Skip to main content
V
VincentL12
Inspiring
May 16, 2017
Answered

ColdFusion Server (CF 2016) suddenly will not start

  • May 16, 2017
  • 1 reply
  • 7625 views

I have been using ColdFusion 2016 for about 5 months without problem. Two days ago I suddenly could not access the built in server, receiving such messages as:

127.0.0.1 refused to connect. in Opera and ERR_CONNECTION_REFUSED in Chrome.

I thought it could be a firewall issue, since when booting up I saw a message saying that another app (Akamai NetSession)  was being blocked and that Windows Firewall had made some changes. However on checking the firewall, ColdFusion Server is being allowed through (as are Opera Chrome, etc).

I tried to start CFServer from a command prompt, but after navigating to the bin directory and typing ColdFusion.exe start I got no message of any kind.

I am on port 8501 with the server (8500 was used by and old version of CF11) but have never had any running problems.

I noted that the IIS start page appears on 127.0.0.1 when I checked the relevant options - so localhost is not completely disabled.

I am not an expert on server issues. Anyone any ideas? Thanks in advance for comments.

      This topic has been closed for replies.
      Correct answer Charlie Arehart

      Charlie. Thanks for your detailed response.

      The full logs are:

      May 17, 2017 5:03:28 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent

      INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\ColdFusion2016\cfusion\lib;C:\ColdFusion2016\cfusion\jintegra\bin;C:\ColdFusion2016\cfusion\jintegra\bin\international;C:\ColdFusion2016\cfusion\lib\oosdk\classes\win

      May 17, 2017 5:03:29 PM org.apache.coyote.AbstractProtocol init

      INFO: Initializing ProtocolHandler ["http-nio-8501"]

      May 17, 2017 5:03:29 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector

      INFO: Using a shared selector for servlet write/read

      May 17, 2017 5:03:29 PM org.apache.coyote.AbstractProtocol init

      INFO: Initializing ProtocolHandler ["ajp-nio-8016"]

      May 17, 2017 5:03:29 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector

      INFO: Using a shared selector for servlet write/read

      May 17, 2017 5:03:29 PM org.apache.catalina.core.StandardService startInternal

      INFO: Starting service Catalina

      May 17, 2017 5:03:29 PM org.apache.catalina.core.StandardEngine startInternal

      INFO: Starting Servlet Engine: Apache Tomcat/8.0.32

      May 17, 2017 5:03:31 PM org.apache.jasper.servlet.TldScanner scanJars

      INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.

      05/17 17:03:32 INFO License Service: Flex 1.5 CF Edition enabled

      05/17 17:03:32 INFO Starting Flex 1.5 CF Edition

      May 17, 2017 5:03:32 PM org.apache.catalina.core.ApplicationContext log

      INFO: ColdFusionStartUpServlet: ColdFusion: Starting application services

      May 17, 2017 5:03:32 PM org.apache.catalina.core.ApplicationContext log

      INFO: ColdFusionStartUpServlet: ColdFusion: VM version = 25.72-b15

      May 17, 2017 17:03:33 PM Information [localhost-startStop-1] - Starting logging...

      May 17, 2017 17:03:33 PM Information [localhost-startStop-1] - Starting license...

      May 17, 2017 17:03:33 PM Information [localhost-startStop-1] - Developer Edition enabled

      May 17, 2017 17:03:33 PM Information [localhost-startStop-1] - Starting crypto...

      May 17, 2017 17:03:33 PM Information [localhost-startStop-1] - Installed JSafe JCE provider: Version 6.21 Crypto-J 6.2.1, EMC Corporation. JsafeJCE Security Provider (implements RSA, DSA, ECDSA, Diffie-Hellman, ECDH, AES, DES, Triple DES, DESX, RC2, RC4, RC5, PBE, MD2, MD5, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512, HMAC-MD5, HMAC-RIPEMD160, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, HMACDRBG, HASHDRBG, CTRDRBG, FIPS186PRNG, SHA1PRNG, MD5PRNG; RFC 3394, RFC 5649 AES Key Wrap; X.509 CertificateFactory; PKCS12, PKCS15 KeyStore; X.509V1, PKIX, PKIX-SuiteB, PKIX-SuiteBTLS CertPathValidators; X.509V1, PKIX, PKIX-SuiteB, PKIX-SuiteBTLS CertPathBuilders; LDAP, Collection CertStores)

      May 17, 2017 17:03:33 PM Information [localhost-startStop-1] - Starting security...

      May 17, 2017 17:03:33 PM Error [localhost-startStop-1] - Unable to initialise Security service: coldfusion.server.ServiceException: coldfusion.wddx.WddxDeserializationException: WDDX packet parse error at line 1, column 1. Content is not allowed in prolog..

      coldfusion.server.ServiceException: coldfusion.wddx.WddxDeserializationException: WDDX packet parse error at line 1, column 1. Content is not allowed in prolog..

              at coldfusion.security.SecurityManager.loadSecurity(SecurityManager.java:1418)

              at coldfusion.security.SecurityManager.load(SecurityManager.java:1375)

              at coldfusion.server.ServiceBase.start(ServiceBase.java:59)

              at coldfusion.security.SecurityManager.start(SecurityManager.java:1365)

              at coldfusion.server.CFService.setupSecurity(CFService.java:438)

              at coldfusion.server.CFService.start(CFService.java:560)

              at coldfusion.server.j2ee.CFStartUpServlet.startCFService(CFStartUpServlet.java:565)

              at coldfusion.server.j2ee.CFStartUpServlet.init(CFStartUpServlet.java:508)

              at javax.servlet.GenericServlet.init(GenericServlet.java:158)

              at coldfusion.bootstrap.ClassloaderHelper.initServletClass(ClassloaderHelper.java:121)

              at coldfusion.bootstrap.BootstrapServlet.init(BootstrapServlet.java:59)

              at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1238)

              at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1151)

              at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1038)

              at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5049)

              at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5341)

              at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)

              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408)

              at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398)

              at java.util.concurrent.FutureTask.run(FutureTask.java:266)

              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

              at java.lang.Thread.run(Thread.java:745)

      May 17, 2017 17:03:33 PM Error [localhost-startStop-1] - Unable to initialise CFStartupServlet:coldfusion.wddx.WddxDeserializationException: WDDX packet parse error at line 1, column 1. Content is not allowed in prolog..

      May 17, 2017 17:03:33 PM Information [localhost-startStop-1] - Shutting down servlet container...

      I will look at what you suggest in the two extended posts, but in the meantime the above might throw a more focused light on the problem I have.

      Vincent


      Good news/bad news. The log confirms that the error you reported is indeed the first one in the log. And it explains the problem: a issue with C:\ColdFusion2016\cfusion\lib\neo-security.xml, which has a "parse error" at line 1, column 1.


      I'm betting that if you open that file, you will find that it is empty. It shouldn't be. Or if it's not empty, it's mal-formed (not valid XML, or more specifically not valid WDDX-formatted XML).


      The first question would be how it got empty or mal-formed. But that may take time to find and resolve.

      But for now, you may want to check if the neo-security.bak file, in the same directory, is also empty or mal-formed. If it is not, and you renamed the other and renamed this to be neo-security.xml, and restarted CF, would things work (no more error, pages load)? But it may be borked also.

      In that case, do you have any sort of backup of the file system that you could revert to?

      Assuming you do not, sadly someone can't just "share theirs" with you because the info in the file is unique to each user. This file holds the CF admin security configuration settings (representing checkboxes checked, etc.). And anyone else's xml file would represent settings that they picked that you may set differently.

      Even so, if you're desperate, here is the content of mine, from CF2016 also. (I wiped the value of my "userid.root.salt" value, as I'm pretty sure that's different on every install. It's not the password, but the salt value used to encrypt the password, stored in another file). Keep reading below this for a couple more thoughts:

      <wddxPacket version='1.0'><header/><data><struct type='coldfusion.server.ConfigMap'><var name='AuthorizedUsers'><struct type='coldfusion.util.FastHashtable'></struct></var><var name='admin.userid.root'><string>admin</string></var><var name='CrossSiteScriptPatterns'><struct type='coldfusion.server.ConfigMap'><var name='&lt;\s*(object|embed|script|applet|meta)'><string>&lt;InvalidTag</string></var></struct></var><var name='admin.userid.root.salt'><string>00000000000000000000000000000000</string></var><var name='rds.enabled'><string>true</string></var><var name='allowconcurrentadminlogin'><boolean value='true'/></var><var name='allowedAdminIPList'><string></string></var><var name='contexts'><struct type='coldfusion.server.ConfigMap'><var name='/'><struct type='coldfusion.server.ConfigMap'></struct></var></struct></var><var name='admin.security.enabled'><boolean value='true'/></var><var name='admin.userid.required'><boolean value='false'/></var><var name='secureprofile.enabled'><boolean value='false'/></var><var name='rds.security.enabled'><string>true</string></var><var name='sbs.security.enabled'><boolean value='false'/></var><var name='rds.security.usesinglerdspassword'><boolean value='true'/></var></struct></data></wddxPacket>

      You would want to stop CF, then edit your neo-security.xml putting this in its place. BEfore you do, read to the end for an edit you may want to make. (And if you're on Windows and edit it with Notepad and find you can't save the edits due to permissions issues, even though you ARE an Admin, this is a limit of Notepad. You could open it as Admin, or just save the changed file in your documents folder then copy/paste it with windows explorer, and THAT will prompt you to elevate your privileges to let you paste the file, while Notepad would not let you save it.)

      Now, back to the file contents, because you would now have a different salt value, you'll find that your current CF Admin (and I think DSN) passwords will not work. So you'd find you could not login to the CF Admin. But note that you can set this element:

      <var name='admin.security.enabled'><boolean value='true'/></var>

      to

      <var name='admin.security.enabled'><boolean value='false'/></var>

      And now (after a restart) you could login, without any password. Then you could go to the CF Admin Security page, and modify the salt to some other value (than all 0's), and then enter a new password (and choose the drop down on that page to require a CF Admin password). Again, you may have to redo your DSN passwords. Try verifying one that worked. If it does not, just enter it again in the DSN settings page, and (because it will now be set with the salt you picked) it should verify now.

      Let us know how it goes.    

      1 reply

      C
      carl type3
      Legend
      May 16, 2017

      Hi Vincent,

      Try from CMD prompt as administrator:

      -CD CF2016\cfusion\bin

      -cfstart

      Let me know what displays.

      HTH, Carl.

        V
        VincentL12Author
        Inspiring
        May 17, 2017

        The message shows:

        Unable to initialise Security service  coldfusion.server.serviceException,,, WDDX packet parse error at line1 column 1  Content is not allowed in prolog... at coldfusion.security.SecurityManager.loadsecurity(SecurityManager.java1418) and similar error messages referencing java 1375, java 59, etc.

        I recall downloading a Java update. Do I need to revert back to the previous version?

        Charlie Arehart
        Community Expert
        Charlie ArehartCommunity Expert
        Community Expert
        May 17, 2017

        Vincent, is that the FIRST message that appears on trying to start from the command line? or the last? If it's the last, what is the first? there may be a clue there.

        Also, you say "CF won't start" but then you say that calls to the CF internal web server are failing. So if you look at Task Manager (if Windows, or the equivalent in Linux or OSX), is the coldfusion process running? If it is, then the issue is not that it's "not starting" but it's not working (subtle distinction). It may be useful to know, though.

        As for your having installed Java recently, and that affecting either CF starting or working, yes, that could be the issue--maybe. If you had changed CF to point to a specific JVM, and you updated it, it may have removed key files from the JVM folder that CF WAS looking at. But because it was running the JVM update could not remove ALL files from that folder.

        In this case, you'd want to tell CF to point to the NEW JVM folder. But of course, if you can't get to the CF Admin you may think you can't tell it to use the new JVM.

        But if you look at your CF jvm.config file (in the coldfusion2016\cfusion\bin folder, or if on Enterprise, the bin folder of whatever instance you're trying to start if you have multiple instances), its first non-commented line will be for java.home. Does that point to the coldfusion2016\jre folder? or some other one? If another, then THAT was what CF WAS looking at (and still is trying), and you'd want to edit that to point to the NEW folder.

        If you do edit it, watch that you need to use the same slashes you see listed for the current java.home value, and you must point it to the JRE folder of whatever JVM you're using (as your current value would do. Just be careful in updating that value to the new JVM location.)

        I discuss all this in two extended posts with lots more to consider. And even if you think the above does not apply, you may still want to read them to be sure:

        CF911: 'Help! I've updated the JVM which ColdFusion uses, and now it won't start!'

        Why you should think twice about leaving on the "public JRE" option of the Java JDK installer

        But your problem could be something else entirely. Please do answer the first question above, if the rest doesn't help.

        And while we may be able to solve this via the forums here, sometimes there are just too many moving parts. In that case, there's no substitute for having someone instead look WITH you at your server to solve the problem, whatever the unique cause may be for you. I do that, as do others. You can find them at cf411.com/cfconsult. You may find it could be solved in less than an hour, so not necessarily a really expensive option. Some want a solution, some want to solve things on their own. I try to help either way. :-) Just wanted to put it out there for you and other readers to consider.

        /Charlie (troubleshooter, carehart. org)
        Terms & ConditionsAccessibility statement
        Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices