SSL on a single subdirectory/URI

Similar Messages

• SSL Content rules based on uri

  I don't seem to be able to construct an ssl content rule that allows dilineation by uri. The documentation says to set the rule as follows for ssl:
  vip address x.x.x.x
  add service abcd
  add service defg
  application ssl
  advanced-balance ssl
  protocol tcp
  port 443
  uri "/*"
  active
  This works but if I try to change the uri to:
  uri "/CSO/html/SignOn.html" the rule stops working.
  Is it possible to do this?????

  That's the nature of SSL.
  All traffic is encrypted to avoid people to look at it.
  So, the CSS does not see and has no way to see the URL.
  With 'url "/*"' it works because it means any URL.
  Gilles.

• CSS - 11506 - Adding New SSL Services on Single SSL Modules

  Hi,
  We are having one pair of CCS 11506 currently SSL services are running on slot4 with single SSL module.Now we are planning to add one more SSL application with different certificates & keys on different VIP.
  Can we use the same slot4 for new application & using different certicates & keys on same SSL modules.Your reponse is appriecated

  Hi Sean,
  Thanks for replying back just want few clarifcations in configuration part.
  1. If new vlan is given for new application then how to point routes to the new vlan as default routes to exisitng vlan is already present.
  2. I've prepare sample config template with details steps & let us know will it work & if changes is required kindly let us know.
  1.# ftp-record ssl_record 192.168.19.21 johndoe "abc123"
  /home/johndoe
  2.# copy ssl sftp ssl_record import rsacert.pem PEM "passwd123"
  Connecting
  Completed successfully
  3.# copy ssl sftp ssl_record import rsakey.pem PEM "passwd123"
  Connecting
  Completed successfully
  4.Enter configuration mode.
  # config
  (config) #
  4. To use RSA public key exchange and authentication:
  a. Associate the imported RSA certificate with a file.
  (config) # ssl associate cert myrsacert1 rsacert.pem
  b. Associate the imported RSA key pair with a file.
  (config) # ssl associate rsakey myrsakey1 rsakey.pem
  5. Compare the public key in the associated certificate with the public key
  stored with the associated private key and verify that they are identical.
  (config) # ssl verify myrsacert1 myrsakey1
  Certificate mycert1 matches key mykey1
  ssl associate rsakey NEWKEY newkey.pem
  ssl associate cert NEWCERT newcert.pem
  !************************* INTERFACE *************************
  interface 3/3
  description "****WEB SIDE****"
  bridge vlan _ID_X.X.X.X
  bridge port-fast enable
  interface 3/4
  bridge vlan_ID_Y.Y.Y.Y
  bridge port-fast enable
  description "****PIX SIDE****"
  !************************** CIRCUIT **************************
  circuit VLAN_ID_X
  ip address A.A.A.A B.B.B.0
  ip virtual-router 2 priority 101 preempt
  ip redundant-interface 3 C.C.C.C
  ip critical-service 3 chk-con-pix_Y.Y.Y.Y
  ip critical-service 3 chk-con-web_X.X.X.X
  circuit VLAN_ID_Y
  ip address D.D.D.D E.E.E.0
  ip virtual-router 4 priority 101 preempt
  ip redundant-vip 4 F.F.F.F
  ip critical-service 4 chk-con-pix_Y.Y.Y.Y
  ip critical-service 4 chk-con-web_X.X.X.X
  !*********************** SSL PROXY LIST ***********************
  ssl-proxy-list NEW
  ssl-server 20
  ssl-server 20 vip address F.F.F.F
  ssl-server 20 cipher rsa-with-rc4-128-sha F.F.F.F 81
  ssl-server 20 cipher rsa-with-rc4-128-md5 F.F.F.F 81
  ssl-server 20 rsacert NEWCERT
  ssl-server 20 rsakey NEWKEY
  active
  !************************** SERVICE **************************
  service FRONT_SSL
  type ssl-accel
  slot 4
  keepalive type none
  add ssl-proxy-list NEW
  active
  service WEBSERVER-03
  ip address G.G.G.G
  redundant-index 3
  protocol tcp
  port 80
  active
  service WEBSERVER-04
  ip address H.H.H.H
  redundant-index 4
  protocol tcp
  port 80
  active
  service chk-con-pix_Y.Y.Y.Y
  keepalive type script ap-kal-pinglist "N.N.N.N"
  ip address J.J.J.J
  keepalive frequency 2
  keepalive maxfailure 2
  keepalive retryperiod 2
  active
  service chk-con-web_X
  ip address K.K.K.K
  keepalive type script ap-kal-pinglist "P.P.P.P"
  keepalive frequency 2
  keepalive maxfailure 2
  keepalive retryperiod 2
  active
  !*************************** OWNER ***************************
  owner NEW
  content BACKNEW_HTTP
  vip address F.F.F.F
  add service WEBSERVER-03
  add service WEBSERVER-04
  protocol tcp
  port 81
  url "/*"
  redundant-index 5
  no persistent
  active
  content FRONTENDNEW_SSL
  vip address F.F.F.F
  protocol tcp
  port 443
  application ssl
  add service FRONT_SSL
  active
  content NEW
  url "//www.ABC.com/*"
  vip address F.F.F.F
  protocol tcp
  port 80
  redundant-index 4
  redirect "https://ABC.com"
  active
  your reply on this would be highly appericated.

• 2-Way SSL for a single web app

  Hi all,
  I have got 2-way SSL working on my WLS 8.1.4.
  However we have an existing app that uses 1-way SSL already running on the same WLS.
  Is it possible to allow 1-way SSL for the existing app and only use 2-way on my new app?
  Looking at the console enforcing client certificates seems to be a server wide setting. I was hoping that maybe I would be able to restrict it in the web.xml file.
  Any advice would be appreciated.
  Thanks
  Alan

  It is a domain wide setting. Can you not create a new domain? I do not think that you can handle it from web.xml. I have never seen such thing in web.xml.

• How to configure sso with SSL step by step

  Purpose
  In this document, you can learn how to configure SSO with SSL. After user have certificate installed in browser, he can login without input username and password.
  Overview
  In this document we will demonstrate:
  1.     How to configure OHS support SSL
  2.     How to Register SSO with SSL
  3.     Configure SSO for certificates
  Prerequisites
  Before start this document, you should have:
  1.     Oracle AS 10g infrastructure installed (10.1.2)
  2.     OCA installed
  Note:
  1.     “When you install Oracle infrastructure, please make sure you have select OCA.
  2.     How Certificate-Enabled Authentication Works:
  a.     The user tries to access a partner application.
  b.     The partner application redirects the user to the single sign-on server for authentication. As part of this redirection, the browser sends the user's certificate to the login URL of the server (2a). If it is able to verify the certificate, the server returns the user to the requested application.
  c.     The application delivers content. Users whose browsers are configured to prompt for a certificate-store password may only have to present this password once, depending upon how their browser is configured. If they log out and then attempt to access a partner application, the browser passes their certificate to the single sign-on server automatically. This means that they never really log out. To effectively log out, they must close the browser.
  Enable SSL on the Single Sign-On Middle Tier
  The following steps involve configuring the Oracle HTTP Server. Perform them on the single sign-on middle tier. In doing so, keep the following in mind:
  l     You must configure SSL on the computer where the single sign-on middle tier is running.
  l     You are configuring one-way SSL.
  l     You may enable SSL for simple network encryption; PKI authentication is not required. Note though that you must use a valid wallet and server certificate. The default wallet location is ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default.
  1.     Back up the opmn.xml file, found at ORACLE_HOME/opmn/conf
  2.     In opmn.xml, change the value for the start-mode parameter to ssl-enabled. This parameter appears in boldface in the xml tag immediately following.
  <ias-component id="HTTP_Server">
  <process-type id="HTTP_Server" module-id="OHS">
  <module-data>
  <category id="start-parameters">
  <data id="start-mode" value="ssl-enabled"/>
  </category>
  </module-data>
  <process-set id="HTTP_Server" numprocs="1"/>
  </process-type>
  </ias-component>
  3.     Update the distributed cluster management database with the change: ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct opmn
  4.     Reload the modified opmn configuration file:
  ORACLE_HOME/opmn/bin/opmnctl reload
  5.     Keep a non-SSL port active. The External Applications portlet communicates with the single sign-on server over a non-SSL port. The HTTP port is enabled by default. If you have not disabled the port, this step requires no action.
  6.     Apply the rule mod_rewrite to SSL configuration. This step involves modifying the ssl.conf file on the middle-tier computer. The file is at ORACLE_HOME/Apache/Apache/conf. Back up the file before editing it.
  Because the Oracle HTTP Server has to be available over both HTTP and HTTPS, the SSL host must be configured as a virtual host. Add the lines that follow to the SSL Virtual Hosts section of ssl.conf if they are not already there. These lines ensure that the single sign-on login module in OC4J_SECURITY is invoked when a user logs in to the SSL host.
  <VirtualHost ssl_host:port>
  RewriteEngine on
  RewriteOptions inherit
  </VirtualHost>
  Save and close the file.
  7.     Update the distributed cluster management database with the changes:
  ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct ohs
  8.     Restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl startproc process-type=HTTP_Server
  9.     Verify that you have enabled the single sign-on middle tier for SSL by trying to access the OracleAS welcome page, using the format https://host:ssl_port.
  Reconfigure the Identity Management Infrastructure Database
  Change all references of http in single sign-on URLs to https within the identity management infrastructure database. When you change single sign-on URLs in the database, you must also change these URLs in the targets.xml file on the single sign-on middle tier. targets.xml is the configuration file for the various "targets" that Oracle Enterprise Manager monitors. One of these targets is OracleAS Single Sign-On.
  1.     Change Single Sign-On URLs
  Run the ssocfg script, taking care to enter the command on the computer where the single sign-on middle tier is located. Use the following syntax:
  UNIX:
  $ORACLE_HOME/sso/bin/ssocfg.sh protocol host ssl_port
  Windows:
  %ORACLE_HOME%\sso\bin\ssocfg.bat protocol host ssl_port
  In this case, protocol is https. (To change back to HTTP, use http.) The parameter host is the host name, or server name, of the Oracle HTTP listener for the single sign-on server.
  Here is an example:
  ssocfg.sh https login.acme.com 4443
  2. Restart OC4J_SECURITY instance and verify the configuration
  To determine the correct port number, examine the ssl.conf file. Port 4443 is the port number that the OracleAS installer assigns during installation.
  If you run ssocfg successfully, the script returns a status 0. To confirm that you were successful, restart the OC4J_SECURITY instance:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Then try logging in to the single sign-on server at its SSL address:
  https://host:ssl_port/pls/orasso/
       3. Back up the file targets.xml:
  cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.backup
  4. Open the file and find the target type oracle_sso_server. Within this target type, locate and edit the three attributes that you passed to ssocfg:
  ·     HTTPMachine—the server host name
  ·     HTTPPort—the server port number
  ·     HTTPProtocol—the server protocol
  If, for example, you run ssocfg like this:
  ORACLE_HOME/sso/bin/ssocfg.sh http sso.mydomain.com:4443
  Update the three attributes this way:
  <Property NAME="HTTPMachine" VALUE="sso.mydomain.com"/>
  <Property NAME="HTTPPort" VALUE="4443"/>
  <Property NAME="HTTPProtocol" VALUE="HTTPS"/>
  5.Save and close the file.
  6.     Reload the OracleAS console:
       ORACLE_HOME/bin/emctl reload
  7. Issue these two commands:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Registering mod_osso
  1.     This command sequence that follows shows a mod_osso instance being reregistered with the single sign-on server.
  $ORACLE_HOME/sso/bin/ssoreg.sh
       -oracle_home_path $ORACLE_HOME
       -config_mod_osso TRUE
       -mod_osso_url https://myhost.mydomain.com:4443
  2.     Restarting the Oracle HTTP Server
  After running ssoreg, restart the Oracle HTTP Server:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  Configuring the Single Sign-On System for Certificates
  1.     Configure policy.properties with the Default Authentication Plugin
  Update the DefaultAuthLevel section of the policy.properties file with the correct authentication level for certificate sign-on. This file is at ORACLE_HOME/sso/conf. Set the default authentication level to this value:
  DefaultAuthLevel = MediumHighSecurity
  Then, in the Authentication plugins section, pair this authentication level with the default authentication plugin:
  MediumHighSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOX509CertAuth
  2.     Restart the Single Sign-On Middle Tier
  After configuring the server, restart the middle tier:
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
  ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
  Bringing the SSO Users to OCA User Certificate Request URL
  The OCA server reduces the administrative and maintenance cost of provisioning a user certificate. The OCA server achieves this by authenticating users by using OracleAS SSO server authentication. All users who have an Oracle AS SSO server account can directly get a certificate by using the OCA user interface. This reduces the time normoally requidred to provision a certificate by a certificate authority.
  The URL for the SSO certificate Request is:
  https://<Oracle_HTTP_host>:<oca_ssl_port>/oca/sso_oca_link
  You can configure OCA to provide the user certificate request interface URL to SSO server for display whenever SSO is not using a sertificate to authenticate a user. After the OracleAS SSO server authenticates a user, it then display the OCA screen enabling that user to request a certificate.
  To link the OCA server to OracleAS SSO server, use the following command:
  ocactl linksso
  opmnctl stoproc type=oc4j instancename=oca
  opmnctl startproc type=oc4j instancename=oca
  You also can use ocactl unlinksso to unlink the OCA to SSO.

  I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
  The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
  on a URL that looks like this :
  http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  and gives the error :
  ( Forbidden
  You don't have permisission to access /sso/auth on this server at port 7777)
  when I manually change the URL to :
  https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
  the SSO works correctly.
  The question is :
  How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
  Any ideas ?
  Thanks in advance

• How to Setup SSL on Oracle Application Server 10g Release 2 (10.1..2)

  Hi All,
  Can anybody tell me How to setup the SSL on Oracle Application Server 10g Release 2 (10.1.2).
  I have all the required documents like
  1. Oracle Application Server Portal Server Configuration Guide.
  2. Oracle Application Server Web Cache Configuration Guide.
  3. Oracle Application Server SSO Administration Guide.
  I tried to follow all this documents but still i am not able to set SSL for Oracle Portal Server.

  The Portal Configuration Guide, available on OTN at http://www.oracle.com/technology/documentation/appserver1012.html does provide some very specific information on how to set up OracleAS Portal.
  Section 6.3.2.1 Configuring SSL for OracleAS Portal describes various configurations, such as:
  SSL to OracleAS Single Sign-On
  SSL to OracleAS Web Cache
  SSL Throughout OracleAS Portal
  External SSL with Non-SSL Within Oracle Application Server
  For larger enterprise configurations, you can refer to the Enterprise Deployment Guide.
  Can you give a bit more background on what you are trying to set up? Which scenario, what sort of hardware, software versions, and so on.
  Regards,
  Pete

• Https ssl config Oracle AS, webcache, portal...almost works

  Hi,
  I have searched the forums and I havent found anything that works for me.
  I have Oracle infrastructure on one server, and Oracle App server/portal on another server. I can get as far as the http server showing the "welcome to oracle" page in https form. When I try to access a page in the portal (plsql) I get a blank page. It does convert the "https://myserver:xxxx//pls/portal/url/page/IRWEB/HOME
  " to "https://myserver:xxxx/portal/page?_pageid=73,86254,73_86264:73_86316:73_8632...." but nothing comes up.
  Also, it uses the Infrastructure server for single-sign-on...so I need to make the app server do the single sign-on. I've tried by adding /pls/orasso entry in DADS.conf of http server..
  So as far as I can tell...the http server IS operating in https/ssl, but the single-sign-on and the pages in the portal are not.
  I have to do everything manually since I am using 10.1.2 (no Oracle Collab Suite installed, so no SSLConfigTool and other assistants)
  Here is what I've done to get https://myserver:xxxx/ to come up ok.
  server 1: Oracle Infrastructure and Oracle database release 1 10.1.2.0.0
  server 2: Oracle Application Server / Portal with webcache release 2 10.1.2
  using Oracle Wallet for certificate,
  http server -> process management "ssl-enabled",
  http server -> advanced -> ssl.config: SSLWallet file:, SSLWalletPassword, virtual host for ssl
  webcache -> added settings for ssl (I used the current entries for non-ssl as a guide for the ssl entries)
  Interesting issue...with the ports in the ssl.conf file example:
  Port 4459
  Listen 4459
  VirtualHose myserver.blah.edu:4450
  Port 4458
  When I get the blank page trying to use ssl and 4459, I can manually change the url in my browser to 4458 (or maybe its the other way around) and get this message: "Error: The portlet could not be contacted"
  Is this a problem with webcache? Do I have to do any ssl config on the server with the database?
  I've even tried disabling the webcache, both with the oracle sql script and through web interface but neither made a difference...same problem.
  Any help would be greatly appreciated..I feel as if I'm almost there.
  If I did not post enough info for accurate help, please ask what you need to know to provide help! Thanks in advance.

  Hi,
  Yes you can go for SSl configuration without re-installing any of the components.
  Regards,
  access_tammy

• MapViewer.getGeneratedImaegURL() does not return https for SSL mapviewers

  We've setup a SSL mapviewer with an https:// URI but MapViewer.getGeneratedMapImageURL returns http://uri:7002 instead of https://uri:7002
  This is easy enough to fix by testing if the getServiceURL starts with "https" and testing the start of getGeneratedMapURL and then replacing the "http:" with "https:" but it's a bug so we're reporting it here.
  Thanks, Mark

  Hi Mark,
  thanks for your note. We will look it.
  Joao

• SIP Dialling URI dialling- looking forward

  Im looking at SIP addressing and URI and need to  assign a URI to each Directory Number, my understanding is that
  1. The naming convention can be anything as it is only CUCM significant -is this ok ?
  2 It doesn't need to be in dns - again is this correct, as it is only used in CUCM?
  DN 1234
  Directory URI [email protected]
  So when a user dials the URI via a cisco handset or telephony , CUCM knows the IP destination it needs to call in the same way as if it dialled it via a DN
  when user A who can make video calls dials user B who is also video enabled, CUCM through exchange of capability setups a video calls. If the same user dials User C who is only voice then a voice call is set up- all ok
  This capability is ok for internal use however thinking ahead what should the URI be if I allow external inbound SIP as with Skype type calls. A skype user or any other SIP user who has a video enabled devices now calls User A - does a video call get set up?
  Does the SIP, Skype user need to call user A using a different SIP address based upon the type of call it wants to carry out?
  [email protected]
  [email protected]
  or does message exchange identify which device to use so we just need to advertise a single SIP/URI address- [email protected]
  thanks

  Thanks for your comments
  I can understand why some people may think they want URI but is there a real reason?
  URI – can not be dialed on handset
  URI from desk top – yes but if you deploy Desktop Click to Call then what you actually use to dial I say users names – you don’t care what sits behind it ?
  URI address in CUCM is an alias which actual dials the DN still?
  What is the URI format , is seems you need to distinguished between an “email “ address and a voice URI. I guess you can have the same format
  [email protected] - Email
  [email protected] - IM, Press, voice
  However I guess this would only be true if the Voice URI is only significant to voice and you use a separate application for voice and that it is independent from email
  My ideal is that my signature for internal emails and voice would be the same- [email protected] . so it if you open a dial option in jabber and click on the singe link then jabber makes the call or if you do not initiate a dial option then an email is opened
  Or do you have to create separate URI for voice
  [email protected]
  [email protected]
  Externally
  I guess you have inbound calls from various dedicated external systems such as Skype then you could publish a single URI since only a Skype calls would use it and we have a SIP connection 
  thanks

• Tomcat restarting problem -plz help

  hi,
  Can anybody tell me why do i have to restart the server everytime i change my servlet.
  Kindly help
  Thanks and regards
  neha

  Hi Neha,
  This documentation is from JavaWebServicesDeveloperPack(Evaluation version)
  You will get more details if you can download this pack/tutorial from Java site & install it.
  http://java.sun.com/webservices/webservicespack.html
  Hope this will help you.
  Ajay.
  Manager App HOW-TO
  Introduction
  In many production environments, it is very useful to have the capability to deploy a new web application, or undeploy an existing one, without having to shut down and restart the entire container. In addition, you can request an existing application to reload itself, even if you have not declared it to be reloadable in the Tomcat 4 server configuration file.
  To support these capabilities, Tomcat 4 includes a web application (installed by default on context path /manager) that supports the following functions:
  Deploy a new web application, on a specified context path, from the uploaded contents of a WAR file.
  Install a new web application, which can be anywhere on the server's disks.
  List the currently deployed web applications, as well as the sessions that are currently active for those web apps.
  Reload an existing web application, to reflect changes in the contents of /WEB-INF/classes or /WEB-INF/lib.
  Remove an installed web application.
  Start a stopped application (thus making it available again).
  Stop an existing application (so that it becomes unavailable), but do not undeploy it.
  Undeploy a deployed web application and delete its document base directory.
  Since Manager is itself a web application, it interacts with you using standard HTTP requests and responses. However, it's "user interface" is minimal, because it is intended to be accessed from scripts set up by the system administrator. For this reason, commands are given as part of the request URI, and responses are in the form of simple text that can be easily parsed and processed.
  Future versions of Tomcat 4 will include administrative functionality that is presented in (at least) the following forms:
  As web services, so that Tomcat administration can be easily integrated into remote and/or non-Java mnagement environments.
  As a web application with a nice user interface (built on top of the web services processing layer) for easy Tomcat administration via a web browser.
  In addition to executing Manager commands directly via HTTP, Tomcat 4 includes a convenient set of task definitions for the Ant (version 1.4 or later) build tool. See Executing Manager Commands With Ant for more information.
  Configuring Manager Application Access
  The description below uses the variable name $CATALINA_HOME to refer to the directory into which you have installed Tomcat 4, and is the base directory against which most relative paths are resolved. However, if you have configured Tomcat 4 for multiple instances by setting a CATALINA_BASE directory, you should use $CATALINA_BASE instead of $CATALINA_HOME for each of these references.
  It would be quite unsafe to ship Tomcat with default settings that allowed anyone on the Internet to execute the Manager application on your server. Therefore, the Manager application is shipped with the requirement that anyone who attempts to use it must authenticate themselves, using a username and password that have the role manager associated with them. Further, there is no username in the default users file ($CATALINA_HOME/conf/tomcat-users.xml) that is assigned this role. Therefore, access to the Manager application is completely disabled by default.
  To enable access to the Manager web application, you must either create a new username/password combination and associate the role name manager with it, or add the manager role to some existing username/password combination. Exactly where this is done depends on which Realm implementation you are using:
  MemoryRealm - If you have not customized your $CATALINA_HOME/conf/server.xml to select a different one, Tomcat 4 defaults to an XML-format file stored at $CATALINA_HOME/conf/tomcat-users.xml, which can be edited with any text editor. This file contains an XML <user> for each individual user, which might look something like this:
  <user name="craigmcc" password="secret" roles="standard,manager" />
  which defines the username and password used by this individual to log on, and the role names he or she is associated with. You can add the manager role to the comma-delimited roles attriute for one or more existing users, and/or create new users with that assigned role.
  JDBCRealm - Your user and role information is stored in a database accessed via JDBC. Add the manager role to one or more existing users, and/or create one or more new users with this role assigned, following the standard procedures for your environment.
  JNDIRealm - Your user and role information is stored in a directory server accessed via LDAP. Add the manager role to one or more existing users, and/or create one or more new users with this role assigned, following the standard procedures for your environment.
  The first time you attempt to issue one of the Manager commands described in the next section, you will be challenged to log on using BASIC authentication. The username and password you enter do not matter, as long as they identify a valid user in the users database who possesses the role manager.
  Supported Manager Commands
  All commands that the Manager application knows how to process are specified in a single request URI like this:
  http://{host}:{port}/manager/{command}?{parameters}
  where {host} and {port} represent the hostname and port number on which Tomcat is running, {command} represents the Manager command you wish to execute, and {parameters} represents the query parameters that are specific to that command. In the illustrations below, customize the host and port appropriately for your installation.
  Most commands accept one or more of the following query parameters:
  path - The context path (including the leading slash) of the web application you are dealing with. To select the ROOT web application, specify a zero-length string. NOTE - It is not possible to perform administrative commands on the Manager application itself.
  war - URL of a web application archive (WAR) file, or pathname of a directory, that contains the web application. You can use URLs in any of the following formats:
  file:/absolute/path/to/a/directory - The absolute path of a directory that contains the unpacked version of a web application. This directory will be attached to the context path you specify without any changes.
  file:/absolute/path/to/a/webapp.war - The absolute path of a web application archive (WAR) file. This is valid only for the /deploy command, and is the only acceptable format to that command.
  jar:file:/absolute/path/to/a/warfile.war!/ - The URL to a local web application archive (WAR) file. You can use any syntax that is valid for the JarURLConnection class for reference to an entire JAR file.
  jar:http://hostname:port/path/to/a/warfile.war!/ - You can also deploy web applications from a remote JAR file. You can use any syntax that is valid for the JarURLConnection class for reference to an entire JAR file.
  Each command will return a response in text/plain format (i.e. plain ASCII with no HTML markup), making it easy for both humans and programs to read). The first line of the response wil begin with either OK or FAIL, indicating whether the requested command was successful or not. In the case of failure, the rest of the first line will contain a description of the problem that was encountered. Some commands include additional lines of information as described below.
  Internationalization Note - The Manager application looks up its message strings in resource bundles, so it is possible that the strings have been translated for your platform. The examples below show the English version of the messages.
  Deploy A New Application
  http://localhost:8080/manager/deploy?path=/foo
  Upload the web application archive (WAR) file that is specified as the request data in this HTTP PUT request, install it into the appBase directory of our corresponding virtual host, and start it on the context path specified by the path request parameter. The application can later be undeployed (and the corresponding application directory removed) by use of the /undeploy.
  NOTE - Since this command requires an HTTP PUT request, it is usable only from tools (such as the custom Ant tasks described below). To install a new web application without copying, consider the /install command described below. This command is the logical opposite of the /undeploy command.
  If installation and startup is successful, you will receive a response like this:
  OK - Deployed application at context path /foo
  Otherwise, the response will start with FAIL and include an error message. Possible causes for problems include:
  Application already exists at path /foo
  The context paths for all currently running web applications must be unique. Therefore, you must either remove or undeploy the existing web application using this context path, or choose a different context path for the new one.
  Encountered exception
  An exception was encountered trying to start the new web application. Check the Tomcat 4 logs for the details, but likely explanations include problems parsing your /WEB-INF/web.xml file, or missing classes encountered when initializing application event listeners and filters.
  Invalid context path was specified
  The context path must start with a slash character, unless you are referencing the ROOT web application -- in which case the context path must be a zero-length string.
  No context path was specified
  The path parameter is required.
  Install A New Application
  http://localhost:8080/manager/install?path=/foo&war=file:/path/to/foo
  http://localhost:8080/manager/install?path=/bar&war=jar:file:/path/to/bar.war!/
  Install and start a new web application, attached to the specified context path (which must not be in use by any other web application). The war parameter specifies a URL (including the file: scheme) for either a directory or a web application archive (WAR) file. The supported syntax for a URL referring to a WAR file is described on the Javadocs page for the java.net.JarURLConnection class. Use only URLs that refer to the entire WAR file. This command is the logical opposite of the /remove command.
  If installation and startup is successful, you will receive a response like this:
  OK - Installed application at context path /foo
  Otherwise, the response will start with FAIL and include an error message. Possible causes for problems include:
  Application already exists at path /foo
  The context paths for all currently running web applications must be unique. Therefore, you must either remove or undeploy the existing web application using this context path, or choose a different context path for the new one.
  Document base does not exist or is not a readable directory
  The URL specified by the war parameter must identify a directory on this server that contains the "unpacked" version of a web application, or the absolute URL of a web application archive (WAR) file that contains this application. Correct the value specified by the war parameter.
  Encountered exception
  An exception was encountered trying to start the new web application. Check the Tomcat 4 logs for the details, but likely explanations include problems parsing your /WEB-INF/web.xml file, or missing classes encountered when initializing application event listeners and filters.
  Invalid application URL was specified
  The URL for the directory or web application that you specified was not valid. Such URLs must start with file:, and URLs for a WAR file must end in ".war".
  Invalid context path was specified
  The context path must start with a slash character, unless you are referencing the ROOT web application -- in which case the context path must be a zero-length string.
  No context path was specified
  The path parameter is required.
  List Currently Deployed and Installed Applications
  http://localhost:8080/manager/list
  List the context paths, current status (running or stopped), and number of active sessions for all currently deployed and installed web applications. A typical response immediately after starting Tomcat might look like this:
  OK - Listed applications for virtual host localhost
  /webdav:running:0
  /examples:running:0
  /manager:running:0
  /:running:0
  Reload An Existing Application
  http://localhost:8080/manager/reload?path=/examples
  Signal an existing application to shut itself down and reload. This can be useful when you've recompiled classes on an application that is not configured with the reloadable="true" attribute in its <Context> entry in $CATALINA_HOME/conf/server.xml, or when you've made other changes (such as to conf/web.xml) that are not automatically recognized by Tomcat.
  If this command succeeds, you will see a response like this:
  OK - Reloaded application at context path /examples
  Otherwise, the response will start with FAIL and include an error message. Possible causes for problems include:
  Encountered exception
  An exception was encountered trying to restart the web application. Check the Tomcat 4 logs for the details.
  Invalid context path was specified
  The context path must start with a slash character, unless you are referencing the ROOT web application -- in which case the context path must be a zero-length string.
  No context exists for path /foo
  There is no deployed or installed application on the context path that you specified.
  No context path was specified
  The path parameter is required.
  Reload note supported on WAR deployed at path /foo
  Currently, application reloading (to pick up changes to the classes or web.xml file) is not supported when a web application is installed directly from a WAR file. It only works when the web application is installed from an unpacked directory. If you are using a WAR file, you should remove and then install the application again to pick up your changes.
  Remove an Existing Application
  http://localhost:8080/manager/remove?path=/examples
  Signal an existing application to gracefully shut itself down, and then remove it from Tomcat (which also makes this context path available for reuse later). This command is the logical opposite of the /install command.
  If this command succeeds, you will see a response like this:
  OK - Removed application at context path /examples
  Otherwise, the response will start with FAIL and include an error message. Possible causes for problems include:
  Encountered exception
  An exception was encountered trying to remove the web application. Check the Tomcat 4 logs for the details.
  Invalid context path was specified
  The context path must start with a slash character, unless you are referencing the ROOT web application -- in which case the context path must be a zero-length string.
  No context exists for path /foo
  There is no deployed or installed application on the context path that you specified.
  No context path was specified
  The path parameter is required.
  Session Statistics
  http://localhost:8080/manager/sessions?path=/examples
  Display the default session timeout for a web application, and the number of currently active sessions that fall within ten-minute ranges of their actual timeout times. For example, after restarting Tomcat and then executing one of the JSP samples in the /examples web app, you might get something like this:
  OK - Session information for application at context path /examples
  Default maximum session inactive interval 30 minutes
  30 - <40 minutes:1 sessions
  Start an Existing Application
  http://localhost:8080/manager/start?path=/examples
  Signal a stopped application to restart, and make itself available again. Stopping and starting is useful, for example, if the database required by your application becomes temporarily unavailable. It is usually better to stop the web application that relies on this database, rather than letting users continuously encounter database exceptions.
  If this command succeeds, you will see a response like this:
  OK - Started application at context path /examples
  Otherwise, the response will start with FAIL and include an error message. Possible causes for problems include:
  Encountered exception
  An exception was encountered trying to start the web application. Check the Tomcat 4 logs for the details.
  Invalid context path was specified
  The context path must start with a slash character, unless you are referencing the ROOT web application -- in which case the context path must be a zero-length string.
  No context exists for path /foo
  There is no deployed or installed application on the context path that you specified.
  No context path was specified
  The path parameter is required.
  Stop an Existing Application
  http://localhost:8080/manager/stop?path=/examples
  Signal an existing application to make itself unavailable, but leave it deployed or installed. Any request that comes in while an application is stopped will see an HTTP error 404, and this application will show as "stopped" on a list applications command.
  If this command succeeds, you will see a response like this:
  OK - Stopped application at context path /examples
  Otherwise, the response will start with FAIL and include an error message. Possible causes for problems include:
  Encountered exception
  An exception was encountered trying to stop the web application. Check the Tomcat 4 logs for the details.
  Invalid context path was specified
  The context path must start with a slash character, unless you are referencing the ROOT web application -- in which case the context path must be a zero-length string.
  No context exists for path /foo
  There is no deployed or installed application on the context path that you specified.
  No context path was specified
  The path parameter is required.
  Undeploy an Existing Application
  http://localhost:8080/manager/undeploy?path=/examples
  WARNING - This command will delete the contents of the web application directory if it exists within the appBase directory (typically "webapps") for this virtual host . If you simply want to take an application out of service, you should use the /remove command instead.
  Signal an existing application to gracefully shut itself down, and remove it from Tomcat (which also makes this context path available for reuse later). In addition, the document root directory is removed, if it exists in the appBase directory (typically "webapps") for this virtual host. This command is the logical opposite of the /deploy command.
  If this command succeeds, you will see a response like this:
  OK - Undeployed application at context path /examples
  Otherwise, the response will start with FAIL and include an error message. Possible causes for problems include:
  Encountered exception
  An exception was encountered trying to undeploy the web application. Check the Tomcat 4 logs for the details.
  Invalid context path was specified
  The context path must start with a slash character, unless you are referencing the ROOT web application -- in which case the context path must be a zero-length string.
  No context exists for path /foo
  There is no deployed or installed application on the context path that you specified.
  No context path was specified
  The path parameter is required.
  Executing Manager Commands With Ant
  In addition to the ability to execute Manager commands via HTTP requests, as documented above, Tomcat 4 includes a convenient set of Task definitions for the Ant (version 1.4 or later) build tool. In order to use these commands, you must perform the following setup operations:
  Download the binary distribution of Ant from http://jakarta.apache.org/ant. You must use version 1.4 or later.
  Install the Ant distribution in a convenient directory (called ANT_HOME in the remainder of these instructions).
  Copy the file server/lib/catalina-ant.jar from your Tomcat 4 installation into Ant's library directory ($ANT_HOME/lib).
  Add the $ANT_HOME/bin directory to your PATH environment variable.
  Configure at least one username/password combination in your Tomcat user database that includes the manager role.
  To use custom tasks within Ant, you must declare them first with a <taskdef> element. Therefore, your build.xml file might look something like this:
  <project name="My Application" default="compile" basedir=".">
  <-- Configure the directory into which the web application is built -->
  <property name="build" value="${basedir}/build"/>
  <-- Configure the context path for this application -->
  <property name="path" value="/myapp"/>
  <-- Configure properties to access the Manager application -->
  <property name="url" value="http://localhost:8080/manager"/>
  <property name="username" value="myusername"/>
  <property name="password" value="mypassword"/>
  <-- Configure the custom Ant tasks for the Manager application -->
  <taskdef name="deploy" classname="org.apache.catalina.ant.DeployTask"/>
  <taskdef name="install" classname="org.apache.catalina.ant.InstallTask"/>
  <taskdef name="list" classname="org.apache.catalina.ant.ListTask"/>
  <taskdef name="reload" classname="org.apache.catalina.ant.ReloadTask"/>
  <taskdef name="remove" classname="org.apache.catalina.ant.RemoveTask"/>
  <taskdef name="start" classname="org.apache.catalina.ant.StartTask"/>
  <taskdef name="stop" classname="org.apache.catalina.ant.StopTask"/>
  <taskdef name="undeploy" classname="org.apache.catalina.ant.UndeployTask"/>
  <-- Executable Targets -->
  <target name="compile" description="Compile web application">
  ... construct web application in ${build} subdirectory ...
  </target>
  <target name="install" description="Install web application"
  depends="compile">
  <install url="${url}" username="${username}" password="${password}"
  path="${path}" war="file://${build}"/>
  </target>
  <target name="reload" description="Reload web application"
  depends="compile">
  <reload url="${url}" username="${username}" password="${password}"
  path="${path}"/>
  </target>
  <target name="remove" description="Remove web application">
  <remove url="${url}" username="${username}" password="${password}"
  path="${path}"/>
  </target>
  </project>
  Now, you can execute commands like ant install to install th applcation to a running instance of Tomcat, or ant reload to tell Tomcat to reload it. Note also that most of the interesting values in this build.xml file are defined as replaceable properties, so you can override their values from the command line. For example, you might consider it a security risk to include the real manager password in your build.xml file's source code. To avoid this, omit the password property, and specify it from the command line:
  ant -Dpassword=secret deploy

• Unable to integrate the mail channel and "5.1.1 Unknown or Illegal Alias" SMTP error...

  Thanks in advance for your assistance.
  When I to integrate the mail channFailed to log into mail server el provided by iPlanet, the channel to be displyed with the following message: "Failed to log into mail server".
  I look at /var/opt/SUNWips/debug/iwtMailProvider logs:
  WARNING: MailProvider.getClientURL():clientURL attr. misconfigured
  Authenticate.getRelativeSsoUrl(): Cannot Authenticate! .. returning null
  Authenticate.getWebmailURL(): Returning NULL single signon uri
  MailProvider.getContent(): login failure
  javax.mail.AuthenticationFailedException
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled Code)
  at javax.mail.MessagingException.<init>(MessagingException.java:34)
  at javax.mail.AuthenticationFailedException.<init>(AuthenticationFailedException.java:27)
  at javax.mail.Service.connect(Service.java:252)
  at javax.mail.Service.connect(Service.java:131)
  at com.iplanet.portalserver.mail.Authenticate.isStoreValid(Authenticate.java:419)
  at com.iplanet.portalserver.mail.Authenticate.isStoreValid(Authenticate.java:359)
  at com.iplanet.portalserver.providers.mail.MailProvider.getContent(MailProvider.java:164)
  at com.iplanet.portalserver.providers.ProviderAdapter.getContent(Compiled Code)
  at com.iplanet.portalserver.desktop.ProviderCaller.run(Compiled Code)
  6/12/02 10:42:25 AM GMT+04:00: Thread[iwtSession.Thread#30,5,main]
  AuthCache.sessionChanged(): Got a session changed event .. processing..
  6/12/02 10:42:25 AM GMT+04:00: Thread[iwtSession.Thread#30,5,main]
  sessionChanged(): Session invalid ... clearing auth object at 8443829qrssnnstripnaaegyvrgn4nr31or5@[email protected]@8080@/gryrvasb
  What do I do ?
  Thanks in advance
  Best regards

  Did you add a new client type ?
  If you added a new client type the providers for that client type should be defined in the
  Client Specific Available Providers list. You can get there by clicking on your Domain Name/ expand desktop and then show advanced options.
  HTH ..

• Flex 4 Web Service Introspection For Dynamic WSDL Locations

  In Flex 3, introspecting a web service resulted in a constructor that allowed the location of the web service to change at runtime.  It appears that the Web Service introspection tool now only allows the single WSDL URI that was specified in the WS Wizard.  It this the case or am I just missing something?
  Flex 3 introspected services would create a service class with the following constructor signatures:
  private var service:MyWebService;
  service= new MyWebService(null, wsdlLocation);  // With parameters
  or you could use:
  service = new MyWebService(); //with no parameters
  In Flex 4, it appears that you can only use:
  service = new MyWebService();
  So if you don't know the web server location until runtime, am I going to need to manually override the instrospected/generated _super_MyWebService.as class in order to get back the ability to point to different servers at runtime?
  Anyone know why this has changed, or what the "new" way the Flash Builder 4 web service introspection tool uses for dynamic servers?
  Thanks a bunch!

  In Flex 4, it appears that you can only use:
  service = new MyWebService();
  add
  service.wsdl = "your wsdl";
  However if you want this to work you have to remove the hardcoded wsdl from the
  superclass otherwise it will not reset it,
  C

• F-44  ZBAPI MULTIPLE LINE SELECTIONS FOR WEB SERVICES

  HI TO ALL,
            I HAVE WRITTEN ZBAPI FOR POSTING MULTIPLE LINE SELECTIONS FOR TCODE F-44, THE ZBAPI  CONSIST OF BDC PROGRAM, WHICH IS WORKING IN SAP SYSTEM PERFECTLY BUT WHEN I AM USING IT IN WEB SERVICES IT IS THROWING A  ERROR MESSAGE.
                   PLEASE CAN ANY ONE TELL ME DOES THIS PROCESS WILL WORK OR NOT, IF YES HOW IS IT POSSIBLE

  Hi Gabriel,
  Let me try to answer some of your questions:
  1) The "Requires Secure Access" attribute of a resource handler controls whether this handler must be accessed/consumed only over SSL (HTTPS). Oracle Database Cloud Schema Service is only offered over SSL, so this attribute does not have any effect on RESTful services deployed in this environment (because secure access is always required and there is no other way). That said, if you want to access such web service from your own APEX instance, your instance must have Oracle Wallet configured with appropriate SSL certificate.
  2) The URI parameters are not required. If your web service returns data for many entities (for example, list of employees in employees/), you may not need a parameter. If your web service returns data for one specific entity (for example, details of one employee in employees/{id}), you may want to identify that entity with a URI parameter.
  3) You can have many URI parameters, for example: customers/{id}/orders/{order_id}.
  4) Yes, these are the same HTTP methods/verbs you would use from PHP.
  5) If you are trying this POST example from your own APEX instance (not Oracle Database Cloud Schema Service) and you are trying to access a web service over SSL, then it is likely that the Oracle Wallet used by your instance does not include the required SSL certificate(s), or the Oracle Wallet is not configured at all.
  6) I recommend to check RESTful Web Services for the Oracle Database Cloud white paper and Oracle REST Data Services Developers Guide. Oracle REST Data Services is the technology that enables RESTful services in the Oracle Database Cloud Schema Service.
  You can certainly create your own web services in the Oracle Database Cloud Schema Service and consume them from the same environment.
  Vlad

• MalformedURLException on re-direct

  I open a connection to a URL, try to get the content type, and
  get a MalformedURLException.
  It appears to me that the sun.net followRedirect function really
  doesn't like the location: (redirect) field in the HTTP: header.
  The location field returned by the server is:
  location: /digits?COUNT=13893&STYLE=6&ACCOUNT=1634283RFC 2616 specifies that the location response-header consists of
  a single absolute URI, but Mozilla (for example) accepts a
  relative URI happily.
  I'm writing a polite little webcrawler, and trying to accept
  roughly the same range that your typical web-browser would accept.
  Is there a workaround? I don't want to skip the "non-conforming"
  page, and I'm loath to write my own redirect-follower.
  The URI I'm connecting to is http://fastcounter.linkexchange.com/fastcounter?1634283+3268573
  The code snippet, from ScanNode.scan:
              /* uri is a java.net.URI */
              /* urlConn is a java.net.URLConnection */
              /* contentType is a String */
           urlConn = uri.toURL().openConnection();
           contentType = urlConn.getContentType();The stack trace:
  java.net.MalformedURLException: no protocol: digits?COUNT=13890&STYLE=6&ACCOUNT=1634283
       at java.net.URL.<init>(URL.java:579)
       at java.net.URL.<init>(URL.java:476)
       at java.net.URL.<init>(URL.java:425)
       at sun.net.www.protocol.http.HttpURLConnection.followRedirect(HttpURLConnection.java:1081)
       at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:675)
       at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:1169)
       at java.net.URLConnection.getContentType(URLConnection.java:381)
       at ScanNode.scan(ScanNode.java:146)
       at Spider1.main(Spider1.java:72)And, finally, the headers of the page in question:
  urlConn.getHeaderFields().toString() = "{Connection=[close], null=[HTTP/1.1 302 Found], Date=[Fri, 24 Oct 2003 16:45:52 GMT], Server=[Apache/1.3.6 (Unix)], Content-Type=[text/html], Transfer-Encoding=[chunked], Location=[digits?COUNT=13893&STYLE=6&ACCOUNT=1634283]}"
  Michael

  HttpURLConnection.setInstanceFollowDirect and
  setFollowDirect might be used to suppress the
  automatically tried redirection. You should then have
  to do it yourself by reading the header and correcting
  it with protocol and host before "/digits."Hi,
  I got the same problem as Michael.
  Could you plz write a litte more about how to read and set the header. And once that is done - do I then have to do a connect() on the HttpURLConnection again?
  Brgds,
  \Thomas

• RoboHelp 10: Problems generating Printed Documentation

  Environment
  Windows 7 Enterprise, Service Pack 1, 64-bit operating system
  Office Professional Plus 2010 Versions 14.0.7106.5001 (64-bit)
  RoboHelp 10: 10.0.0.287
  Visual Studio 2010 Professional. I open RoboHelp from within Source Control (have been doing it for two years).
  Problem
  Sometime after moving to RoboHelp 10, and even after successfully generating Printed Documentation output, I encountered a major problem generating Printed Documentation from RoboHelp: “Internal error encountered. Failed to generated Printed Documentation”. The error occurred when I tried to generate Printed Doc using my default TOC, which looks something like this:
  Topic A
  Topic B
  Book 1
  Book 2
  Book 3
  Topic C
  Topic D
  Based on an old Peter Grainge reply to someone about a similar problem, I removed all but the first topic from the Chapter Layout pane and generated the Help. Everything was fine until I got to the topics after Book 3. At that point everything started to fail again. When I removed Topics C, D, etc. from the Chapter Layout pane, the output was built successfully.
  I tried moving Topics C, D, etc. to the top of the Chapter Layout pane, and got the same error. I tried creating a new folder and put Topics C, D, etc. into that folder. Failure after failure.
  As an experiment, I removed all the Topics C, D, etc from the Chapter Layout pane, but then added them to the Print Document Section Layout pane (not where I want them). The Printed Documentation built successfully.
  During attempts to build with Topics C, D, etc. in the Chapter Layout pane, I kept getting a Word error: Word is trying to recover your information. After that there was always a failure.
  Selecting PDF as the output did not work when the Topic C, D, etc. files were at the bottom of the Chapter Layout pane.
  I create a new TOC and a new Printed Documentation SSL. Failed to generate.
  As a matter of reference, I've been generating Printed Documentation from the same TOC for more than a year and so cannot figure out what has changed in RoboHelp or Word to cause this grief .
  Has anyone experienced anything like this?
  Carol

  Dear Peter,
  Thanks for following up. Last Friday I finished extensive testing on my own and working with RoboHelp Support. Here's what I sent to Support this morning.
  If after reading this screed, you think it worthwhile for me to get a copy from Source Control for you to look at, I will do so. Thanks for offering to look at it.
  Environment
  Windows 7 Enterprise Service Pack 1, 8.00 GB RAM, 64-bit OS
  Microsoft Office Professional Plus 2010 Version 14.0.7106.5003 64-bit--Note: We repaired my current version of Word, in case that was the problem, but did not reinstall Office--we do not think that the Word version is the problem because we generated successfully with other TOCs and when generating individual documents.
  RoboHelp 10.0.1.292. Upgraded from RoboHelp 9 in May 2013. Replaced hard drive in September 2013 and reinstalled RoboHelp.
  Visual Studio 2010 Professional 10.0.40219.1 SP1Rel (I open the project from Source Control and check files out to a folder on my desktop.)
  Issue
  Printed Documentation failed multiple times with the default Table of Contents, which contains all the topics in the project. TOC specs are as follows:
  Properties: .docx, desktop location, no conditions, embedded images, “Generate a single document”, “Retain hyperlinks”.
  330 files, 12 top-level books, 15 second-level books, 7 third-level books, 6 fourth-level books, and 8 fifth-level books
  Results
  Generation to Printed Documentation does NOT fail for other, module-specific TOCs, nor to WebHelp Pro SSLs for the same sets of topics. In addition, and perhaps more important, generation to Printed Documentation does NOT fail with “Generate Individual Documents” selected, or when there are approximately fewer than 259 files in the TOC.
  Did not fail consistently based on any particular topic.
  Did not fail consistently based on location of any particular topic in the TOC.
  Failed when I created new TOCs based on ‘working’ TOCs. For example, copied a module-specific TOC and then added topics to it from the default (superset) TOC. I did this in case the original default TOC was corrupted.
  Failed when I create a new TOC with the same folder/file structure from scratch.
  Failed when I created a new TOC with a flat file structure from scratch.
  Failed when I retrieved an older TOC from the last release of the product.
  Failed when I created new SSLs each time. I did this in case the SSLs had got corrupted.
  Failed when I did not open the project from Source Control (removed project from Source Control and worked locally).
  Began to see failure when there were more than about 258-263 files in the TOC. For example, successfully generated Printed Documentation with 262 files in the TOC. Added one topic and the generation failed. Removed that topic and added several others, one at a time. Consistently failed. To test this, I created a TOC with all the files in a flat structure, generated a report for the TOC, printed it, and counted the number of files. I then began deleting files and regenerating the Printed Document to try to identify the number of files in the TOC when the generation failed. Successfully generated up to about 258 files and then it began failing. (Occasional successes at 260 and 261, but that may be because I didn’t always consistently remove the Glossary and Index from the Chapter Layout pane.)
  Other Comments
  (I know that we should generally post non-RH issues to other forums, but in this case I wanted to include all potentially related issues in this posting.)
  The first time you generate any type of output, the “Critical error of Source Control Provider. Please restart IDE.” Message appears. This message appears behind RoboHelp. As a result, if the RoboHelp window is maximized, you think that RoboHelp is hung. Forcing a close of RoboHelp leaves the partially generated Word document in an unstable state. When you re-open RoboHelp and try to generate the output again, RoboHelp says that the output is in use. Unfortunately, there is no way to ‘free’ the Word document and you have to restart the computer. In addition, when the dialog box is hidden, even using Alt+Tab to find the dialog box is complicated because you can’t grab it and click OK until RoboHelp completes its processing. The workaround is to reduce the size of the application window so that you can see the dialog box and try to quickly grab it and click OK. That said, as soon as processing is complete you can grab the dialog box and click OK; at that point RoboHelp displays its own error message about the success or failure of the output generation. It is not clear whether the RoboHelp API or Source Control puts up this error message, but it’s definitely a problem until you happen upon the workaround.
  RoboHelp does not check SSLs even when I right-click the SSL in the Single Source Layouts pane, click Check In, select the XML and SSL files, and leave “Keep checked out” deselected. The red check mark remains next to the SSL name. In addition, even when I Check In All files before closing the project, the next time I open the project RoboHelp displays a series of Check In dialog boxes requiring me to check them in again.
  When RoboHelp hangs during a Printed Documentation failure and the Version Control setting is to check in all files when closing a project (which I’ve now deselected to avoid this problem), Ctrl+Alt+Del indicates that you cannot shut down the program because RoboHelp is waiting for a response. Yes, RoboHelp was waiting for me to check in some files (because of the Version Control setting), but hid the Check In Source Files dialog box behind the application. This usually left a Word document in limbo, forcing me to restart the computer.
  At one point RoboHelp stopped saving changes to an SSL after I made changes and clicked Save and Generate. Each time I reopened the SSL, I had to select .docx, etc. all over again.
  Carol