Skip to main content
R
ryanp2
Participant
April 24, 2009
Question

Scheduled task issue - connection failure - possibly certificate issue?

  • April 24, 2009
  • 3 replies
  • 11674 views

I have several scheduled tasks set up through the CFAdmin that have been functioning without issue for awhile, until this week.  Some of them have been in place for several years.  I am now receiving a "connection failure" error on the html output page that a few of them generate.  Weird thing is, the scheduler log shows them as running successfully, and I can run them manually fine.

I've searched everywhere I could think of and have found that most of the suggested resolutions do not work.  Authentication is set to basic, and the username that the tasks use has full permission to the entire directory.

The only thing that changed recently was our SSL certificate expired, and one of the sys admins created new ones.  We've run through a few tutorials on importing the cert into the correct libraries but this has also not worked.

Does anyone have ANY suggestions or ideas on what might be the issue here?  I'm really at a total loss.  Thanks for any help.

This topic has been closed for replies.

3 replies

R
ryanpatsko-RmwQmB
Participating Frequently
June 22, 2011

Recently upgraded to CF9 and ran into this same issue again. I ran through the ssl cert import as described in one of the replies to this original post, and the command line messages said it was successful, but apparently it was not. I used the Certman Admin extension to import the cert and the problem was solved.

I
insuractive
Inspiring
August 26, 2011

Wow, this thread takes me back...

I should also mention that on occassion you may have to import not just the new certificate, but all the certificates in the trust chain up to the root.  As time goes on, especially for older server instances, the likelyhood that certificate authorities in the chain have made changes that CF does not have in its keystore increase.  We've encountered this issue a few times.

A
Anonymous
July 8, 2009

I assume you're using a system account to connect (as opposed to user) and you've checked that the password didn't change.

R
ryanp2Author
Participant
July 8, 2009

yes - the login credentials were all fine. I should have posted a reply to

this issue, but honestly didn't have the technical expertise to explain it.

We found out the problem was with our SSL cert that had been created in

house - but that's really the best I can explain. We called in a tech

services company that we deal with on occasion and they jumped on our system

and fixed the problem. I really never got a full explanation on what they

did though.

I
insuractive
Inspiring
April 24, 2009

Try performing a CFHTTP call against your SSL site URL using the same CF server that you have your scheduled tasks on and dump the result.  If you get a connection failure / peer not authenticated result than it sounds like the issue is with the new SSL cert not being imported correctly into the CF cert store.  If you are still having issues with the import, try importing the new cert while using the same system login that CF uses (on windows boxes).

This is the process that we use:

  1. Go to a page on the SSL server.
  2. Double-click the lock icon.
  3. Click the Details tab.
  4. Click Copy To File.
  5. Select the base64 option and save the file.
  6. Copy the CER file into ColdfusionDir\runtime\jre\lib\security
  7. Run the following command from the same directory (keytool.exe is located in ColdfusionDir\runtime\jre\bin) ..\..\bin\keytool.exe -import -keystore cacerts -alias UniqueName -file filename.cer
  8. You may be prompted with a password, check with your CF administrator for the correct cert change password (this is not the same as the CF admin password)
  9. Restart Coldfusion

Hope that helps!

- Michael

R
ryanp2Author
Participant
April 27, 2009

Thanks very much for the reply. I set up the CFHTTP call and get an error

msg that simply says "connection failure." However, I've run through the

steps to import the cert with one of the system admins here and it did not

solve the problem. Any other thoughts?

I
insuractive
Inspiring
April 27, 2009

Have you dumped the entire CFHTTP scope after your CFHTTP call?  Unlike the CFHTTP.filecontent variable which just contains the result of the post, the CFHTTP scope object created after a side-post contains a bunch of other helpful information, including headers, result codes, etc.  If you haven't already, try doing a dump right after your CFHTTP call:

<cfdump var="#CFHTTP#">

you may get some more specifics about what might be causing the issue.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices