While working with the Fiorano platform, on certain occasions, you may encounter some unforeseen issues. Following are a few issues and their resolutions/workarounds, which help you work seamlessly.
- Fixing Apache log4j Vulnerability
- Setting the hostname
- Error while installing Fiorano Platform on the Linux OS
- Peer on Multi-homed machine
- Firewall Issues
- eStudio login issue
- File encoding issue
- Client Connections in Peer
- File Handles in Linux
- Problems when Non-ascii Chars used in build.properties
- JRE Problems
- HA Troubleshooting
- Handling "Client ID Already Exists" exception
- Issues while using SHA-2 certificates for Webservice Consumer
- eStudio multi-user installs
Fixing Apache log4j Vulnerability
There exists a vulnerability as part of the JNDILookup feature in the log4j library for Fiorano version 11 and above. This can be fixed by removing the JNDILookup feature from the log4j library. Install the Log4jVulnerability patch by following this section to fix the same.
Specification | Description |
---|---|
Applicable Versions | Fiorano 11 and above. |
Applicable Systems | All servers (both Primary and Secondary in case of HA) and eStudio. |
Server Restart required? | Yes |
eStudio Restart required? | Yes |
Can be applied without downtime in HA mode? | Yes |
Installing the Patch
- Go to the log4j folder at FIORANO_HOME/extlib.
Delete the jar file named "log4j-core-2.7.jar".
Figure 1: Removing the log4j-core-2.7 file from the log4j folderClick the following link to download the patch:
- Extract files in the Log4jVulnerability zip file and copy the folder named "Log4jVulnerability".
Figure 2: Copying the Log4jVulnerability folder from the extracted files - Paste the Log4jVulnerability folder at the location $FIORANO_HOME/patch.
Figure 3: Pasting the copied folder in the 'patch' folder Open the command prompt at $FIORANO_HOME/patch and use the following command:
- When prompted for the patch number, enter the number corresponding to the patch name - Log4jVulnerability.
The patch will be applied and necessary files to uninstall the patch will be created.
Uninstalling the Patch
Open the console in $FIORANO_HOME/patch directory and type the following command:
- When prompted for the patch number, enter the number corresponding to the patch name - Log4jVulnerability.
The patch will be uninstalled.
Setting the hostname
The types of errors encountered when the correct hostname is not set on the machine are:
While the error above can be seen on the console, if the user checks the esberr.log file of the peer server in runtime data, the following error can be seen:
For Linux
To edit the hosts file present in the etc folder, perform the actions below:
To open the /etc/hosts file, open the terminal, switch to superuser and use the command:
- In the hosts file that opens, locate the old hostname, which resembles one of the lines below:
- <ip_address> <your-old-hostname> <your-old-hostname>.<domain>
- <ip_address> <your-old-hostname>
- Replace the old hostname with the correct hostname and save the hosts file.
In the terminal, type the command:
To see if the hostname has been set properly, use the command:
For windows
The hosts file is present in C:\Windows\System32\Drivers\etc\hosts. To modify the file, perform the actions below:
- Do one of the following to execute the Run command:
- Go to Start > Run
- Press Windows key + R
Open the hosts file present at C:\Windows\System32\Drivers\etc in a notepad using the command:
- In the hosts file that opens, locate the old hostname which resembles one of the lines below:
- <ip_address> <your-old-hostname> <your-old-hostname>.<domain>
- <ip_address> <your-old-hostname>
Example - Replace the old hostname with the correct hostname.
- Save the file.
To change the computer name, if required, perform the actions below:
- Click on the Start button, right-click Computer, and then select the Properties option.
- Under the Computer name tab click the Change settings button.
- In the Computer description text field, type the correct hostname, and then click OK. If the computer is part of a domain, provide the name and password of an account that has the permission to rename the computer in the domain.
- Restart the system following the prompt.
After the system restarts, check the hostname,
Open the command prompt by going to Start > Run and Enter "cmd".
Check the hostname by executing the command:
Error while installing Fiorano Platform on the Linux OS
An error as below may be encountered while installing using the Linux bin installer:
To avoid this sort of error while installing, InstallShield requires the Unix bc utility.
Install the Unix bc utility package using the command below and then re-run the installer:
Peer on Multi-homed machine
If the Peer server is started on a multi-homed machine, and launching EventProcesses is takes considerable time throwing timeout exceptions, then configure the MQ address (working) for the peer as below:
- Open FPS profile in Fiorano eStudio.
- Navigate through to Fiorano > socketAcceptors > ConnectionManager
- Set the ServerAddress property to the desired IP Address.
Firewall Issues
If a host running the server has a firewall which only allows connections on some specific ports, the firewall will need to be modified to allow connections from other ports.
If the host running the server is a multi-homed host where creating routes or breakpoints is causing problems, check if the connect URL of the server connection factories point to the IP address which is firewalled/barred from accepting connections.
- If creating routes is causing issues, then:
- Login to eStudio > ConnectionManagement > FES
- Change connectURL of peer connection factories to the correct URL so they no longer point to a firewalled IP.
- If creating breakpoints is causing issues, then:
- Login to eStudio > ConnectionManagement > FES
- Change connectURL of PRIMARYQCF, SERVICEPROVIDERQCF, CF, TCF to the correct URL so they no longer point to a firewalled IP.
eStudio login issue
If login to a server on remote machine is extremely slow, check if the Windows firewall is ON in the eStudio machine and disable it.
File encoding issue
When working with locales other than English, set the encoding property while working with mappings.
Add the following in %FIORANO_HOME%/eStudio/eStudio.ini
- Navigate through to eStudio > Window > Preferences > Fiorano > SOA Orchestration > CPS Launch (Tab) > System Properties and add file.encoding as name and UTF-8 as Value.
Add file.encoding=UTF-8 at <java.system.props> in %FIORANO_HOME%/esb/fes/bin/fes.conf.
Add file.encoding=UTF-8 at <java.system.props> in %FIORANO_HOME%/esb/fps/bin/fps.conf.
Client Connections in Peer
If the following error occurs, then increase Client Connections within the Peer server:
- Open FPS profile in eStudio.
- Navigate through to Fiorano > socketAcceptors > ConnectionManager.
- Set the MaxClientConnectionsCount property to a value higher than 1024.
File Handles in Linux
If the following error is encountered, increase the system file handles:
Open the file limits.conf present at the location /etc/security and add the following lines at the end of the content:
- soft nofile <noOfFileHandles>
- hard nofile <noOfFileHandles>
Problems when Non-ascii Chars used in build.properties
If user is running CLI tools on Linux and the Applications/Services names contain non-ascii characters, the process may fail.
To resolve,
- Perform any one of the following
- either convert the file into unicode
- native2ascii build.properties > newbuild.properties
- reconvert into ISO8859-1
- iconv -f UTF-8 -t ISO8859-1 build.properties > newbuild.properties.
- either convert the file into unicode
- Use the new build.properties file for CLI tasks.
JRE Problems
If the following error is observed upon running the Fiorano servers when a JRE(at <JRE PATH>) other than the one shipped is used, use the corresponding JDK or copy the JDK's jre\bin\server folder to <JRE PATH>\bin\server directory.
HA Troubleshooting
SocketBindException says that the HA Port is already bound
This exception indicates that some other program that is running on the HA port or the last instance of the server is not properly killed.
Stop/kill the application which is holding up the port and start the server again or choose a different HA port. When is changed, there needs to be a change in the Backup Server configuration for the Backup Server port.None of the servers start
Both the servers are in WAITING state and the Primary Server is trying to connect to its Backup Server.
This exception indicates that the Backup Server IP and port numbers are wrong for both the server configurations.
Example: A Server console cannot connect to the Backup Server.
The figure below illustrates a situation where the server is not able to connect to the Backup Server. If it is already connected, then there is a problem with the configuration. The message prints the IP address and the port to which it is trying to connect to establish the HA channel.
Check if the Backup Server is running in the printed IP address and port.
Figure 4: Server unable to connect to the Backup Server
One of the HA Servers is switched into Active or Passive Sync and it hangs at that point, but the other server seems to be in a WAITING state for a long time trying to connect to the Backup Server.
This exception indicates that the configuration for the Backup Servers does not match the server still in the WAITING state, but the Backup Server still connects. This causes the Backup Server to hang indefinitely as it expects a Synchronization Complete Notification which never gets delivered.
Figure 5: The server hanging in one of the synchronization states
Both servers go to Standalone/Active state in replicated/shared mode if the network link between them is broken.
This can happen if the servers do not refer to the same LockFile.The server in replicated mode shuts down on boot up
This happens when the LockFile specified is not valid or the machine hosting the LockFile is not allowing the server to acquire a lock. Figure 3 illustrates the server shutting down on boot up.
Figure 6: The server shutting down on bootup
Handling "Client ID Already Exists" exception
This error can occur when the FES is force-closed when the breakpoints are in place or when the addition of a breakpoint fails due to some reason on a previous attempt. To resolve this scenario, the client corresponding to the previous connection needs to be removed. Follow the steps below and add the breakpoint again.
Identifying the Connection
- Login to the ESB Dashboard. Under the Server Status node, select the Enterprise Server and then Select Connections.
Check for PTP connections related to unclosed break points. The connection names will have the pattern <CLIENT_ID>,<Number> .
- Copy the ClientIDs.
Figure 7: Copying the ClientIDs
Closing Identified Connections
- Log into FES-JMX and navigate to the AdminService node.
Figure 8: Copying the ClientIDs - Right-click the AdminService node and click ViewOperations. The AdminService dialog box is displayed.
Figure 9: Viewing Operations - Choose the operation disconnectClient(clientID) and provide the clientIDs from the above section.
- Click the disconnectClient button. A value 'true' will be seen in the Result tab and the client will get disconnected.
Verify this by refreshing the dashboard list of connections found in the above section.
Issues while using SHA-2 certificates for Webservice Consumer
While using SHA-2 certificates for the Webservice Consumer component, there may be issues with keylength. To resolve/eliminate this issue, set the JAVA HOME path in runtime arguments of the component to JDK 1.8 (or higher versions) as a prerequisite.
Perform the following actions within eStudio to set the Java Home to JDK 1.8:
- Click the WebServiceConsumer component.
- In the component Properties, click the Runtime Arguments tab.
On the right side, click the Value cell against JAVA_HOME and provide the location where JDK 1.8 is saved.
Figure 10: Providing Java_Home
eStudio multi-user installs
In a Windows operating system with multiple users, when a user tries to launch eStudio installed in a different user in the system, eStudio may not get opened and displays a log message.
The log message gets saved at $Fiorano_Home\eStudio\configuration as in the figure below.
Figure 11: Error log in the "configuration" folder
Below is a screenshot of such an error log.
Figure 12: Error message in the Error log
Perform the following actions to resolve this issue:
- Open the eStudio ini file present at $Fiorano_Home\eStudio.
Figure 13: eStudio ini file Add the following line, preferably as the last line:
Figure 14: eStudio ini file with the line added to resolve the issue