Scheduled Tasks/CFHTTP/SNI Connection Failure Fix

Thought I would drop this here as I know some people continue to have
issues.

Currently running

Lucee 4.5.2.018 final
jre 1.8.0_66 (Oracle Corporation) 64bit
tomcat 8.0.26
Windows Server 2012 R2 (6.3) 64bit
IIS8 using SSL only
Sites are bound using SNI

Problem:

Since switching on SNI, scheduled tasks using cfhttp to call the local
website (https://mydomain.ca/service/export.cfm) fail with a connection
failure and a scheduler log entry “Connection
reset;java.net.SocketException: Connection reset”

This happens even after updating
httpclient-4.5.jar, httpmime-4.5.jar, httpcore-4.4.1.jar to the latest (as
recommended https://luceeserver.atlassian.net/browse/LDEV-292)

Calls to the URL in a browser work fine.

It -is- possible to set up a scheduled task to work via http (rather than
https) even if you have url rewrites to SSL only. You need to set up the
scheduled task URL to:

http://mydomain.ca/service/export.cfm (no https)

and then set the port on the line below to 8888 (or whatever port tomcat
is running on) rather than 80

Seems that remote calls to SNI enabled servers (ie: https://sni.velox.ch as
noted in LDEV-292) still do not work (fails with "Certificate for
<sni.velox.ch> doesn’t match any of the subject alternative names:…)

But since I’m not doing remote calls, my issue is solved…finally.

Thanks for posting the workaround, Jay. I’ve just encountered the same
issue having moved to Server 2012 and started using SNI. My Lucee
setup’s identical to yours.

It’s important to note that this is not the same issue as
https://luceeserver.atlassian.net/browse/LDEV-292 which only applies
to CFHTTP.

The URLs that fail using scheduled tasks work fine for me using CFHTTP
so clearly that issue has indeed been fixed.

But the fix seems not to cover the scheduled task engine. I’ve
therefore opened a new ticket specifically for that.

https://luceeserver.atlassian.net/browse/LDEV-649

Julian.On 25 November 2015 at 21:35, Jay B <@Jay_B> wrote:

Thought I would drop this here as I know some people continue to have
issues.

Currently running

Lucee 4.5.2.018 final
jre 1.8.0_66 (Oracle Corporation) 64bit
tomcat 8.0.26
Windows Server 2012 R2 (6.3) 64bit
IIS8 using SSL only
Sites are bound using SNI

Problem:

Since switching on SNI, scheduled tasks using cfhttp to call the local
website (https://mydomain.ca/service/export.cfm) fail with a connection
failure and a scheduler log entry “Connection
reset;java.net.SocketException: Connection reset”

This happens even after updating httpclient-4.5.jar, httpmime-4.5.jar,
httpcore-4.4.1.jar to the latest (as recommended
https://luceeserver.atlassian.net/browse/LDEV-292)

Calls to the URL in a browser work fine.

It -is- possible to set up a scheduled task to work via http (rather than
https) even if you have url rewrites to SSL only. You need to set up the
scheduled task URL to:

http://mydomain.ca/service/export.cfm (no https)

and then set the port on the line below to 8888 (or whatever port tomcat is
running on) rather than 80

Seems that remote calls to SNI enabled servers (ie: https://sni.velox.ch as
noted in LDEV-292) still do not work (fails with "Certificate for
<sni.velox.ch> doesn’t match any of the subject alternative names:…)

But since I’m not doing remote calls, my issue is solved…finally.

Have you tried loading your own SSL certificate into Lucee via the admin or javastore?

No, but why should that need to be done? As I say CFHTTP works just
fine so clearly Lucee isn’t having a problem with the certs elsewhere.On 26 November 2015 at 10:49, Juan Aguilar <@Juan_Aguilar> wrote:

Have you tried loading your own SSL certificate into Lucee via the admin or javastore?

I did do that and it didn’t help…and as Julian noted, that shouldn’t need
to be done.On Thursday, November 26, 2015 at 3:49:12 AM UTC-7, Juan Aguilar wrote:

Have you tried loading your own SSL certificate into Lucee via the admin
or javastore?

I have to correct myself, I did actually reported this back on Oct 21.

https://groups.google.com/d/msg/lucee/E3n8OlM3ZMc/hiGZJvieCQAJ

–DavidOn Friday, November 27, 2015 at 6:25:27 PM UTC+1, David Eurenius wrote:

Thanks Jay B for the follow-up.

We struggled with this way too long and we also came to the conclusion
that running the Scheduled Tasks on Tomcat (port 8888) was the best
solution.
Now we are always running all scheduled tasks on tomcat instead of going
out and back in again through IIS -> BonCode -> Tomcat.
We also feel that they execute/process somewhat faster.

I feel bad in not reporting this back to the community, it might have
saved some others a lot of time.

Thanks!
–David

On Wednesday, November 25, 2015 at 10:35:10 PM UTC+1, Jay B wrote:

Thought I would drop this here as I know some people continue to have
issues.

Currently running

Lucee 4.5.2.018 final
jre 1.8.0_66 (Oracle Corporation) 64bit
tomcat 8.0.26
Windows Server 2012 R2 (6.3) 64bit
IIS8 using SSL only
Sites are bound using SNI

Problem:

Since switching on SNI, scheduled tasks using cfhttp to call the local
website (https://mydomain.ca/service/export.cfm) fail with a connection
failure and a scheduler log entry “Connection
reset;java.net.SocketException: Connection reset”

This happens even after updating
httpclient-4.5.jar, httpmime-4.5.jar, httpcore-4.4.1.jar to the latest (as
recommended https://luceeserver.atlassian.net/browse/LDEV-292)

Calls to the URL in a browser work fine.

It -is- possible to set up a scheduled task to work via http (rather than
https) even if you have url rewrites to SSL only. You need to set up the
scheduled task URL to:

http://mydomain.ca/service/export.cfm (no https)

and then set the port on the line below to 8888 (or whatever port
tomcat is running on) rather than 80

Seems that remote calls to SNI enabled servers (ie: https://sni.velox.ch as
noted in LDEV-292) still do not work (fails with "Certificate for <
sni.velox.ch> doesn’t match any of the subject alternative names:…)

But since I’m not doing remote calls, my issue is solved…finally.

Thanks Jay B for the follow-up.

We struggled with this way too long and we also came to the conclusion that
running the Scheduled Tasks on Tomcat (port 8888) was the best solution.
Now we are always running all scheduled tasks on tomcat instead of going
out and back in again through IIS -> BonCode -> Tomcat.
We also feel that they execute/process somewhat faster.

I feel bad in not reporting this back to the community, it might have saved
some others a lot of time.

Thanks!
–DavidOn Wednesday, November 25, 2015 at 10:35:10 PM UTC+1, Jay B wrote:

Thought I would drop this here as I know some people continue to have
issues.

Currently running

Lucee 4.5.2.018 final
jre 1.8.0_66 (Oracle Corporation) 64bit
tomcat 8.0.26
Windows Server 2012 R2 (6.3) 64bit
IIS8 using SSL only
Sites are bound using SNI

Problem:

Since switching on SNI, scheduled tasks using cfhttp to call the local
website (https://mydomain.ca/service/export.cfm) fail with a connection
failure and a scheduler log entry “Connection
reset;java.net.SocketException: Connection reset”

This happens even after updating
httpclient-4.5.jar, httpmime-4.5.jar, httpcore-4.4.1.jar to the latest (as
recommended https://luceeserver.atlassian.net/browse/LDEV-292)

Calls to the URL in a browser work fine.

It -is- possible to set up a scheduled task to work via http (rather than
https) even if you have url rewrites to SSL only. You need to set up the
scheduled task URL to:

http://mydomain.ca/service/export.cfm (no https)

and then set the port on the line below to 8888 (or whatever port
tomcat is running on) rather than 80

Seems that remote calls to SNI enabled servers (ie: https://sni.velox.ch as
noted in LDEV-292) still do not work (fails with "Certificate for <
sni.velox.ch> doesn’t match any of the subject alternative names:…)

But since I’m not doing remote calls, my issue is solved…finally.