What permissions are on the file containing the DLL, and Worker files?
Dream * Excel * Explore * Inspire Jon McAlexander Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions Upcoming PTO: 11/8, 11/11, 11/15, 11/22, 11/28, 11/29, 12/2, 12/6, 12/13, 12/20 – 12/31 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -----Original Message----- From: Ellen Meiselman <elle...@gmail.com> Sent: Tuesday, February 25, 2020 11:51 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat Thank you - when I remove the secret line, save and restart Tomcat, it results in the same 403 error. On Tue, Feb 25, 2020 at 12:34 PM André Warnier (tomcat/perl) <a...@ice-sa.com> wrote: > The workers.properties below look good to me at first sight. > > Just to eliminate something, could you try the following changes : > > 1) workers.properties : > remove the line > > worker.worker1.secret="mySecret". > > 2) AJP Connector in tomcat : > > <Connector protocol="AJP/1.3" > address="127.0.0.1" > port="8009" > secretRequired="false" > redirectPort="8443" /> > > then restart tomcat and IIS. > What's happening then ? > > Note : this is something new in tomcat 8.5.51 compared to 8.5.50 and > earlier. > Before, by default, the "secret" was disabled. Since 8.5.51, by > default, the secret is enabled, and you have to disable it explicitly > if you don't want it (as I did above). > > With the settings above, we are just trying to get back to a > configuration without secret, to check if that works in your case. > As indicated in the documentation > ( > http://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html#Standard_Imple > mentations) > you can > do that in your case, because the communication between IIS and Tomcat > is fairly secure, since it happens all within the same host. > > > On 25.02.2020 18:06, Ellen Meiselman wrote: > > Yes, everything is on the same server. > > > > workers.properties: > > # Set properties for worker1 (ajp13) > > worker.worker1.type=ajp13 > > worker.worker1.host=127.0.0.1 > > worker.worker1.port=8009 > > worker.worker1.secret="mySecret". > > > > On Tue, Feb 25, 2020 at 11:27 AM > > <jonmcalexan...@wellsfargo.com.invalid> > > wrote: > > > >> -----Original Message----- > >> From: Ellen Meiselman <elle...@gmail.com> > >> Sent: Tuesday, February 25, 2020 10:01 AM > >> To: Tomcat Users List <users@tomcat.apache.org> > >> Subject: Re: At wits end: Difficulties with IIS ISAPI connector and > Tomcat > >> > >>> Hi, > >> > >>> I've been testing, and so far, there is no change in the behavior. > >>> I am > >> still getting the same tomcat->based 403 error. > >> > >>> Based on what you said above... > >>> > >>> secretRequired="true" (which is the default, so it can be removed) > >>> secret="xxxxxxx" > >> > >> > >>> ...I removed secretRequired="true" and left secret. So the > >>> connector > >> definition now looks like this: > >>> <Connector protocol="AJP/1.3" > >>> address="127.0.0.1" > >>> port="8009" > >>> secret="mySecret" > >>> redirectPort="8443" /> > >> > >> <SNIP> > >> > >> I'm assuming that your web-front-end is on the same server as your > Tomcat > >> instance, based on you having the address set to 127.0.0.1, correct? > What > >> do you have in your workers.properties file? > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >