all the postings for that said to use request.getServletContext().getRealPath(), which is returning null. Any guidance would be greatly appreciated. There are ways via Tomcat internals but they tend to get blocked in production environments. The simplest way is to add a version.properties file to WEB-INF/classes (kept up to date by your build script) with the information you need and access it via the class loader. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
From: Seema Patel [mailto:seema...@hotmail.com] Subject: RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx When upgrading Tomcat from version 5.5 to 7, would I need to upgrade to version 6 first and then to 7 or can I go straight from 5.5 to 7? Do it in one step - there's no point in doing it twice. The migration guide is here: http://tomcat.apache.org/migration.html It doesn't specifically cover going from 5.5 to 7.0, so read all the sections before proceeding. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GetRealPath Alternative for WAR Deployment
Thanks Mark. I ended up doing something similar (added a context parameter to the context files) which are being generated by the build process. Jeremy On 8/1/13 1:19 PM, Mark Thomas ma...@apache.org wrote: On 01/08/2013 17:45, Majors, Jeremy wrote: I've seen multiple postings online that state that when you deploy a WAR file rather than using an exploded WAR, then the request.getServletContext().getRealPath() method returns null. Due to a requirement by my team lead, I cannot deploy the application in any other fashion besides a precompiled WAR file (deploying a folder fixes this issue) and I was using the request.getServletContext().getRealPath() method so that I could get the version # of the WAR that I have deployed (ex: myWAR##001.war). Is there another way to get the version number? I also looked online to see if there was a way to get the docBase parameter from the context file, but all the postings for that said to use request.getServletContext().getRealPath(), which is returning null. Any guidance would be greatly appreciated. There are ways via Tomcat internals but they tend to get blocked in production environments. The simplest way is to add a version.properties file to WEB-INF/classes (kept up to date by your build script) with the information you need and access it via the class loader. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
javaagent is messing with webapp classpath
Hi, I have a javaagent that changes some specific classes of my project. But, when i start the server using the agent I get a lot of ClassNotFoundException for a lot of classes... Like ServletContextListener. When I don't use the javaagent argument everything goes fine. Does anyone have an idea? Thanks!!
Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx
On 8/1/2013 2:24 PM, Caldarale, Charles R wrote: From: Seema Patel [mailto:seema...@hotmail.com] Subject: RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx When upgrading Tomcat from version 5.5 to 7, would I need to upgrade to version 6 first and then to 7 or can I go straight from 5.5 to 7? Do it in one step - there's no point in doing it twice. The migration guide is here: Yep, it will just about twice as long to do it in two steps as it does to do it in one. Ask me how I know this... http://tomcat.apache.org/migration.html It doesn't specifically cover going from 5.5 to 7.0, so read all the sections before proceeding. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache Tomcat 8.0.0-RC1 release vote started
If you'd like early sight of Tomcat 8 and an opportunity to contribute to Tomcat development, the release vote has now opened for the first Tomcat 8 release candidate. Features include: - Servlet 3.1 implementation - JSP 2.3 impelementation - EL 3.0 implementation - WebSocket 1.0 implementation - Update to DBCP2 (now includes JMX monitoring) The more folks that can test this release candidate, the better the next one will be and the better the 8.0.0 release will be. This is your chance to ensure that your app works on Tomcat 8 and if it doesn't get any associated Tomcat bugs fixed early. Details are available on the vote thread on the dev list [1]. To be clear, this is not an official release. This is the vote that precedes the official release. If this vote passes then 8.0.0-RC1 will be released officially, added to the mirrors, linked from the download pages etc. Mark [1] http://markmail.org/message/feu2f3uqgjxauvkr - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
OT: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces.
-Original Message- From: Michael-O [mailto:1983-01...@gmx.net] Sent: Thursday, August 01, 2013 1:10 PM To: Tomcat Users List Subject: Re: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces. Am 2013-08-01 15:41, schrieb Jeffrey Janner: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Wednesday, July 31, 2013 12:27 PM To: Tomcat Users List Subject: Re: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces. TRAN Trung Thanh wrote: Hi all, I am newbie here. Today, I tried to start apache tomcat 7.0.42 in Linux environment. Server path contains two consecutive spaces. When I run ./catalina.sh run, server cannot start and there is the following exception in console ./catalina.sh run Using CATALINA_BASE: /home/example/twoconsecutive spaces Using CATALINA_HOME: /home/example/twoconsecutive spaces Using CATALINA_TMPDIR: /home/example/twoconsecutive spaces/temp Using JRE_HOME:/home/example/java/jdk1.6 Using CLASSPATH: /home/example/twoconsecutive spaces/bin/bootstrap.jar:/home/example/twoconsecutive spaces/bin/tomcat-juli.jar Exception in thread main java.lang.NoClassDefFoundError: org/apache/catalina/startup/Bootstrap Caused by: java.lang.ClassNotFoundException: org.apache.catalina.startup.Bootstrap at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:247) Could not find the main class: org.apache.catalina.startup.Bootstrap. Program will exit. Tomcat server can start if server path does not contain consecutive space. Do anyone face to the same issue with me in this case? Have you any suggestion to fix this issue? Yes : don't do that (using spaces in paths). It is quite important for my deployment. That's a pity. Spaces in paths (and filenames) are evil, and should never have been allowed in the first place. A special place in hell is reserved for the genius who first allowed this stupid thing in an OS. I wish I had 0.1 cent for every programming hour lost because of this. Technically, you can certainly find the correct way to quote them in any particular place and environment. But usually, this is merely moving the problem to some other place further down the line, where it is even less visible and harder to find the bugs. I suppose the same could be said about any non-visible character, but spaces (along with TAB) are specially evil because in most environments, they are considered either as valid separators between words/tokens or as non- significant. My serious recommendation would be to think really hard about a way to nip this in the bud, and avoid allowing them and using them in the first place. Think that if you allow them somewhere, and even if you quote them correctly there, you will have to continue quoting them (appropriately) everywhere else that you are using the corresponding strings. It is almost guaranteed that this will bite you somewhere. Agree with everything Andre says here. Even under Windows, where the OS seems to handle it fine, as long as you're in the GUI, it is a problem. You have to remember to quote the path everytime you want to use it at the command line level, or in PowerShell, etc. It is really easier to remember that if you want the look of a space, but need a non-printable character, to just use the underbar. How much easier things could be if instead of My Documents you could write My_Documents. Still looks like two words but it is only one. As long as you have control over the naming, you should follow this advise. Jeff I guess for that reason Microsoft has replaced the C:\Documents and Settings folder. Possibly, because it's now called C:\Users. Now if they'd only abandon that silly backslash file separator character... - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: javaagent is messing with webapp classpath
Hello, yes, your java agent is probably not well coded :-) regards Leon On Thu, Aug 1, 2013 at 8:33 PM, Alberto SOUZA alots@gmail.com wrote: Hi, I have a javaagent that changes some specific classes of my project. But, when i start the server using the agent I get a lot of ClassNotFoundException for a lot of classes... Like ServletContextListener. When I don't use the javaagent argument everything goes fine. Does anyone have an idea? Thanks!!
Re: Configuration question for 2500 simultaneous users.
Thanks Mark, I've been getting up to speed on JMeter. I've used selenium before. The particulars depend on your particular application - agreed. That part I can work out myself by looking at bottlenecks, generally timing areas of the application with more and more granularity, in places where the app behaves slowly. Best, Alec On Tue, Jul 30, 2013 at 6:17 PM, Mark Eggers its_toas...@yahoo.com wrote: On 7/30/2013 1:17 PM, Tomcat Random wrote: Thanks Mark, I will give it a close read. As far as profiling, are you using any tools that are worth mentioning? Nothing outstanding, since currently all of our applications are pretty lightweight. That may change if we redo the architecture. JMeter / Selenium in combination can generate a lot of traffic. Generate a selenium test script, export to JUnit, couple with HTMLUnit, and hammer away. There are several ways to watch what goes on with your application: JConsole VisualVM The Tomcat Wiki page has more: http://wiki.apache.org/tomcat/**FAQ/Monitoringhttp://wiki.apache.org/tomcat/FAQ/Monitoring For lighter weight profiling (usually to figure out where the application bottlenecks are), I run the project under NetBeans and instrument the project. Access logs are usually a good first source for generating JMeter tests. In general, people can only give you guidelines concerning sizing, profiling, and benchmarking. The particulars depend on your particular application. . . . . just my two cents. /mde/ PS - Please don't top post. Best, A On Tue, Jul 30, 2013 at 4:02 PM, Mark Eggers its_toas...@yahoo.com wrote: On 7/30/2013 12:42 PM, Tomcat Random wrote: The project I'm working on has 5000 simultaneous users average. I have two physical servers both running an instance of Tomcat 7.0. They're behind a physical load balancer with sticky, least connections balancing. Nothing in front of the Tomcats. Port 80 to is routed to them by iptables. Anyone out there willing to offer some tips (or point me to them) on configuration for this amount of traffic? Environment is: DELL PowerEdge R720 - 32 GB DELL RAM, GB Memory: 32 Single Socket Six Core Intel Xeon E5-2640 2.5GHz, #Processors: 1, #Cores per Proc: 6 RHEL 6 TIA, Alec A great overview, and a solid outline of the process you should follow: http://people.apache.org/~markt/presentations/2009-04-**http://people.apache.org/~**markt/presentations/2009-04-** 01-TomcatTuning.pdfhttp://**people.apache.org/~markt/** presentations/2009-04-01-**TomcatTuning.pdfhttp://people.apache.org/~markt/presentations/2009-04-01-TomcatTuning.pdf That, plus profiling your application with real-world traffic to understand bottlenecks and use cases . . . . . . just my two cents. /mde/ --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configuration question for 2500 simultaneous users.
Hey Chris, I'm expecting 5000 simultaneous users, with a physical load balancer to two physical app servers. So ~2500 per machine, each running an instance of tomcat not fronted by httpd or any proxy server. (i.e., using Tomcat to serve a few static assets along with the webapp). are you just interested in speculative performance tuning? That's correct - with just one user (myself) testing it everything is wonderful. I've just got that uneasy feeling the servers will explode when we flip over from our old host/codebase and get all the traffic. Best, Alec On Wed, Jul 31, 2013 at 11:09 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alec, On 7/30/13 3:42 PM, Tomcat Random wrote: The project I'm working on has 5000 simultaneous users average. I have two physical servers both running an instance of Tomcat 7.0. They're behind a physical load balancer with sticky, least connections balancing. Nothing in front of the Tomcats. Port 80 to is routed to them by iptables. Anyone out there willing to offer some tips (or point me to them) on configuration for this amount of traffic? Environment is: DELL PowerEdge R720 - 32 GB DELL RAM, GB Memory: 32 Single Socket Six Core Intel Xeon E5-2640 2.5GHz, #Processors: 1, #Cores per Proc: 6 RHEL 6 Are you experiencing any problems, or are you just interested in speculative performance tuning? Tomcat's default configuration is quite reasonable. How many simultaneous /connections/ do you expect? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJR+SisAAoJEBzwKT+lPKRYXfQP/AvnWo09Ucm7xSr4zIaQgVtX PP0Uw7EV0valZEXlVsdRBJY6fFn2m3e43zpC6dsZidflUzS5ITZ0R7S5JShNZnLJ LpBDf8KQG6OrHuNsZ7iLvuSXWHBOvLqdHvXvrRH4vcj5xleMtZzm4FA5GyG/bS4P wvSltjkUkOtcaXg4kf50iXKNXtMrZPPuTBgdZxT6uHuM3x8Ux2sLPAufJ06Rf+Wx N/uAyylthDlI367G3ZrBRuzP5nbrdKjZNKHpd3uHVq0TkO9QtGn3/baa7+6SeFfP M3KycT9yjbOiiKFcpFCZ9OdJDQpSOXZhjGQZckqsyqN5lD1FL2fppDj9uWUdOgPT A73Hsy2Bu+rzfw6QIf5okVLy1PzF7dRv8/moGwN5fsNDY5nX7ccWua245X1irCwv z0Hw3jQWtVUTnbFu8oR9cEYuly+Hv5oFoc94vQ78/an44pAJgP3FNWU9lv5oE4YR RCPrPElyb50KNNeCfu4SEBO/DVo1XJSMb6Xi6k70oehac3mmeNlqRQBOJ9/BfrA+ pwU1JY3Q5V+yXTaGyzv1gLDViFoj0kIPtlch/WH4sfsQeZvS0oI/ol6U3rtb8PdO eKIsnOzynud7KDkWf+LO+C+GCcrcqeBl2XFirt4pd227VV36jHZgx5Zf5Epf9v04 o4etXLrcpbB6wgGkWR5K =FKB4 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces.
Spaces in paths (and filenames) are evil, and should never have been allowed in the first place. A special place in hell is reserved for the genius who first allowed this stupid thing in an OS. Luled at this. The underscore is your friend. I find it odd that the OP can't just rename said directories, but who knows: there's always inheriting a lot of WTF's from an existing project that just leads to non-stop facepalming. On Wed, Jul 31, 2013 at 1:27 PM, André Warnier a...@ice-sa.com wrote: TRAN Trung Thanh wrote: Hi all, I am newbie here. Today, I tried to start apache tomcat 7.0.42 in Linux environment. Server path contains two consecutive spaces. When I run ./catalina.sh run, server cannot start and there is the following exception in console ./catalina.sh run Using CATALINA_BASE: /home/example/twoconsecutive spaces Using CATALINA_HOME: /home/example/twoconsecutive spaces Using CATALINA_TMPDIR: /home/example/twoconsecutive spaces/temp Using JRE_HOME:/home/example/java/jdk1.6 Using CLASSPATH: /home/example/twoconsecutive spaces/bin/bootstrap.jar:/**home/example/twoconsecutive spaces/bin/tomcat-juli.jar Exception in thread main java.lang.**NoClassDefFoundError: org/apache/catalina/startup/**Bootstrap Caused by: java.lang.**ClassNotFoundException: org.apache.catalina.startup.**Bootstrap at java.net.URLClassLoader$1.run(**URLClassLoader.java:202) at java.security.**AccessController.doPrivileged(**Native Method) at java.net.URLClassLoader.**findClass(URLClassLoader.java:**190) at java.lang.ClassLoader.**loadClass(ClassLoader.java:**306) at sun.misc.Launcher$**AppClassLoader.loadClass(**Launcher.java:301) at java.lang.ClassLoader.**loadClass(ClassLoader.java:**247) Could not find the main class: org.apache.catalina.startup.**Bootstrap. Program will exit. Tomcat server can start if server path does not contain consecutive space. Do anyone face to the same issue with me in this case? Have you any suggestion to fix this issue? Yes : don't do that (using spaces in paths). It is quite important for my deployment. That's a pity. Spaces in paths (and filenames) are evil, and should never have been allowed in the first place. A special place in hell is reserved for the genius who first allowed this stupid thing in an OS. I wish I had 0.1 cent for every programming hour lost because of this. Technically, you can certainly find the correct way to quote them in any particular place and environment. But usually, this is merely moving the problem to some other place further down the line, where it is even less visible and harder to find the bugs. I suppose the same could be said about any non-visible character, but spaces (along with TAB) are specially evil because in most environments, they are considered either as valid separators between words/tokens or as non-significant. My serious recommendation would be to think really hard about a way to nip this in the bud, and avoid allowing them and using them in the first place. Think that if you allow them somewhere, and even if you quote them correctly there, you will have to continue quoting them (appropriately) everywhere else that you are using the corresponding strings. It is almost guaranteed that this will bite you somewhere. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Clean up after building and installing ARP on RHEL 6
Spent a while getting APR installed and my logs are now showing no warning and indicate the native libraries are working. As per the docs: The libraries will be found in $CATALINA_HOME/lib - Yup, that's fine. But it seems like I have APR/native directories in several places now. Are the APR libraries in lib self-contained? Anyone know if other directories or files related to their build are safe to delete? Examples: /usr/bin/apr-1-config /usr/local/www/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-src/jni/native Would not be heartbroken if I had to wget the same files to rebuild. I'm sort of a neat freak with stray files and would rather rm them. Best, Alec
Re: javaagent is messing with webapp classpath
I see... even if i leave my agent empty? Because i did this test and, just with the presence of agent, tomcat got lost. And the same agent works fine in GlassFish(3 and 4) and Jboss(7 and 8). Right now, for some reason, my impression is that the agent is requesting that every class used for my application should be in agent jar. For example, if i have a ServletContextListener, tomcat is forcing the agent to have the jar bundled in the agent's jar. regards On Thu, Aug 1, 2013 at 7:05 PM, Leon Rosenberg rosenberg.l...@gmail.comwrote: Hello, yes, your java agent is probably not well coded :-) regards Leon On Thu, Aug 1, 2013 at 8:33 PM, Alberto SOUZA alots@gmail.com wrote: Hi, I have a javaagent that changes some specific classes of my project. But, when i start the server using the agent I get a lot of ClassNotFoundException for a lot of classes... Like ServletContextListener. When I don't use the javaagent argument everything goes fine. Does anyone have an idea? Thanks!!