tracker issue : CF-3999633

select a category, or use search below
(searches all categories and all time range)
Title:

CFFTP secure requests just keep spinning without giving an error when connection fails

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/NotABug

Reporter/Name(from Bugbase): Pawel Czarnota / Pawel Czarnota (Pawel Czarnota)

Created: 06/02/2015

Components: Net Protocols

Versions: 11.0

Failure Type:

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Major / Some users will encounter

Locale/System: English / Win 2012 Server x64

Vote Count: 2

Problem Description:
When attempting a secure FTP connection to unix ftp server, cfftp fails to recognize that the connection failed on unix system (with "Timeout before authentication" error) and the cfftp request just keeps spinning until ColdFusion is restarted (request cannot be killed in Server monitor). FTP log shows one line that FTP request of action="open" was attempted and no other log files have any other information.

Steps to Reproduce:
Create test file with the below code:

<cfftp  
    action = "open"
    connection = "myconnection"
    port = "22"
    secure = "yes"
    server = "nameofunixserver"
    stopOnError = "yes"
    timeout = "10"
    username = "username" 
    password = "password"
	/>
You are connected
<cfftp
    connection = "myconnection"
	action = "close" />

Run this file in the browser waiting for authentication connection. Unix connection needs to be rejected and the following messages are shown on Unix FTP server:

Jun  2 08:43:06 servername sshd[9368]: [ID 800047 auth.info] Connection from xx.xx.190.106 port 50044
Jun  2 08:43:07 servername sshd[9369]: [ID 800047 auth.info] Failed none for [username] from xx.xx.190.106 port 50044 ssh2
Jun  2 08:53:06 servername sshd[9368]: [ID 800047 auth.crit] monitor fatal: Timeout before authentication for xx.x.190.106

Actual Result:
Request just keeps spinning and coldfusion needs to be restarted to kill the request. The "You are connected" line of code is never reached in the above code. FTP log file has only one line, there is nothing that says connection has failed, no other logs have an error: 
Jun 2, 2015    9:05 AM    Information    ajp-bio-8002-exec-2        
Starting FTP request {action='open'}  

Unix system has the following errors in the log file:
Jun  2 08:43:06 servername sshd[9368]: [ID 800047 auth.info] Connection from xx.xx.190.106 port 50044
Jun  2 08:43:07 servername sshd[9369]: [ID 800047 auth.info] Failed none for [username] from xx.xx.190.106 port 50044 ssh2
Jun  2 08:53:06 servername sshd[9368]: [ID 800047 auth.crit] monitor fatal: Timeout before authentication for xx.x.190.106

Expected Result:
ColdFusion throws an error and closes the request. The error should be shown to the user and also in the log file(s). 

Any Workarounds:
None found so far. Tried with both ColdFusion 11 Update 5 and Update 4 on different instances (with and without any customr jar files) with the same result.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3999633

External Customer Info:
External Company:  
External Customer Name: Pawel
External Customer Email:  
External Test Config: My Hardware and Environment details:

Windows Server 2012 R2, with IIS 8.5 connection (isapi_redirect.dll file dated 3/1//2015), ColdFusion 11 Update 5 (also tested with Update 4).

Attachments:

Comments:

Additional information: I tried with just the internal tomcat server connection (not via IIS) and still get the same behavior. I think this eliminates the need for IIS server when trying to duplicate the issue.
Comment by External U.
7261 | June 02, 2015 01:46:18 PM GMT
Another update. The scope of this is bigger than we originally thought, this problem exists for successful connections as well. Using the same code as above, we ran it in our ColdFusion 9 server with no issue. In ColdFusion 11, the code doesn't reach "you are connected" line but request keeps spinning. Here are the logs from the same unix FTP server for both successful CF 9 connection and failed CF11 connection. It almost looks like ColdFusion 11 doesn't know how to respond to FTP server with the authorization information and doesn't even realize FTP server terminated the connection. We need to get a fix for this ASAP please. Thanks CF9 logs (success): Jun 2 15:34:33 servername sshd[12795]: [ID 800047 auth.info] Connection from xx.xx.188.94 port 59476 Jun 2 15:34:33 servername sshd[12796]: [ID 800047 auth.info] Failed none for username from xx.xx.188.94 port 59476 ssh2 Jun 2 15:34:33 servername sshd[12796]: [ID 800047 auth.info] Accepted password for username from xx.xx.188.94 port 59476 ssh2 Jun 2 15:34:34 servername sshd[12796]: [ID 800047 auth.info] subsystem request for sftp Jun 2 15:34:34 servername sshd[12796]: [ID 800047 auth.info] Connection closed by xx.xx.188.94 Jun 2 15:34:34 servername sshd[12796]: [ID 800047 auth.info] Closing connection to xx.xx.188.94 CF11 logs (failure): Jun 2 15:35:21 servername sshd[13035]: [ID 800047 auth.info] Connection from xx.xx.190.106 port 59242 Jun 2 15:35:22 servername sshd[13036]: [ID 800047 auth.info] Failed none for username from xx.xx.190.106 port 59242 ssh2 Jun 2 15:45:21 servername sshd[13035]: [ID 800047 auth.crit] monitor fatal: Timeout before authentication for xx.xx.190.106
Comment by External U.
7262 | June 02, 2015 04:05:19 PM GMT
I did some more testing on my local laptop and ftp works correctly with CF 11 Update 3, 4, or 5. What I found that's different on our server is that CF11 service is running as domain user and NOT Local System. As soon as I changed it to Local System, ftp started working again. However, on the server we need to run it as a different user. So, the root cause is that when service is ran under account different than Local User, CFP exhibits this behavior. Please investigate, thank you
Comment by External U.
7263 | June 04, 2015 10:11:22 AM GMT
I have done additional testing and determined the following: 1. On Windows 7 system there is no issue with ColdFusion service running as Local System or user account, in either case CFFTP works just file for secure connections. 2. I installed ColdFusion 11 (Production+Secure profile) on Another Windows Server 2012 R2 with default settings (changed username and password for root user in ColdFusion 11 setup). As soon as I start running ColdFusion 11 as domain users instead of Local System, CFFTP is having the same issue. At first I thought it might have been permissions on the system, but on this new box I didn't change any permissions and the user that's running CF11 service is an admin. So, this problem seems to be isolated to Windows Server 2012 R2 only. Still need help on this. Thanks
Comment by External U.
7264 | June 04, 2015 01:20:17 PM GMT
On more update, using Windows Server 2008 R2 allows cfftp to work just fine, so this confirms issue is specific to Windows Server 2012 R2. We do need to get it working on 2012 R2, so still need help on getting this resolved. Thank you
Comment by External U.
7265 | June 04, 2015 03:00:07 PM GMT
I was able to reproduce the issue on completely new VM with the following steps: 1. Install Windows Server 2012 R2 Standard, join it to domain (no windows updates necessary) 2. Install CF 11 (Production Profile) - no updates are necessary (installer will already install Update 3) 3. Install FreeSSHd program and configure a new user with basic password (stored as Sha1 in the program), start SFTP service, for example on port 23 4. Try to connect, you should be either successful 5. Change ColdFusion 11 Application service to run as any domain user (add appropriate permissions to C:\ColdFusion11 server) 6. Try to connect to FreeSSHd, you should see the same behavior we’ve been seeing - requests are hanging, nothing logged except for open connection in ColdFusion’s ftp.log file
Comment by External U.
7266 | June 10, 2015 07:25:19 AM GMT
Just wondering what's the status on verifying this bug? Thanks
Comment by External U.
7267 | July 13, 2015 11:14:06 AM GMT
Hi Pawel, I have tried to repro this issue according to the steps as specified below with a domain user. I have in fact have tested it with different sftp servers: FreeSSHD as well as Core SFTP Client. But I am unable to see the above mentioned Exception message. Though with a certain machine I do see the following exception message: "Error: Session.connect: java.net.SocketTimeoutException: Read timed out." Could you please send me the stacktrace for the exception that you are getting, so that I can actually compare them. Also, is there something I am missing here to repro the issue that could be specific to your environment or any particular setting? Thanks!
Comment by S P.
7268 | November 23, 2015 10:24:46 PM GMT
Since there has been no response wrt this issue, closing the bug for now. If this issue exists, do let us know, will reopen the bug. Thanks!
Comment by S P.
7269 | May 26, 2016 02:54:52 AM GMT
I am also experiencing this exact issue. Please re-open this bug.
Vote by Chris B.
7271 | May 24, 2017 10:20:24 PM GMT
I'm having the same problem here in CF2016.
Comment by NATHAN W.
7270 | August 23, 2017 03:41:19 PM GMT
Yes, same issue here as well on Server 2012 R2 and running CF under a domain account on CF 2016 Update 6
Comment by Dan C.
29744 | September 27, 2018 02:01:52 PM GMT