Today I spent several hours troubleshooting the fresh install of WebSphere 7.0 on Windows 2003. The server passed all post-installation steps successfully, but refused to start after the OS reboot. The last line in the server logs was “Server launched. Waiting for initialization status.”, and the actual server state was unclear – any attempt to start it anew claimed that the service was running, but the server console was not available.
It appears that the Windows service installation, which happens by default during setup time, was problematic. Once you remove the service and reboot the system, you can start WebSphere manually without any trouble.
Here is how to remove the Windows service:
- Go to the “bin” folder under WAS installation directory (usually “C:\Program Files\IBM\WebSphere\AppServer\bin”)
- Execute the following command: “WASService –remove <name-of-server-node>”
Typically, the name of server node is composed from the computer name with “Node01” suffix.
For example, the node name on “was70-win.mycompany.com” will probably be “was70-winNode01”.
Hat tip to this IBM DeveloperWorks community post for the hints!
Opening an HTTPS URL in the environment that is not connected to the internet may take time. Fortunately, there is a way to speed up this process on the client side. It appears that Windows tries to retrieve fresh CRL (certificate revocation list) from own and third party servers. Obviously, this attempt times out when the client is not connected to the internet. There is no way to disable CRL retrieval completely, but it is possible to reduce retrieval timeout to the minimum allowed. The system will still attempt to contact CRL servers, but it will take less time to go through the whole list of servers.
In addition to SSL handshake, the settings above will speed up any process that involves certificate validation – for example, validation of code signing certificates.
- Open Local Group Policy Editor (for example, search for “Edit Group Policy” in the Start Menu)
- Go down the tree from “Computer Configuration” => “Windows Settings” => “Security Settings” => “Public Key Policies”
- On the right side, double-click on “Certificate Path Validation Settings”
- Go to “Network Retrieval” tab
- Select “Define these policy settings” checkbox
- Change both timeout values under “Default retrieval timeout settings” to 1 second
- Click “OK”
For detailed instructions for clients that are part of Active Directory Domain, visit this TechNet topic (although it speaks about increasing timeout and decreasing it).
The instructions above apply to Windows clients, but the same technique may be applicable for the other operating systems.