Entries Tagged as “Administrator”

Troubleshooting ColdFusion Admin Login Issue

June 30, 2014 / Pavankumar

  Administrator | Adobe ColdFusion 10 | Adobe ColdFusion 11

We have seen some cases where the user is trying to login to ColdFusion administrator console and CF keeps throwing login page again and again even though user has provided valid credentials. We heard users tried doing something like password reset, restarting the server which even didn't helped solving the issue. So we were curious to find what causing this issue and will discuss some of the issues we came across that occur when attempting to log into the administrator console.

Before talking about some of these issues that we found we will see how ColdFusion admin login happens. During login the password entered in ColdFusion Administrator login console will be hashed using SHA-1 and then passed to the server for authentication. If the password entered is correct user will be able to successfully login to the admin console. The hashing related functions are present in sha1.js file which gets loaded when accessing CF admin console. Mostly the login issues occurs either the sha1.js file is not loaded or the browser is not executing any javascript. If either the SHA1.js file is not loaded or browser is not executing the javascript password will be transmitted in plain text (instead of hashed password) which results in login failure.

1) One instance where we have seen this issue because of IIS misconfiguration. IIS uses a default list of global MIME types to determine which types of content to serve. If a client requests a MIME type that is not defined on the Web server, IIS returns a 404 error. In this case IIS admin has created a specific web.config file for coldfusion site. If the coldfusion website specific IIS web.config file contains a duplicate mime type which is also present in the IIS global config mime type list it causes an error in IIS. There by IIS  blocks all the file extensions (Except cfm and cfc as they were mentioned in IIS handler mappings). Because of this issue sha1.js file didn't get loaded which in turn caused login failure. Removing/Commenting out the duplicate mime type from website specific web.config file resolves the issue.

For example:

Assume your website web.config file added additional mime types for file extensions .less and .ttf. 

The above config causes an error because .ttf is already present in the IIS global web.config file. Remove the mimemap for file extension .ttf to resolve the issue.

2) Another instance where user is unable to login to ColdFusion Admin console using Internet Explorer. If IE is running enhanced security mode javascript on the page won't be executed unless the website is added to the trusted sites list. 

To add the ColdFusion website to the trusted list 

By default coldfusion administrator can only be accessed from the list of IP addresses as specified in the Security -> Allowed IP Addresses section.

We will be keep updating this blog if we come across any other issues which prevents user from logging in to the admin console. Also, let us know if you have come across any admin login issues other than which are mentioned above. 

Besides the login issue make sure to mandate that ColdFusion administrator runs only on https as specified in lockdown guide. 

Links for ColdFusion lockdown guide

ColdFusion 11 lockdown guide ColdFusion 10 lockdown guide ColdFusion 9 lockdown guide

 


ColdFusion 11 Silent Installation Properties

June 23, 2014 / Krishna Reddy

  Administrator | Adobe ColdFusion | ColdFusion | ColdFusion 11 | General

Silent instllation properties are updated for ColdFusion 11.

You can download the properties file here

Create a new directory and place the installer and the properties files there.

Please make sure to update the usernames/passwords/and flip the different feature flags as per your requirement.

'cd' to the newly created directory where the installer and properties files are placed.

Command to run the silent installation from the terminal is(Change it as per the Installer name).

>ColdFusion_11_WWEJ_win64.exe -f silent.properties

Please make sure that the terminal/command propmt is opened with administartor/root privileges (Open cmd with Run as Administartor option).

Once initiated, installation process runs in the background. Once the installation is complete you can see a log file named Adobe_ColdFusion_11_Install* under the ColdFusion installation home directory.


ColdFusion 11 IIS Connector Tuning

May 22, 2014 / Anit Kumar Panda

  Performance | Administrator | Adobe ColdFusion 11 | Connector | General | Splendor | Tuning

Connector tuning is an essential part of setting up a ColdFusion server. There are various configurations in connector that needs to be tuned. Incorrect values may lead to “Service Unavailable” or “Server too busy”. In this blog, we will discuss how to handle such errors caused by incorrect tuning and how to tune the connectors for the site correctly.

The connector setting may vary from site to site. It is very important to configure the connectors for your application appropriately. This blog will include connector tuning parameters for IIS. During installation, user can choose to configure connector for “Individual Site” or “ALL” sites in IIS connector configuration.

Configure Web Server

After the installation, the user can launch the “Web Server Configuration tool” and has the availability to create the connector for “Individual Site” or “ALL” sites in IIS.

Add Web Server configuration

When connector is configured with individual sites, separate connector for each site will be placed under {CF-Home}/config/wsconfig/{some no}/. Similarly for “ALL” configuration the connector is configured at global level, which means the same connector binary will be used across multiple sites.

The three most important parameters will be discussed here and will help us to understand the role of the same:-

Re-use connections: - This setting determines the count of connections that can be re-used. When Tomcat connector makes a connection with Tomcat server, it does not closes the connection even after it finished serving the request. Instead it keeps the connection active, so that for the next request, the same connection can be re-used. This increases the performance by minimizing the overhead of creating new connection with tomcat server for every request. This settings needs to be tuned for connector configured with multiple sites. The max value for the re-use connection is determined based on the number of sites configured with same CF server and the load on each site.

The default re-use connection is 200.

Connection pool size: - This setting determines the maximum number of connections that can be created in the connection pool. When multiple requests arrive to the connector from IIS, connector creates new connections in the connection pool only if there are no free connections available in the pool. The connector will not create a new connection if connections reach the connection pool size limit. When connector is configured with “ALL” sites, the same connection pool will be used to serve the request for all sites. So the default value of the connection pool size, works well with the single site configuration, but fails to work well with “ALL” site configuration in some scenarios. Hence this value should be increased carefully based on the need and number of sites that are present within IIS.

The default connection pool size is same as, which is 200.

Connection pool timeout: - This setting determines the timeout value (in seconds) for idle connections in connection pool. This value must be in sync with the connectionTimeout attribute of your AJP connector in Tomcat's server.xml.

The default timeout for connection is indefinite, if not set in server.xml explicitly.

There are other parameters which CF connector inherits from Tomcat AJP connector. Please find the details of those settings from AJP documentation (http://tomcat.apache.org/connectors-doc/reference/workers.html)

The worker.properties is available at {CF-Home}/config/wsconfig/{some no}/ and the server.xml can be found at {CF-Home}/cfusion/runtime/conf/. Below are the changes required to tune the Site:-

There can be multiple use cases. Let us consider three most widely used scenarios:-

Use Case# 1: Connector created with “ALL” OR with “Individual” Site and single site in IIS

In an idle scenario, where the user has only one site (configured with ALL or individual connector) and not running under high load, the worker.properties, can look like this

worker.list=cfusion

worker.cfusion.type=ajp13

worker.cfusion.host=localhost

worker.cfusion.port=8012

worker.cfusion.max_reuse_connections=250

worker.cfusion.connection_pool_size=500

worker.cfusion.connection_pool_timeout=60

And server.xml should look like

<Connector port="8012" protocol="AJP/1.3" redirectPort="8445" tomcatAuthentication="false" maxThreads="500" connectionTimeout ="60000"> </Connector>

So, we added the connection_pool_size and connection_pool_timeout (in seconds) in the worker.properties. The corresponding connectionTimeout (in milliseconds) is added to server.xml along with maxThreads whose value is equivalent to the connection_pool_size in the worker.properties.

Use Case# 2: Connector created with “ALL” and multiple sites in IIS

Consider a scenario that the connector is created with “ALL” and there is only one site which is running under load. The default 200 re-use connections are utilized by site 1. Later on, the user adds another site in IIS.

Site 1 will make all 200 re-usable connections with ColdFusion and any request for new connection from site 2 will be ignored by ColdFusion. Hence it is required, to increase the re-use connection count to optimal value, so that site 2 does not starve for new connections. This can be achieved by configuring optimal value of max_reuse_connections count. Considering that the site 2 is not running under high load, 100 re-use connection will work. So the max_reuse_connections becomes 300 {200 (for site 1) + 100 (for site 2)}. But, it is a good practice, to start tuning the connection_pool_size first, and then the max_reuse_connections appropriately.

This case would require connection_pool_size=600, as max_reuse_connections= connection_pool_size / {no of site}. So, the worker.properties will look like this

worker.list=cfusion

worker.cfusion.type=ajp13

worker.cfusion.host=localhost

worker.cfusion.port=8012

worker.cfusion.max_reuse_connections=300

worker.cfusion.connection_pool_size=600

worker.cfusion.connection_pool_timeout=60

And server.xml should look like

<Connector port="8012" protocol="AJP/1.3" redirectPort="8445" tomcatAuthentication="false" maxThreads="600" connectionTimeout ="60000"> </Connector>

Note: The connectionTimeout is in milliseconds

Use Case# 3: Connector created with “Individual” site and multiple sites site in IIS

Consider a scenario that the individual connectors are created for each site. There are three sites - Site 1 is running under high load, site 2 and site 3 running are under low load. For all the sites, there are individual connectors. Now, ideally in this scenario, we should start tuning with the site running under high load first. We can disable the timeout for high traffic sites, if we are not sure for timeout. If not defined, the default timeout for connection is indefinite. To start with, don’t specify the re-use parameter. Set the connection_pool_size=500 and monitor the site. Gradually increase the value by 100 and likewise, till the site is stable. Say, at connection_pool_size=800, the site is stable. Now, set the max_reuse_connections=270 (connection_pool_size / {no of site} i.e. 800/3=270 approx)

Site 1

worker.list=cfusion

worker.cfusion.type=ajp13

worker.cfusion.host=localhost

worker.cfusion.port=8012

worker.cfusion.max_reuse_connections=270

worker.cfusion.connection_pool_size=800

worker.cfusion.connection_pool_timeout=60

Site 2 and site 3 are running under low traffic, but are bind to same ColdFusion instance (cfusion in this case). The below settings should be optimal:-

Site 2

worker.list=cfusion

worker.cfusion.type=ajp13

worker.cfusion.host=localhost

worker.cfusion.port=8012

worker.cfusion.max_reuse_connections=100

worker.cfusion.connection_pool_size=250

worker.cfusion.connection_pool_timeout=60

Site 3

worker.list=cfusion

worker.cfusion.type=ajp13

worker.cfusion.host=localhost

worker.cfusion.port=8012

worker.cfusion.max_reuse_connections=100

worker.cfusion.connection_pool_size=250

worker.cfusion.connection_pool_timeout=60

And server.xml should look like

<Connector port="8012" protocol="AJP/1.3" redirectPort="8445" tomcatAuthentication="false" maxThreads="1300" connectionTimeout ="60000"> </Connector>

Note: The connectionTimeout is in milliseconds and the maxThreads is the value equivalent to summation of all the connection_pool_size(s). So, in this case maxThreads=1300 {800 (for site 1) + 250 (for site 2) + 250 (for site 3)}.

Some key points to remember:-


ColdFusion case study: ITRX Corp.

November 04, 2013 / Rakshith Naresh

  Administrator | Adobe ColdFusion 10 | web application | web application development | web application security

One of the world’s leading open-source research websites was experiencing performance issues because increasing volumes of data were taxing the system’s available memory. To solve the problem, the Social Science Research Network (SSRN) called on ITX Corp., an IT solutions provider. ITX rebuilt the site using Adobe ColdFusion, which helped eliminate memory problems, cut development times through the reuse of modularized code, and streamline SSRN’s web technology infrastructure.

 

“Not only did the upgrade to 64-bit Adobe Cold Fusion help stop server crashes, it also helped reduce the number of servers SSRN needs to run its site,” says Fernando D’Agostino, lead architect at ITX. “Previously, SSRN had 14 servers. Now it has 8, which reduces costs associated with server purchases, maintenance, and support.”  http://adobe.ly/19XDRHf


Video : Community Week #3 - Handling misfires in Scheduled Tasks in ColdFusion 10

June 27, 2013 / Viny Nigam

  Administrator | Adobe ColdFusion | Adobe ColdFusion 10 | Application Server | ColdFusion | Scheduled Tasks





Reach out to us through comments on this blog,FB or Twitter if you want to contribute ColdFusion specific videos to our Community video series.

-Viny

 


Blue Mango Theme Design By Mark Aplet

Super Powered by Mango Blog