Coldfusion 9 / Server 2008 / TLS 1.1+ / Scheduled Task

Question

Hello, we recently installed a security update from Microsoft (KB4019276) on our Server 2008 (non R2) Enterprise server to remediate TLS 1.0 vulnerabilities on our web server. Since applying the patch the Coldfusion Scheduler is no longer functioning. I do not want to remove the patch since it has resolved the vulnerabilities at hand.

Please note, the URLs for each scheduled task are non-SSL links and all the links are currently active and worked prior to the patch.

If I run it manually from the list I get the following message:

There was an error running your scheduled task. Reasons for which scheduled tasks might fail include:

The scheduled task is paused

The URL is a redirection URL.

The URL is protected by IIS NT Challenge/Response or Apache .htaccess password. The Username and Password text fields for editing a scheduled task are intended to support Basic Authentication only.

The Domain Name lookup failed. Try using the IP address of the domain whenever possible.

The URL is an SSL site, but the SSL port was specified incorrectly.

The Web site is not responding.

The directory specified for published results does not exist.

All currently scheduled tasks logs show the same type of generic message:

"Information","scheduler-2","09/14/17","17:25:00",,"C:\ColdFusion8\logs\scheduler.log initialized"

"Information","scheduler-2","09/14/17","17:25:00",,"[Export] Executing at Thu Sep 14 17:25:00 CDT 2017"

"Information","scheduler-2","09/14/17","17:25:00",,"Error while executing task Connection Failure: Status code unavailable"

"Information","scheduler-2","09/14/17","17:25:00",,"Connection Failure: Status code unavailable"

"Information","scheduler-2","09/14/17","17:25:00",,"[Export] Rescheduling for :Thu Sep 14 17:30:00 CDT 2017 Now: Thu Sep 14 17:25:00 CDT 2017"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\TLS 1.0\Client (enabled)

Charlie Arehart · Answer

yoelsty, does your problem remain? If so, I have some thoughts. And the first one may help you even if you have solved the problem, and it may help other readers.

I would say it would surprise me that this problem arose merely from the Windows update. It could have, I suppose, but often I find that where people say something broke "because of a Windows update", it turned out instead that it broke because that update forced a box reboot, and that forced a CF restart, and something had changed in CF (before the windows update was applied) that did not take effect until the CF restart. There are various things one can do in the CF Admin, config files, and even code that would not take effect until a CF restart. Just something to consider.

Now back to your problem: you don't say if you took the URLs in the tasks and tried executing them in a browser. Do they work? And when that browser is running on the same box as CF? If they do (but still fail as CF tasks), what happens if you put the URL into a CFHTTP call and run that in a test page, and cfdump the CFHTTP scope? You may see more details about why the page is failing. Let us know what you find.

(You may also see more by telling the scheduled task to save its output to a file, and then view that file.)

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded