[Looking for Charlie's main web site?]

CF911: Solving problem in ColdFusion Admin getting "error accessing this page" on certain actions

Here's a real CF911 challenge (and solution): You may find that when using the CF Admin, especially in CF10 but it can happen in CF 9 or 8 depending on security hotfixes applied, when performing certain Admin operations (like making a change, or verifying datasources, or checking for server updates) you get an error:

"There was an error accessing this page. Check logs for more details."

And your operation fails. You're then prompted to "Click here to login", but even if you back up or client another link, you'll be prompted with the CF Admin login.

What gives? Why is it happening? And how can you fix things? Is CF broken? No, not in the sense that you need to reinstall or anything. The good news is that there is a quite simple solution. Well, there are several, depending on your goals.

The simple solution: delete the duplicate cfid/cftoken or jsessionid cookies that you will find your browser is sending to CF. But there is much more to this, as well as other solutions, which would be worth most readers taking a few minutes to read on here.

BTW, the same root problem can be the cause of your own application's users finding that they can't stay logged in. More on that in a moment.

[....Continue Reading....]

Applying hotfixes to ColdFusion 9 and earlier? A guide to getting it right

I realize that title may seem anachronistic. Why talk about hotfixes in CF9 and earlier, in 2014, indeed as CF11/Splendor is in beta? But I'll tell you that I still help people daily who are still on those older releases, and often they have problems that may have long since been solved by a hotfix or a cumulative hotfix they never applied--or may be caused by misapplication of such hotfixes.

Of course, in CF10 it's easier now because of the built-in "server updates" feature of the CF Admin. But in earlier releases, it was all on you to both keep up on the updates and to apply them manually. And a lot of people either never bothered, or may have tried and failed, or did it but got it wrong.

What you need to know

So in this blog entry, I some key info that will help you, if you may be in need of applying one or more of those updates to CF9 and earlier. Indeed, I'll point to some past entries I've done where I shared a lot more detail that I find is vital and rarely mentioned when some people try to share just the bare minimum of info (often leaving people hanging).

For instance, I'll help you answer such questions as what hotfixes do you already have applied? How do you find out? And you need to know exactly what version of CF you have, whether 9.0/9.0.1/9.0.2, 8.0/8.0.1, 7.0/7.0.1/7.0.2, and so on. I'll explain how to tell and why that's important, and especially when it comes to finding and applying hotfixes. And if you have applied hotfixes, are you sure you have done it right? It's easy to get things wrong and botch things. I'll help you avoid several very common mistakes.

(That's why it's so great that CF10 finally handles things for us. But this entry, focused on 9 and earlier, is not the place to discuss concerns with the CF10 hotfix mechanism. If you have questions or concerns about that, see the substantial CF10 Hotfix Installation Guide from Adobe, a 50-question FAQ on all things related to that feature.)

I'll also point you to where to find hotfixes and installers for CF9 and earlier (not as easy as it may seem), and still more.

If any of that's of interest, and I hope it is if you're on CF9 or earlier, then read on.

[....Continue Reading....]

An interesting solution to problems with ColdFusion 10 and IIS 404 handlers

There was an interesting solution proposed today on the Adobe forums, to address a problem some folks are having with CF10, where they find problems using an IIS 404 error handlers set to pass to a CF page. I found it helped with one of my consulting clients, so I wanted to share the news with others readers here who may benefit.

[....Continue Reading....]

CF911: Why/when you MUST update the web server connector for ColdFusion 10/11 and may have missed it

Have you installed CF10 (or 11) and found that you still have problems with it running right, even when you have "fully updated" CF10? In this blog entry, I explain how it may NOT be that "CF 10 is broken" but rather that you may have missed an important step when updating it.

In brief, a VERY common problem is that while people MAY WELL apply the provided "updates" (11 so far), they often do NOT notice that they may have to (and generally must) update the web server "connector" (if they are using an external web server, like IIS or Apache) as a separate manual step, after applying the update. I'll explain what that means, how do to it, and why you may miss that you need to.

[Update While I wrote this in 2013 for CF10, the same applies to CF11 and some of its udpates, which also call for a rebuild of the web server connector.

I'll also explain how to easily tell if you have done the update or not, so you know whether all this applies to you. I'm betting it does.

Indeed, getting the web server connector updated is the solution to a majority of problems I see people have, when they feel that problems are tied solely to a recent move to ColdFusion 10. Read on to learn much more.

[....Continue Reading....]

Tracking ColdFusion sessions within FusionReactor, by way of FREC logging

Someone asked on the FusionReactor mailing list (a Google Group) whether FusionReactor tracked CF sessions. I started to write a reply, with the good news/bad news in answer to that, and as sometimes happens, it became long enough that I thought it might be better suited as a blog entry that I could point to from the list instead, and which may also help those not on the list (which is a great resource, as a low-volume list with a high signal to noise ratio.)

Anyway, here is the answer I wanted to offer to that question...

[....Continue Reading....]

Could CF image processing be killing your ColdFusion server? Explanation and solutions.

Are you having slow ColdFusion pages and wondering what may be the cause? There can of course be many root causes, but a common one that I'm finding lately as I help people is due to using certain of CF's image processing features, especially resizing such as to create thumbnails after a file is uploaded (or when many files are uploaded).

Such folks may be using the CFIMAGE action="resize" tag, or the imageResize() or ImageScaleToFit() functions to do resizing. (Or they may be also processing images using ImageRotate, ImageShear, or ImageTranslate, though the defaults for those are not problematic like the resize/scale tag/function processing).

The "problem" (if this is the cause of a slow page) is due to a default "interpolation" setting for CFIMAGE resizing, imageResize, and ImageScaletoFit. The default may not perform well at all. The good news is that the value is configurable, and you can test to compare quality/performance of difference values, as will explained below. There are still some other things to consider also. (If you're currently using CFIMAGE to do resizing, jump to the last section of this entry to see an example of code switching from the "slow" approach to the faster one. But really, you ought to read the rest of this entry to understand what's being proposed.)

While I offer all the info here for your consideration, if you need help implementing the solution, or better understanding how to find and resolve these or other problems affecting your CF server performance, see more on my CF server troubleshooting consulting services.

[....Continue Reading....]

Applying CF security hotfixes: do it from oldest to newest (depending!)

If you may be applying several security hotfixes to a new implementation of CF (or one where none have been applied before), you may wonder if there's any significance to applying them in either chronological order (newest to oldest, or oldest to newest). The technotes don't really clarify this.

Update: Great news. It turns out that just days before I wrote this entry in late 2011, Adobe had in fact addressed and resolved this problem (quietly, I'd say) by making security fixes written from Dec 2011 (apsb11-29) on now have 2 sets of steps, one for if you HAD applied the security hotfix previous to it, and one for if you HAD NOT. And this has proven to be the case for the next few, as I write this update in late 2012. So we can now consider them effectively "cumulative", for those from Dec 2011, on. You need only focus on the latest, and follow either of its 2 provided sets of steps.

That said, I'm not 100% sure if all those from Dec 2011 include all ones prior to that. Has anyone tested things to know?

I'll leave the rest of the note below here for posterity, but stricken out.

[....Continue Reading....]

CF911: Are you finding performance problems with CFDOCUMENT? Aware of the important LOCALURL attr.?

This is something that I find nearly no one has talked about, as a problem and solution. Did you know that by default, a single request doing a CFDOCUMENT may cause CF to execute several additional requests, each doing a CFHTTP to grab any images on the page? even if the images could be found locally on the server? This can be quite tragic.

The good news is that the problem can be solved using the simple LOCALURL attribute. The bad news is that you have to do it at all, and that if you don't do it, it can have such unfortunate and unexpected impact. (And just as bad, again, is that hardly anyone has talked about it.) This entry will elaborate on the issue (and a couple of other possible CFDocument performance issues, as a bonus.)

I've been meaning to write about the importance of this problem and solution (the LocalURL attribute) for a long time (it came out in CF8). Often when I'm helping people with CF troubleshooting problems, whether on mailing lists or in my consulting services, I've been able to show that long-running requests (or an unexpectedly excessive number of requests) were sometimes due to this very problem.

Basics of the LocalURL attribute

[....Continue Reading....]

CF911: Have you updated your ColdFusion JVM to _24 yet? Important security fix for CF 8/9

This isn't new info, but you may have missed it. If you're running CF 8 or 9, did you know you can and should update the JVM that came with it? And that you have Adobe's blessing to do this update? This is because of a serious bug in the JVM that is not fixed until 1.6.0_24.

Both CF 9.0 and 9.01 run on older JVMs (and therefore need this update). And are you on CF8? You're not left out: Adobe even has confirmed this update can be applied to CF 8 and 8.01, too!

Update 1: Since I wrote this blog entry in Oct 2011, Adobe has since come out with a new technote in Oct 2012 saying that you are now permitted to update to any version of Java 1.6 (for CF 8/9/10).
Update 2: Since posting this note, I've realized I should document an important fact to be aware of if you DO update the JVM: after doing so, it may seem that changes you made to allow CFHTTP calls to SSL pages (or other tags in CFML that talk via SSL or TLS) may "seem to have been lost". The issue is likely that you had modified your current CF setup to import specific certificates for such sites, but those changes are "lost" when you change the JVM that CF is now using (which has its own keystore). But these cert changes can be recovered. For more on that, see the next to last section below.
Update 3: In Feb 2013, Adobe did come out with an update that authorizes moving to Java 1.7 in either 9 or 10. You must apply the update first, though. More in this Adobe blog entry.

Old news, but not everyone knows

[....Continue Reading....]

I'll be presenting at RIAcon next weekend: "CF911 ColdFusion Performance Report 2011"

I'm delighted to announce that I'll be presenting at next week's RIAcon conference in the DC area, August 6-7 2011.

My session will be "CF911 ColdFusion Performance Report 2011", a new talk/concept I've created. Here's the description:

Starting a new tradition, veteran CF troubleshooter Charlie Arehart will present a review of the performance aspects of making various choices when working with ColdFusion, especially in recent version(s) of ColdFusion. Leveraging the important value of real load testing (as opposed to the less accurate conclusions from "large loop" testing), Charlie's annual report will help attendees appreciate the performance-related improvements of new/changed features, as well some older features where choices can make an important impact. Depending on the timing of the release of "CF next", the session may cover its new features, but it will certainly cover some things new in CF 9 and 9.0.1.

As I note there, I hope this may become an annual event which I might present at this and/or other conferences. (It's an idea rooted in a similar presentation made by a former colleague, from my first IT career from 1982-1997, where he presented the annual "Jim Damon model 204 Performance Report".)

About RIACon

As for RIAcon, I hope you're considering it. Phil Nacelli and the folks at AboutWeb have been working hard to put together the conference, which in some minds is kind of picking up where CFUnited left off. It will be a more intimate event, much like CFunited was when it first started.

Indeed, some will recognize that the location for RIAcon is across the street from one of the hotels where CFunited was held in its early years, right next to the Twinbrook Metro station in Rockville, MD.

A Personal Connection to the Hotel Location

Even more of a delight for me personally is that the hotel (The Legacy Hotel) is right on the land that was once the location of Congressional Roller Skating Rink (until the late 70's), where my sister and I (and many friends) spent our teen years pretty much whenever we weren't in school. Yep, I was a skating nerd: dance, figures, freestyle, and more. Here's incriminating evidence!

When problems are not due to CF, but may be in the web server (and a hat-tip to IIS 7)

Sometimes, CF problems are not really CF problems. Here's a little vignette from a recent consulting engagement (where I provide fast, on-demand CF troubleshooting services).

The challenge

I had a customer contact me recently because their server was performing poorly. They were experiencing significant latency on many requests. They were inclined to think they needed to change something in their application or SQL (as most presume when things go amiss).

I helped them determine ultimately that the problem was not CF at all, but instead something amiss in their web server, in this case Apache. (Before any Apache defenders come at me, please: I'm not "hatin' on Apache", just reporting what we observed. Do keep reading for more details.)

I asked if they'd considered at least trying IIS to confirm if it might work better for this challenge, but they preferred the file-based configurability of Apache. While I noted that IIS had gotten better in recent years in that regard, they preferred to bring in some experienced Apache guys to sort things out. (I don't claim any particular expertise with Apache, and I'm not at all averse to letting a customer know when they may need to have someone else help with certain problems.)

The customer's first attempt at resolution

[....Continue Reading....]

cf.Objective(): I'll be there, and I'll be busy with 4 sessions

I've gotten word from the folks running the cf.Objective() conference that besides the 2 talks I'm giving, they've also recently accepted my proposals for a BOF (birds of a feather) session and a slot in their lightning talk session. Phew! I'll be busy.

Here are the details.

First are the two talks:

(I had put in just the first talk originally, and then a few weeks ago a slot opened and they asked if I could do the other, which I was happy to offer, as an reprisal/update to my talk from the first release.)

Then for the Lightning Round (or what was originally referred to as the Pecha Kucha), my talk will be:

  • Lies, damned lies, and CF request timeouts (in which I'll share in 5 minutes some information that even experienced developers admit having never known)

Finally, for the Birds of a Feather (no page on their site listing them yet), the session I will be leading will be:

  • CF911: Share your CF server troubleshooting tips (come share some ideas, or learn from myself and others)

Sense a theme? Yep, other than the CFBuilder talk, the other sessions are all focused on the topic that is now most near and dear to my heart (and livelihood): CF Server Troubleshooting. It's what I do, and more important it's how I feel I can best help the most people.

There's one last aspect of my involvement at the conference that I'll mention: they started a new sponsorship program this year called "Friends of cf.Objective()", and I'll be participating in that. No mention of it yet on their site, but there should be more news at the event.

So hope to see you there, or if you won't be there, I'll post if any of these are recorded, or if not then I would likely record them myself in the future.

CF911: Looking for info on handling IIS 7 integration in CF9 Updater 1? Not in the docs

Are you looking for info on the change in handling of IIS 7 integration as of CF9 Updater 1? Sadly, it's not in the primary docs you may think to look at. There's also another gotcha that I will explain in a follow-up entry.

What's changed about IIS 7 support in 9.01?

Some folks will know that ColdFusion 9 Updater 1 (9.0.1) has finally added full support for IIS 7, without need to rely upon enabling IIS 6 Compatibility (which IS still required for CF 9.0, 8.0, and 8.0.1). This is indeed great news, whether you're running on Vista, Windows 7, or Windows Server 2008, which all have IIS 7 by default, and for which you can enable IIS 6 Compatibility mode, but it's not on by default and not always straightforward to enable.

So bottom line, if you're on 9.0.1, you no longer need to go through the hoops described in the CF9 Admin/Install docs (nor in helpful blog entries like here and here, though those are still great for those running on CF 9.0 and 8, and may even offer tips of value to anyone setting up CF to run on IIS, which has other challenges on Server 2008.)

Gotcha 1: The IIS 7 Compatibility change is NOT documented where expected

Sadly, though, if you go looking for help on this in the CF docs, such as Chapter 6 of the manual, Installing ColdFusion 9, you will find that it has NOT been updated with the info that is new in the updater.

It opens, "If you are configuring IIS 7 ... ensure that you have the options IIS Metabase and IIS 6 configuration compatibility ... and ISAPI Extensions ... selected".

What a shame.

Solution 1: Where the change IS documented

So with respect to change in 9.0.1, where you no longer need to enable IIS 6 compatibility, the details are covered instead in the installation guide that was created just for installing CF9 updater 1 itself, called "Installing the Coldfusion 9 Update", available online at:

http://www.adobe.com/support/documentation/en/coldfusion/901/cf901install.pdf

It's certainly reasonable to expect that the primary install manual would have been updated with the info above.

But that's why I'm pointing this out. I have also added a comment explaining it on the page pointed to in the first link above. Hope that may help someone.

(The same info is also offered as a chapter in the manual, "ColdFusion 9 Updater 1: New Feature Notes", available at http://www.adobe.com/support/documentation/en/coldfusion/901/cf901features.pdf, which is of course very interesting if you may have missed it.)

I'll explain the second gotcha in a follow-up blog entry.

Did you know there's a "request execution limit" on IIS? It's 3, 10, 25, or unlimited, depending...

Did you know there's a "request execution limit" on IIS? It's 3, 10, or unlimited, depending on the version of Windows (Vista, 7, 2008) and edition (such as Starter/Home/Basic/Pro/Server).

I'll detail the limits per version/edition below.

I'll also offer a (possibly surprising) workaround that can allow you to get even more requests through IIS, even for a single web site.

(Before I elaborate on that, note that there is a separate issue if you're finding that CF doesn't let you see more than 25 requests at once. That's instead due to a setting in CF/JRun, the maxworkerthreads setting. For more on that, see this blog entry.)

That said, this is a problem which could affect anyone regardless of the app server they may be running behind IIS. (And yes, I do realize that for some, the answer to this problem will be, "see, that's another reason to run Apache." We get that. Let's just focus on this problem for those who choose/have to remain on IIS.)

[....Continue Reading....]

CFMyths: "If/when I apply Cumulative Hotfixes, I need apply only the latest CHF, right?"

This is the second post in my planned CFMyths series. In the first, I addressed the myth that "When I download CF to install it from scratch, it has the latest fixes/updaters".

Here's the next, related, myth:

True or False: "If/when I apply Cumulative Hotfixes, I need apply only the latest CHF, right?"

For instance, let's say you're currently running CF 9 update 1 or CF 8.0.1 and discover (perhaps due to my last blog entry) that you had never applied any of their associated CHFs. It would seem you should just be able to apply the latest CHF and not bother with anything related to the previous ones, right?

Answer: Well, yes and no.

[....Continue Reading....]

CFMyths: "When I download CF to install it from scratch, it has the latest fixes/updaters"

Today I'm starting a new series on CFMyths, some common misconceptions that I find myself often helping correct on lists/forums or with my troubleshooting customers.

First myth up for consideration:

True or false: "If/when I download CF to install it from scratch, the installer has all the latest fixes (updaters, at least)"

Answer: False (generally). For instance, if you download CF9 today (Dec 2010), you still get CF 9.0, released originally in Oct 2009. You don't get the latest updater (9.0.1 as of this writing, released July 2010), though its existence is at least mentioned on the page, nor of course does it then include any hotfixes or cumulative hotfixes.

Why not, you may wonder? I'll explain more in a moment, along with more about hotfixes and updaters as concepts (and where to find them specifically, for each CF release).

[....Continue Reading....]

CF911: Lies, damned lies, and when memory problems not be at all what they seem, Part 1

Following on my earlier entry, CF911: Lies, Damned Lies, and CF Request Timeouts...What You May Not Realize, another common source of confusion and misunderstanding for people is when they think their server is "running out of memory", when in fact the problem is often not at all what they think. In this entry, I want to apply the same "cranky" tone :-) and extended explanation to this equally controversial/confusing topic.

