500 error/Permission issue with IIS 7

190 views
Skip to first unread message

hofar...@houseoffusion.com

unread,
Mar 27, 2015, 1:53:18 PM3/27/15
to ColdFusion Technical Talk

I have been down the rabbit hole with this all day and have not been able
to figure this out. I have been all over The Google with no love.

We followed the CF 11 lockdown guide and got everything working fine for 2
domains/applications. We went to set up a third domain that uses
subdirectories as the root directory for seperate applications and we get a
500 error (details below) when we hit a subdirectory like so:

http://www.mydomain.com/somedir/

But if I add index.cfm to the URL like below everything works fine.

http://www.mydomain.com/somedir/index.cfm

And, yes, the default document is set to index.cfm and the permissions for
all the sub directories are identical to the domains what work (as per the
lockdown guide).

IIS error details

Module IsapiModule
Notification ExecuteRequestHandler
Handler cfmHandler
Error Code 0x80004005


Anyone have an idea how to remedy this situation?

As always, many TIA,

G!


*Gerald Anthony Guido*
Nullius in verba <http://en.wikipedia.org/wiki/Nullius_in_verba>
-- Horace

learn.geraldguido.com
Twitter <https://twitter.com/CozmoTrouble>
Facebook <https://www.facebook.com/gerald.guido.9>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360312

hofar...@houseoffusion.com

unread,
Mar 31, 2015, 6:37:30 AM3/31/15
to ColdFusion Technical Talk

I have run into this very issue. If I remember, it ended up being a corruption in the web.config default documents. Try rebuilding that section.

Dave
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360315

hofar...@houseoffusion.com

unread,
Mar 31, 2015, 7:07:24 AM3/31/15
to ColdFusion Technical Talk

Questions:

Did you create a connector to IIS with WSConfig tool?
Do you have a Jakarta Alias in the IIS site?

Those are the two most common issues for this type of error. If your wsconfig was used to configure all sites and then later a new site was added the number one this is people forgetting that the connector needs to be added to the new site via the Jakarta alias.

Regards,
Wil


Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wil...@trunkful.com
www.trunkful.com
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360317

hofar...@houseoffusion.com

unread,
Mar 31, 2015, 9:03:34 AM3/31/15
to ColdFusion Technical Talk

Hi,
I have an application under CF 9 with a paiment module using Paypal.
At the end of the process, Paypal acknowledges the paiement and my app calls a Paypal page to validate the whole operation. This is done with a CFHTTP call
This application has been working fine for years with no modification, bur all of a sudden starting March 23rd, I get this error:
I/O Exception: peer not authenticated
It appears to be an error with the SSL certificate, but how come ?
The Paypal site is verified by Verisign.
What ca I do?


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360320

hofar...@houseoffusion.com

unread,
Mar 31, 2015, 2:23:59 PM3/31/15
to ColdFusion Technical Talk

>
> Did you create a connector to IIS with WSConfig tool?
> Do you have a Jakarta Alias in the IIS site?
> It ended up being a corruption in the web.config default documents.


Thanx for the replies. All of those are in order. I did manage to figure
out a kludge to get the sites up until I can figure out a proper solution.

As always, thanx,

G!

*Gerald Anthony Guido*
Nullius in verba <http://en.wikipedia.org/wiki/Nullius_in_verba>
-- Horace

learn.geraldguido.com
Twitter <https://twitter.com/CozmoTrouble>
Facebook <https://www.facebook.com/gerald.guido.9>

Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360330

hofar...@houseoffusion.com

unread,
Mar 31, 2015, 2:48:24 PM3/31/15
to ColdFusion Technical Talk

I replied to this days ago but the list rejected it.

if you enabled detailed errors then you might get more details if it is a
CFM issue

however I suspect this is a problem with the cf connector not being to
handle virtual directories, I have not really bothered with cf10/11 so have
not tested this.
But you may need to add a mapping in the uriworkermap.properties file, see
here for general instructions
https://helpx.adobe.com/coldfusion/kb/coldfusion10-iis-manual-connector-configuration.html

try adding a mapping for

/your vDir/* = cfusion

On Mon, Mar 30, 2015 at 2:34 PM, David Phelan <DPH...@emerginghealthit.com>
wrote:
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360331

hofar...@houseoffusion.com

unread,
Apr 1, 2015, 3:29:35 PM4/1/15
to ColdFusion Technical Talk

This sounds like it could be the Poodle vulnerability that I faced a few
months back when Chase Paymentech disabled SSL 3.0. What version of Java is
the server running? Java 7 allows SSL 3.0 to negotiate using TLS. I had to
convince my host to update from Java 6.
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360340

hofar...@houseoffusion.com

unread,
Apr 1, 2015, 3:50:20 PM4/1/15
to ColdFusion Technical Talk

Try taking the restricted ip addresses out of your paypal account - we ran
into this as well and after 2 days of battling it, this did fix the issue
for us

Sincerely,

Kurt Kaptein
President
Spectrum Net Designs, Inc
PO Box 806
Grandville, MI 49468

Ph: 616-538-2914
Toll Free: 866-773-2638
Fax: 616-538-5691

Visit our Website: www.spectrumnetdesigns.com
Email: ku...@spectrumnetdesigns.com
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360342

hofar...@houseoffusion.com

unread,
Apr 1, 2015, 6:41:53 PM4/1/15
to ColdFusion Technical Talk

I suspect they disabled various ssl protocols due to poodle, you should ask
them. The default response ro poodle was to disable everything except
latest tls version, which is not supported out of the box by the jvm that
ships with cf9.
Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360346

hofar...@houseoffusion.com

unread,
Apr 1, 2015, 6:52:55 PM4/1/15
to ColdFusion Technical Talk

If they have disable the older SSL protocols here are two blog posts I did on how to handle that with CFHTTP and your Java version.

Java Version
http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-JVM-SSL-CA-CERTS-and-POODLE

CFHTTP and JVM switches
http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion

If they have disabled TLSv1.0 then we could have bigger troubles.

Regards,
Wil



Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wil...@trunkful.com
www.trunkful.com

Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360347
Reply all
Reply to author
Forward
0 new messages