Troubleshooting

 

This topic lists common problems and solutions for the HTTP Server for i5/OS, the Web Administration for i5/OS, and other features associated with the product.

Information for this topic supports the latest PTF levels for HTTP Server for i5/OS . IBM recommends that you install the latest PTFs to upgrade to the latest level of the HTTP Server for i5/OS. Some of the topics documented here are not available prior to this update. See IBM Service for more information.

List of symptoms:

Additional troubleshooting information may be found in the following documentation:

 

Parent topic:

IBM HTTP Server for i5/OS

 

Symptom: Out-of-process ASF Tomcat server does not start or appears to start, but then stops

Cause

A number of possible causes could be causing your out-of-process ASF Tomcat to not start. Check the job log for the cause.

Solution

Check the job log for a report on the possible problem and enable tracing.

Check the job log:

  1. On an iSeries™ command line, enter WRKACTJOB immediately after the server is started.

    If the job is active, enter WRKACTJOB to work with the job and display the job log.

    If the job is not active, enter WRKSPLF SELECT(QTMHHTTP) to find the name of the server and display the spool file.

  2. Check the ASF Tomcat logs. Inspect the tomcat.log, jvmstdout.txt, and jvmstderr.txt files for possible information concerning the error.

Enable/disable tracing:

  1. On an iSeries command line, enter ADDENVVAR ENVVAR(QIBM_ASFTOMCAT_TRACE) VALUE(10) LEVEL(*SYS).

  2. Restart the ADMIN server.

  3. Start the out-of-process ASF Tomcat server.

  4. Additional debug information is created for the job. If this information does not appear in a spool file associated with the started job, then it may be accessed using the Dump User Trace (DMPUSRTRC) command against the ADMIN server and the out-of-process ASF Tomcat server jobs.

    To disable tracing, continue with the next steps.

  5. On an iSeries command line, enter RMVENVVAR ENVVAR(QIBM_ASFTOMCAT_TRACE).

  6. Restart the ADMIN server.

  7. Start the out-of-process ASF Tomcat server.

 

Symptom: Error 404 on HTTP Server

Cause

HTTP Server is not able to find the resource that was requested or the user profile on HTTP Server does not have authority to the requested resource.

Solution

Check the following:

  • Make sure the file exists.

  • Make sure that the user profile used to access the resource has object authority. The user profile QTMHHTTP is used by default. The user profile QTMHHTP1 is used by default when the request is a CGI program.

 

Symptom: HTTP Server has a slow response

Solution

Refer to the following:

 

Symptom: Error 500 on HTTP Server

Cause

A program on your HTTP Server has failed or there is an error in your CGI program.

Solution

Check the following:

  • Check the server Primary joblog, QSYSOPR messeges, error log and CGI job logs for more information.

  • If you have not used the IBM® Web Administration for i5/OS interface to create an HTTP Server configuration, a required directive may be missing from the configuration file. View the configuration file with the IBM Web Administration for i5/OS interface for possible errors.

 

Symptom: Cannot read or write to QUSRSYS/QATMHINSTC or QUSRSYS/QATMHASFT

Cause

The IBM Web Administration for i5/OS interface uses the Java™ Toolbox for iSeries. When reading and writing files in QSYS, the Java Toolbox sometimes uses the DDM server. In the IBM Web Administration for i5/OS interface, this results in problems reading or writing the QUSRSYS/QATMHINSTC file containing HTTP Server definitions, or QUSRSYS/QATMHASFT file containing out-of-process ASF Tomcat server definitions.

Solution

On an iSeries command line, enter STRTCPSVR *DDM.

 

Symptom: HTTP Server on port 80 does not start

Cause

By default, APACHEDFT server autostart setting is *GLOBAL. If, in addition, the global server setting for autostart is "Yes", then APACHEDFT server will start during STRTCP command processing. APACHEDFT server uses port 80 and may cause any other HTTP Server using port 80 to not start.

Solution

Do the following:

If you HTTP Server does not start or appears to start, but then stops, check the following:

  1. The cause of the problem may be in the job log. Use WRKACTJOB immediately after the server is started. If the job is active, the enter WRKACTJOB to work with job and display the job log. If the job is not active, then enter WRKSPLF SELECT(QTMHHTTP) to find the name of the server and display the spool file.

  2. If you have configured the error logs, then the cause of the problem may be in the error log. For example, /www/myserver/logs/basic_error_log, where "myserver" is the name of your HTTP Server.

    If the error messages have been customized, the error will not be identified in the same manner as the above example.

  3. If you have configured ASF Tomcat, then there may be error information logged in the ASF Tomcat logs. Inspect the tomcat.log, jvmstdout.txt, and jvmstderr.txt for possible information concerning the error

If these steps do not help, then try starting the server with verbose tracing. See Manage server performance for HTTP Server (powered by Apache) for tracing.

By default, APACHEDFT server autostart setting is *GLOBAL. If, in addition, the global server setting for autostart is "Yes", then APACHEDFT will start during STRTCP command processing. APACHEDFT server uses port 80 and may cause any other HTTP Server using port 80 to not start. To avoid this condition, you can :

  • Change APACHEDFT server configuration autostart setting to "No".

  • Change APACHEDFT server configuration to use a port other than 80.

To change the autostart value on APACHEDFT server, do the following:

  1. Click the Manage tab.

  2. Click the HTTP Servers subtab.

  3. Select APACHEDFT from the Server list.

  4. Expand Server Properties.

  5. Click General Server Configuration.

  6. Click the General Settings tab in the form.

  7. Select No (instead of *GLOBAL or Yes) from the Autostart list.

  8. Click OK.

To change the port number on APACHEDFT server, do the following:

  1. Click the Manage tab.

  2. Click the HTTP Servers subtab.

  3. Select APACHEDFT from the Server list.

  4. Expand Server Properties.

  5. Click General Server Configuration.

  6. Click the General Settings tab in the form.

  7. Select the IP address and port from the Server IP addresses and ports to listen on table.

  8. Enter a new value for the port number in the Port column.

  9. Click Continue.

  10. Click OK.

As a final precaution, make sure APACHEDFT server is not started by doing the following:

  1. Click the Manage tab.

  2. Click the All Servers subtab.

  3. Click the All HTTP Servers tab.

  4. Select APACHEDFT from the table.

  5. Click Stop.

 

Symptom: Web browser problems with HTTP Server

Cause

Your Web browser may not be configured correctly.

Solution

Below is a list of common problems and solutions for your Web browser.

Miscellaneous Microsoft® Internet Explorer errors related to incorrect interpretation of HTTP/1.1 in response

Microsoft Internet Explorer sends requests in HTTP/1.1 format but seems to only accept responses in HTTP/1.0 format. The work around is to tell HTTP Server the request came in as HTTP/1.0 format.

Fore example: BrowserMatch "MSI 4\.0b2;" downgrade-1.0 force-response-1.0

URL not found when clicking on a file in a directory listing from Netscape

If AlwaysDirectoryIndex is set to OFF and a URL for a directory without a trailing slash is requested, then Netscape does not request the file relative to the director in which the file exists in the resulting directory listing.

Microsoft Internet Explorer does not display customized error messages

If Internet Explorer is not displaying the customized error messages, check to see if the preferences for the browser are set to show friendly HTTP error messages. Disable this preference and the customized error massages should display properly.

When using HTTPS, Microsoft Internet Explorer shows pages that were cached when using HTTP

If the browser is showing cached pages instead of connecting to the server using SSL, clear the browser's cache.

Prompted for password when using certificate for client authentication

If you are using a Certificate Authority that offers the option to protect the private key of your certificate with a password (such as for the Microsoft Internet Explorer browser), and you use the certificate for client authentication, you are prompted for the password after about 2 minutes of idle time. This happens even if you have disabled SSLV2 in the browser being used and in the server because you are trying to use the longer SSLV3 cache time-out interval. This is a security feature that protects your private key if you are away form your client, even though it may look like an SSLV3 caching problem.

Certificate not recognized by browser

If you add a certificate to your browser, the browser may not recognize that there is a new certificate until you restart your computer.

For additional information see the Apache Software Foundations list of list of known problems with clients .

 

Symptom: ADMIN server will not start

Solution

Check to make sure you have the proper authorities. See User profiles and required authorities for HTTP Server for specific authority and profile information.

 

Symptom: HTTP Server will not start or functions will not work

Solution

General items to check:

  1. Check /QIBM/UserData/HTTPA/admin/logs, HTTPAdmin.log, error_log, and any other logs you may have. More information on the cause of the problem may be found there.

  2. Use CHKPRDOPT to 57XXDG1, SS1, TC1 and JV1.

  3. Check joblog for user QTMHHTTP.

  4. Check QTMHHTTP and QTMHHTP1 user profiles.

  5. Verify that *PUBLIC is not *EXCLUDEd from '/' (Use WRKLNK '/' and take option 9).

  6. Verify that QSERVER and QUSRWRK subsystems are running.

Error messages:

Error ZSRV_MSG0358

Found in admin log. Verify that there is a host table entry in CFGTCP Option 10 that matches the host + domain name in CFGTCP Option 12, and set 'Host Name Search Priority' to *LOCAL.

Error ZUI_50004 - 'no *IOSYSCFG authority'

Verify that user has *IOSYSCFG Authority. If *IOSYSCFG is granted by a GROUP profile, verify that PTF SF65588 (V4R5) is applied. Check that there are NO user .jar files in the /QIBM/ProdData directory path - this directory is for IBM use only.

Error HTP8015

Verify that the latest PTFs for DG1 product are applied.

Error CEE0200

Verify that 57XXJV1 Options *Base, 5, and 6 are installed,

Error ZSRV_MSG0302 :User qsecofr:authentication failure for "/":1

Known problem with 128 character passwords on V5R1. HTTP servers cannot use 128 character passwords. You may be able to circumvent this problem by changing the password in the user profile to CAPITAL letters and using CAPITAL letters to log into the ADMIN screen.

 

Symptom: Unknown server type when working with HTTP Servers in ADMIN

Solution

Ensure that LOOPBACK and LOCALHOST are configured to resolve to 127.0.0.1 and can be PINGed from the i5/OS™ command line. Verify that there are no exit programs for exit point QIBM_QPWFS_FILE_SERV. Verify that QSERVER and QUSRWRK subsystems are running and that current group PTF for DG1 product is applied.

 

Symptom: All servers show status 'Stopped'

Cause

This problem was determined to be caused by an OEM security application that registers many exit point programs.

Solution

Remove the application to eliminate the problem.

 

Symptom: Cannot access ADMIN or some functions do not work

Solution

Verify the following:

  • Verify that user's browser is not using a proxy to access the ADMIN server.

  • Verify latest DG1 PTF's.

  • Verify that user profiles QTMHHTTP and QTMHHTP1 are enabled.

 

Symptom: User Profile does not have *IOSYSCFG

Solution

In the HTTPAdmin.log you will find error: 'NoRouteToHostException'. Do the following:

  • Verify that 127.0.0.1, LOOPBACK and LOCALHOST are configured and work.

 

Symptom: Tomcat options not shown in the Web Administration for i5/OS interface

Solution

Do the following:

  • Verify latest DG1 PTF's

  • Verify that AdminTc.jar is in: /QIBM/UserData/HTTPA/admin/webapps/HTTPAdmin/WEB-INF/lib. This file can be found in /QIBM/ProdData/HTTPA/admin/pgm/. If so, the problem can be circumvented by adding a SYMLNK.

  • On the i5/OS command line, type the following:
    ADDLNK OBJ('/QIBM/ProdData/HTTPA/admin/pgm/AdminTc.jar')+
NEWLNK('/QIBM/UserData/HTTPA/admin/webapps/httpadmin/web-inf/lib/AdminTc.jar')
Press Enter, then typethe following: CHGOWN OBJ('/QIBM/USerData/HTTPA/admin/webapps/HTTPAdmin/WEB-INF/lib/AdminTc.jar')+
NEWOWN(QTMHHTTP) SYMLNK(*YES)

 

Symptom: Cannot create new HTTP Server instance

Solution

Verify LOCALHOST , LOOPBACK and 127.0.0.1 exist and work.

 

Symptom: Net.Data® error

Include object specified in /QIBM/ProdData/HTTPSVR/MRIXXX/Macro/qzhamsg.nds at line 208

Solution

Verify that directory /QIBM/ProdData/HTTPSVR/Macro/ contains only objects that are appropriate to the current OS version .

 

Symptom: Error occurred opening file

Cause

If your HTTP Server configuration uses the Rewrite directive and does not have the proper access for QTMHHTTP configured, your server will not start.

Solution

Make sure QTMHHTTP has *RWX access authority to the /tmp directory.

 

Symptom: Databases fail to deploy when configuring with the Web Administration for i5/OS interface

Cause

This error occurs when the user ID selected as the WebSphere Portal database owner does not have authority to the CHGJOB command. The configuration wizard requires this authority to autoreply when the system would otherwise require a response from the user. Without this authority, the create-all-db configuration task fails, and databases are not deployed.

If databases fail to deploy when configuring WebSphere Portal with the Web Administration for i5/OS interface, check the /QIBM/UserData/Webas5/Base/<instance>/logs/<instance>/WPSWIZARD_<timestamp>_create-all-db.log log file for the following error: 

[java] java.lang.RuntimeException: error when creating statement [CPF0006] 
Errors occurred in command. 
[java] java/lang/Throwable.(Ljava/lang/String;)V+4 (Throwable.java:85) 
[java] java/lang/Exception.(Ljava/lang/String;)V+1 (Exception.java:33) [java]
java/lang/RuntimeException.(Ljava/lang/String;)V+1 (RuntimeException.java:38) 
[java] com/ibm/wps/config/SqlProcessor.process([Ljava/lang/String;Ljava/lang/
String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I+0 
(SqlProcessor.java:78) 
[java] com/ibm/wps/config/SqlProcessor.main([Ljava/lang/String;)V+0 
(SqlProcessor.java:478)

Solution

Ensure the user ID selected as the WebSphere Portal database owner has authority to the CHGJOB command.

 

Symptom: WebSphere Portal authentication performance problems

If you are experiencing performance problems when users are logging into Portal (the authentication phase), the following indicators may help determine that the filters are causing these performance problems:

Cause

You may encounter a performance problem if you configure a secure WebSphere Portal server with LDAP. This problem only occurs if you use the Create WebSphere Portal wizard in the Web Administration for i5/OS interface. When configuring LDAP with the WebSphere Portal wizard, the two LDAP fields LDAPUserFilter and LDAPGroupFilter are configured with default values depending on the type of LDAP server being used. For example, if you are securing your WebSphere Portal server using the IBM Directory Server, the two LDAP fields are set to "(&(|(cn=%v)(uid=%v))(objectclass=person))" and "(&(cn=%v)(|(objectclass=groupOfUniqueNames)(objectclass=groupOfNames)(objectclass=group)))", respectively. By configuring the fields with the default values, the WebSphere Portal wizard allows the wpsadmin Portal administrator to successfully login and existing LDAP entries can be used once the Portal server is successfully configured and secured. However, if the LDAP server has a large number of entries, or if many additional users are added to the LDAP server, Portal's authentication performance may be noticeably impacted.

Solution

If you determine that the filters, as configured by the WebSphere Portal wizard, are causing authentication performance problems, complete the following steps:

  1. Start the Web Administration for i5/OS interface.

  2. Click the Manage tab.

  3. Click the Application Servers subtab.

  4. Expand Tools.

  5. Click Launch Administrative Console.

  6. Login to the console and click OK.

  7. Expand Security.

  8. Expand User Registries.

  9. Click LDAP.

  10. Click Advanced LDAP Settings in the Additional Properties table.

  1. Edit the User Filter and the Group Filter properties values to more precise values to increase authentication performance. For more information about this syntax, see the LDAP directory service documentation and the WebSphere Portal Product Documentation Web site.

  2. Click OK.

  3. Click Save to apply changes to the master configuration.

  4. Click Save again on the next page.

You may need to restart your WebSphere Application Server for these changes to take affect.