• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Scheduled task issue - connection failure - possibly certificate issue?

New Here ,
Apr 24, 2009 Apr 24, 2009

Copy link to clipboard

Copied

I have several scheduled tasks set up through the CFAdmin that have been functioning without issue for awhile, until this week.  Some of them have been in place for several years.  I am now receiving a "connection failure" error on the html output page that a few of them generate.  Weird thing is, the scheduler log shows them as running successfully, and I can run them manually fine.

I've searched everywhere I could think of and have found that most of the suggested resolutions do not work.  Authentication is set to basic, and the username that the tasks use has full permission to the entire directory.

The only thing that changed recently was our SSL certificate expired, and one of the sys admins created new ones.  We've run through a few tutorials on importing the cert into the correct libraries but this has also not worked.

Does anyone have ANY suggestions or ideas on what might be the issue here?  I'm really at a total loss.  Thanks for any help.

TOPICS
Advanced techniques , Server administration

Views

10.9K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 24, 2009 Apr 24, 2009

Copy link to clipboard

Copied

Try performing a CFHTTP call against your SSL site URL using the same CF server that you have your scheduled tasks on and dump the result.  If you get a connection failure / peer not authenticated result than it sounds like the issue is with the new SSL cert not being imported correctly into the CF cert store.  If you are still having issues with the import, try importing the new cert while using the same system login that CF uses (on windows boxes).

This is the process that we use:

  1. Go to a page on the SSL server.
  2. Double-click the lock icon.
  3. Click the Details tab.
  4. Click Copy To File.
  5. Select the base64 option and save the file.
  6. Copy the CER file into ColdfusionDir\runtime\jre\lib\security
  7. Run the following command from the same directory (keytool.exe is located in ColdfusionDir\runtime\jre\bin) ..\..\bin\keytool.exe -import -keystore cacerts -alias UniqueName -file filename.cer
  8. You may be prompted with a password, check with your CF administrator for the correct cert change password (this is not the same as the CF admin password)
  9. Restart Coldfusion

Hope that helps!

- Michael

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 27, 2009 Apr 27, 2009

Copy link to clipboard

Copied

Thanks very much for the reply. I set up the CFHTTP call and get an error

msg that simply says "connection failure." However, I've run through the

steps to import the cert with one of the system admins here and it did not

solve the problem. Any other thoughts?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Apr 27, 2009 Apr 27, 2009

Copy link to clipboard

Copied

Have you dumped the entire CFHTTP scope after your CFHTTP call?  Unlike the CFHTTP.filecontent variable which just contains the result of the post, the CFHTTP scope object created after a side-post contains a bunch of other helpful information, including headers, result codes, etc.  If you haven't already, try doing a dump right after your CFHTTP call:

<cfdump var="#CFHTTP#">

you may get some more specifics about what might be causing the issue.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 27, 2009 Apr 27, 2009

Copy link to clipboard

Copied

Yes I did that today:

Charset ErrorDetail I/O Exception: peer not authenticated

Filecontent Connection Failure Header

Mimetype Unable

to determine MIME type of file. Responseheader struct

Statuscode Connection

Failure. Status code unavailable. Text YES

We think we've narrowed it down to the actual name of the certificate, and

there being a mismatch with the "common name" on the cert. (I'm a

developer, not a sys admin, so I'm a bit foggy on all that) He is

researching the problem tonight and plans to try and re-create the cert with

the same name as the original. I'll post an update tomorrow with any

progress.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 04, 2009 Dec 04, 2009

Copy link to clipboard

Copied

Do you have any suggestions on how to find out the keystore password?  The server was setup up years ago.  I just recently renewed the SSL Cert and now the scheduled tasks aren't working.  I gone through many posts and this is the closest to what I'm experiencing.  I just don't remember setting a keystore password.  HELP!!!!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Dec 04, 2009 Dec 04, 2009

Copy link to clipboard

Copied

Hi QB,

The password is standard across all CF installations: changeit

Details can be found here:

http://kb2.adobe.com/cps/400/kb400977.html

Hope that helps!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 04, 2009 Dec 04, 2009

Copy link to clipboard

Copied

Yes that helped - 

Thank You!!!

I am back in business!

Danna

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jul 08, 2009 Jul 08, 2009

Copy link to clipboard

Copied

I assume you're using a system account to connect (as opposed to user) and you've checked that the password didn't change.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jul 08, 2009 Jul 08, 2009

Copy link to clipboard

Copied

yes - the login credentials were all fine. I should have posted a reply to

this issue, but honestly didn't have the technical expertise to explain it.

We found out the problem was with our SSL cert that had been created in

house - but that's really the best I can explain. We called in a tech

services company that we deal with on occasion and they jumped on our system

and fixed the problem. I really never got a full explanation on what they

did though.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 22, 2011 Jun 22, 2011

Copy link to clipboard

Copied

Recently upgraded to CF9 and ran into this same issue again. I ran through the ssl cert import as described in one of the replies to this original post, and the command line messages said it was successful, but apparently it was not. I used the Certman Admin extension to import the cert and the problem was solved.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Aug 26, 2011 Aug 26, 2011

Copy link to clipboard

Copied

LATEST

Wow, this thread takes me back...

I should also mention that on occassion you may have to import not just the new certificate, but all the certificates in the trust chain up to the root.  As time goes on, especially for older server instances, the likelyhood that certificate authorities in the chain have made changes that CF does not have in its keystore increase.  We've encountered this issue a few times.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation