NexJ Logo

Troubleshooting deployment issues

To diagnose server problems, enable the DEBUG log level. If necessary, enable the ALL log level to turn on all logging.

For WebSphere Application Server deployments, set the detail levels in the Integrated Solutions Console, Logging and Tracing/<server>/Diagnostic Trace Service/Change Log Detail Levels, for example, nexj.*=fine. The log level mapping to WebSphere is: FATAL->FATAL, ERROR→SEVERE, WARN->WARNING->, INFO->INFO, DEBUG->FINE, DUMP->FINEST. The log files can be found under %WAS_ROOT%\profiles\profile\logs. The NexJ log messages are under server\trace.log.

Problem: Silent single sign-on (SSO) does not work

Look for Native library INFO message, which can indicate an authentication library loading error.

If there are no library loading issues and the log file shows authentication handshake sequences, then an issue may occur with the account setup. Check the service principal registration with setspn -L, as well as the following:

  • The container service accounts
  • The user groups of the accounts that try to log in ("nexjuser")
  • Proper Kerberos principals as User.login values in the database

For more information, on configuring SSO, see Configuring single sign-on.

Problem: Silent single sign-on does not work for certain users on certain machines

Ensure that you have configured silent Single Sign-On (SSO) for all users.

For more information on configuring silent SSO, see Configuring user browsers for silent single sign-on.

Problem: Server cannot start due to nexjsa login failure

The system probably cannot find the system user.

Check if a Kerberos principal is needed for Single Sign-On or has been left in the database.

Problem: Server cannot start due to a port conflict

Make sure that the TCP ports have been configured properly in the registry, as described in the development environment setup guide.

Check if another instance of Tomcat is running and stop any Outlook and MSN IM client instances.

Problem: WebSphere cannot start due to invalid user registry settings

Configure the settings in %WAS_ROOT%\profiles\profile\config\cells\cell\security.xml.

If using WebSphere ND, it is sufficient to do this for the deployment manager profile only, and then synchronize the changes with all the nodes through the Integrated Solutions Console.

Problem: Cluster cannot receive application requests

Try the following actions:

  • Check the log files for correct joining of cluster members.
  • Verify the firewall settings.
  • Verify that the time is automatically synchronized within <1 sec between the nodes.
  • Make sure that the redirector is configured correctly, including its virtual directory authentication settings.
  • Enable the redirector debug log level. Use a network sniffer (e.g. Wireshark) to identify communication issues.

Problem: Random connectivity errors

Disable any superfluous network interfaces.

This problem is common on development laptops with simultaneous active wireless and LAN connections.

Problem: The server crashed and there are XA transaction recovery errors in the WebSphere log

Stop the server, then delete the directory %WAS_ROOT%\profiles\profile\tranlog\cell\node\server\transaction.

Problem: Oracle error "ORA-01000: maximum open cursors exceeded"

Check if the maximum cursor limit in the database is at least (RelationalDatabaseConnection.statementCacheSize + 10):

To check the value, run the following:

select value from v$parameter where name='open_cursors';

If not, set it as follows (assuming that statementCacheSize=1000):

alter system set open_cursors=1010 scope=both;


Problem: Errors related to encryption key size

Make sure that the NexJ Studio JRE and the application server JRE have matching encryption policy files.

Problem: Invalid certificate error: javax.net.ssl.SSLHandshakeException

If you receive this error: "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)", perform the following steps:

  1. Log on to OWA using http://<host>/exchange/<user>.
  2. An invalid certificate message will be shown.
  3. Click on the Invalid Certificate button and press View Certificate.
  4. Go to the Details tab.
  5. Select Copy to File at the bottom. The Export wizard will appear.
  6. Select the first option, DER -encoded binary.
  7. Save to C:\.
  8. Import the certificate that was saved in step 7 into the JRE certificate keystore in %JAVA_HOME%\jre\lib\security\cacerts. For WebSphere:

    %WAS_HOME%\java\jre\bin\keytool -import -trustcacerts -alias <server_name> -file
    <certificate.cer> -keystore <dir>\cacerts -storepass changeit

    Info

    <server_name> for the -alias parameter can be any arbitrary name used to reference this certificate from the cacerts file. <certificate.cer> should be the full path to the certificate file. <dir> is %WAS_HOME\java\jre\lib\security\cacerts for Websphere.


    Debug the certificate handling by specifying the system property javax.net.debug=true in the server Process Definition/JVM Custom Properties.

  9. Verify the import was successful by running the following command:

    keytool -list -alias <server_name> -keystore <dir>\cacerts -storepass changeit
  10. When using WebSphere, the certificate file must be added to websphere truststore using the WAS Admin Console.

  11. Restart the application server.

Problem: Errors related to busy or unavailable data sources

Increase the database connection pool size limit or improve the performance of long-running queries.

Errors might occur if the maximum connection pool size is too small or if queries take too long to process.

If you receive the error "Data source "<DataSourceName>" is temporarily unavailable. (err.persistence.unavailable)" or "Unable to allocate a resource in <QueryTimeout> ms due to reaching the maximum pool size of <MaxPoolSize>. (err.pool.resource.busy)", you can take the following steps to help prevent the error from occurring in the future:

  • Optimize long-running queries.
  • Increase the maximum database connection pool size. To do this:
  1. In NexJ Studio, open the environment file for your deployment.
  2. In the Data Source Connections tab, select Relational Database Connections, and click the Advanced subtab.
  3. In the Max Pool Size field, enter a greater value for the maximum number of available database connections.
  • Increase the maximum database connection pool size to the value given by the following calculation:

    (<Average Active Connection Count> / 60) * (<Average Processing Time> / 1000) * 1.1

To find the Average Active Connection Count and Average Processing Time values:

  1. In NexJ System Admin Console, navigate to the Statistics page.
  2. In the list in the Statistics area, expand the tree node for your NexJ application. For example, nexj.finance.
  3. Expand the node for the server whose maximum database connection pool size you want to increase. For example, node1.
  4. Expand the DataSource node.
  5. Expand the RelationalDatabase node.
  6. Expand the node for the database whose maximum connection pool size you want to increase. For example, DefaultRelationDatabase.
  7. Select the [default] node. The statistics for the node are displayed in the right pane.

Info

If you are running your application on a server cluster, you should perform the calculation for all nodes in the cluster, then use the average or maximum value as your connection pool size limit. The setting for the maximum database connection pool size in the environment file applies to all nodes in a cluster.