ColdFusion

For about several months we are trying to figure out a bug with Adobe. Support is telling me they are unable to reproduce the issue as always. The problem is that the DataDirect Driver for Microsoft SQL that Adobe delivers with ColdFusion 10 and 11 product seems to have a major memory leak.

Heap with Adobe / DataDirect MsSQL Driver

Very high and bad memory usage compared to Microsoft driver. Memory usage will grow over longer period of time until system goes out of memory. CPU usage will also grow extremely over time to 50% or more where a normal load is 5-10% when the service is restarted. This is one extreme example:

We tried to access a remote webservice from a partner and they updated their certificate a few days ago. This request fails with an very unhelpful error message in ColdFusion.

Symptom:

• ColdFusion CFHTTP is broken if you access a SSL site, but it worked in past.
• ColdFusion CFDUMP says Connection Failure with I/O Exception: peer not authenticated
• ColdFusion CFDUMP says I/O Exception: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.

Analysis:

Since intermediate certificates have been provided by the server it can only be the root level certificate. But there may exists other situations where the certificate chain my be incomplete and you get the same error. Verify this with SSLLabs or a certificate checker from a certificate authority very first. Be aware that they sometimes fail to show missing intermediate certificates.

Code for testing:

Symptom:

If you run ColdFusion in virtual machines under HyperV with dynamic memory enabled you may expierence that the ColdFusion services are not started after the server has booted up. The services are set to start automatically, but are failing to start at boot time with strange and unknown error messages in system event log. If you manually start them they fire up properly.

Application log

You may need to install updates via command line. This at least is a major requirement if you run ColdFusion in a locked down environment with limited permissions. In this case the ColdFusion instance runs with a specified windows user account that has very limited permissions on the local system. The user ColdFusion runs under will not be a member of Administrators group. In this case you are unable to run automatic updates via ColdFusion Administrator. The updates will silently fail and the update notification will just not get away in ColdFusion Administrator.

Analysis has shown that the update log has problem in renaming the coldfusion.exe file. This at least happens for Updater 12 if you had no other updates installed. It may be possible that the updates succeed, if this file is not going to be replaced. The root cause of this issue is that the ColdFusion Service user has no Administrator permissions and only Administrators can stop and start Windows services.

If you need to install ColdFusion on Windows you may have the need to create instances by command line script. I have found some Linux bash examples in the Adobe forums, but nobody shared any script for Windows and these Linux versions cannot used. I had the need to write this scripts for Windows Core installation that is a bit more challenging than a GUI based installation, but the many benefits of a core installation out-weight the required work. I'm sharing these script here and hope these is of help for you getting these annoying tasks automated.

You need to prepare yourself first to use the script. As first step you need to get the cfadminPassword and this requires some debugging.

You may experienced that ColdFusion (all versions) from time to times does not deliver all mails and moves some mails to Mail\Undelivr folder. These mails stay there and will never delivered. Normally this behavior is correct for emails with invalid email addresses, but in many many cases this happens only because ColdFusion temporarily cannot reach your mail gateway. The root cause here is ColdFusion that does not retry delivery properly like any other properly working email system.

Symtom:

After you have installed Adobe ColdFusion Enterprise and created a new instance you are not able to assign a IIS website to this created instance via Start > All Programs > Adobe > ColdFusion 10 > Web Server Configuration Tool. All sites are automatically assigned to the cfusion instance.

Solution:

Start the [Server Directory][Server Name]\runtime\bin\wsconfig.exe in the folder of the instance. This is normally C:\ColdFusion10\[my-instance-name]\runtime\bin\wsconfig.exe. If you add a new IIS Web Site it will be automatically assigned to this server instance.

History:

• 02/07/2013: Found this solution.

Symtom:

You are trying to install Adobe ColdFusion 10 Enterprise with instances and after the instance has been created you cannot start the instance.

Cause:

The main instance named cfusion has Allow Line Debugging enabled at the time when you created the new instance.

Workaround:

Uncheck Allow Line Debugging before creating a new instance and enable it afterwards in the newly created instance if required.

History:

• 02/07/2013: Found the workaround.

We tried to access a remote webservice from a partner and they updated their certificate a few days ago. This request fails with an very unhelpful error message in ColdFusion.

Symptom:

• ColdFusion CFHTTP is broken if you access a SSL site, but it worked in past.
• ColdFusion CFDUMP says Connection Failure with I/O Exception: peer not authenticated

Analysis:

The very first idea was - there must be something wrong with the top level certification authority like a missing root certificate in the cacerts store that has not been integrated with Java in past. The root level certificate has been imported manually, but the error was still there. As you may expierenced yourself, ColdFusion is always very unhelpful if it comes to SSL errors. If you need more detailed information you need to go on the Java level. Here is an example code snippet you can run: