Copy link to clipboard
Copied
I have several scheduled tasks set up through the CFAdmin that have been functioning without issue for awhile, until this week. Some of them have been in place for several years. I am now receiving a "connection failure" error on the html output page that a few of them generate. Weird thing is, the scheduler log shows them as running successfully, and I can run them manually fine.
I've searched everywhere I could think of and have found that most of the suggested resolutions do not work. Authentication is set to basic, and the username that the tasks use has full permission to the entire directory.
The only thing that changed recently was our SSL certificate expired, and one of the sys admins created new ones. We've run through a few tutorials on importing the cert into the correct libraries but this has also not worked.
Does anyone have ANY suggestions or ideas on what might be the issue here? I'm really at a total loss. Thanks for any help.
Copy link to clipboard
Copied
Try performing a CFHTTP call against your SSL site URL using the same CF server that you have your scheduled tasks on and dump the result. If you get a connection failure / peer not authenticated result than it sounds like the issue is with the new SSL cert not being imported correctly into the CF cert store. If you are still having issues with the import, try importing the new cert while using the same system login that CF uses (on windows boxes).
This is the process that we use:
Hope that helps!
- Michael
Copy link to clipboard
Copied
Thanks very much for the reply. I set up the CFHTTP call and get an error
msg that simply says "connection failure." However, I've run through the
steps to import the cert with one of the system admins here and it did not
solve the problem. Any other thoughts?
Copy link to clipboard
Copied
Have you dumped the entire CFHTTP scope after your CFHTTP call? Unlike the CFHTTP.filecontent variable which just contains the result of the post, the CFHTTP scope object created after a side-post contains a bunch of other helpful information, including headers, result codes, etc. If you haven't already, try doing a dump right after your CFHTTP call:
<cfdump var="#CFHTTP#">
you may get some more specifics about what might be causing the issue.
Copy link to clipboard
Copied
Yes I did that today:
Charset ErrorDetail I/O Exception: peer not authenticated
Filecontent Connection Failure Header
Mimetype Unable
to determine MIME type of file. Responseheader struct
Statuscode Connection
Failure. Status code unavailable. Text YES
We think we've narrowed it down to the actual name of the certificate, and
there being a mismatch with the "common name" on the cert. (I'm a
developer, not a sys admin, so I'm a bit foggy on all that) He is
researching the problem tonight and plans to try and re-create the cert with
the same name as the original. I'll post an update tomorrow with any
progress.
Copy link to clipboard
Copied
Do you have any suggestions on how to find out the keystore password? The server was setup up years ago. I just recently renewed the SSL Cert and now the scheduled tasks aren't working. I gone through many posts and this is the closest to what I'm experiencing. I just don't remember setting a keystore password. HELP!!!!
Copy link to clipboard
Copied
Hi QB,
The password is standard across all CF installations: changeit
Details can be found here:
http://kb2.adobe.com/cps/400/kb400977.html
Hope that helps!
Copy link to clipboard
Copied
Yes that helped -
Thank You!!!
I am back in business!
Danna
Copy link to clipboard
Copied
I assume you're using a system account to connect (as opposed to user) and you've checked that the password didn't change.
Copy link to clipboard
Copied
yes - the login credentials were all fine. I should have posted a reply to
this issue, but honestly didn't have the technical expertise to explain it.
We found out the problem was with our SSL cert that had been created in
house - but that's really the best I can explain. We called in a tech
services company that we deal with on occasion and they jumped on our system
and fixed the problem. I really never got a full explanation on what they
did though.
Copy link to clipboard
Copied
Recently upgraded to CF9 and ran into this same issue again. I ran through the ssl cert import as described in one of the replies to this original post, and the command line messages said it was successful, but apparently it was not. I used the Certman Admin extension to import the cert and the problem was solved.
Copy link to clipboard
Copied
Wow, this thread takes me back...
I should also mention that on occassion you may have to import not just the new certificate, but all the certificates in the trust chain up to the root. As time goes on, especially for older server instances, the likelyhood that certificate authorities in the chain have made changes that CF does not have in its keystore increase. We've encountered this issue a few times.