I hear people raise concerns with memory problems quite often, whether in my CF Server Troubleshooting practice, or just in my participating in many mailing lists. Indeed, addressing this issue more than a few times the past couple of weeks has motivated me to create this, which will be a series of blog entries.

The series parts are expected to be:

  • Step 1: Determine if indeed you are getting "outofmemory" errors (this entry)
  • Step 2: Realize that OutOfMemory does not necessarily mean "out of heap" (entry to come)
  • Step 3: Diagnose why you really are running out of heap (if you are) (entry to come)
  • Step 4: Realize that having high memory usage is not necessarily a problem (entry to come)

Common refrains about memory issues

[....Continue Reading....]

CF911: How to control the size of CF's -out.logs

As a CF user or administrator running CF 6-9 on Windows, have you ever wondered how to increase the size of the console logs (-out log files in the [cf]\runtime\logs directory, or [jrun]\logs in Multiserver)? This entry will tell you how. It's quite easy to do, but it's not done using usual log file size control settings in CF's Admin or XML files.

The quick answer is to use either of two approaches: either the jrunsvc.exe in CF's runtime\bin (or [jrun]\bin), or do a manual registry tweak, both of which I show below.

BTW, if you don't know what CF's -out*.log files are about (they're important!), they're technically holding the console output for CF, when it's started as a Windows service. This can be vital information that is NOT logged in the normal [cf]\logs directory or Admin Log Files display. (If you start CF from the command line, then the same info is written to the command line instead and not to the log file.)

(If you're on *nix, pretty much the same info appears instead in the [cf]/logs/cfserver.log. I know some people have wondered about controlling the size of that file. What I discuss here applies only to Windows.)

Background on the sizing of the -out*.log files

[....Continue Reading....]

CF911: Lies, Damned Lies, and CF Request Timeouts...What You May Not Realize

How often have you seen (or seen others complain of getting) a a CF page running longer than it's supposed to (perhaps in the CF server monitor, or FusionReactor or SeeFusion). Maybe you've set the CF Admin "request timeout" to 60 seconds, and you see a request running for 3 minutes, 3 hours, or 3 days! How can that happen?

Or perhaps you've seen this error from ColdFusion, in your logs or on-screen:

The request has exceeded the allowable time limit Tag: cfoutput

Do you know what this means? It's usually not what you think. I've even seen experienced CF developers who get thrown by this challenge. In this entry I'll try to help explain a very common problem and correct some misconceptions. I'll even contend that this info is often useless and indeed misleading (and therefore the feature producing it ought not be relied upon, and should even be turned off). Along the way, I'll share some things that I've not seen documented elsewhere.

Strap on your seatbelts. We're going for a bit of a ride (if it was easy and could be understood in the length of a tweet, then perhaps everyone would already understand it!) As always, I welcome feedback.

[....Continue Reading....]

How do I love FusionReactor? Let me count the ways (6 minute interview video)

The folks behind FusionReactor have started a YouTube video channel and they recently posted a 6-minute interview with me that we did at CFUnited. In it, they ask and I recount the reasons I appreciate and recommend it. Check out the video, embedded also below.

FusionReactor is one of the leading CF Server Monitor tools, which works not only with CF 6/7/8/9, either Standard or Enterprise, but it also works with Railo, Open BlueDragon, and even BlueDragon JX 7.1. In fact, it works with any J2EE/JEE server or servlet engine.

If you're running a site on any of those platforms and ever have problems of slowness, instability, or any other "curious" problems, or just need to better understand the nature of requests that CF is processing, and how well (or poorly) it's doing it, FusionReactor is a great tool, for the reasons I outline. It's like having x-rays into the app server.

I've written and spoken about the tool quite a bit, and have a FusionReactor blog category here with over a dozen entries here, as well.

More Entries

BlogCFC was created by Raymond Camden. This blog is running version 5.005.

Managed Hosting Services provided by
Managed Dedicated Hosting