Frequently asked questions
Which versions of Java are supported?
MessageHandler runs only with Oracle Java. The following versions are supported:
- Java 7: 64/32 bit on Linux, 32bit on Windows
- Java 8: 64/32 bit on Linux, 32bit on Windows
Note: the Unlimited Strength Jurisdiction Policy Files must be provided in the Java installation, if you plan to use the PDF signing feature of MessageHandler. The Unlimited Strength Jurisdiction Policy Files must be downloaded from the Oracle website. For Java 7, for Java 8.
Installation on Microsoft Windows
Does MessageHandler work on Microsoft Windows 64 bit?
MessageHandler works perfectly under the 64bit edition of Windows. However, we recommend using it with the 32bit version of the Java runtime. In order to use the MessageHandler product with a 64bit Java runtime, the supplied Service Wrapper (wrapper.dll) must be replaced with a 64bit version. Please note, that the 64bit version of the Service Wrapper is a commercial product of Tanuki Software, which we cannot redistribute for free.
MSI Installer on Windows refuses to install MessageHandler
Please try to execute the MSI installation from the command line. This way the installation process produce a logfile, which may (on may not) contain valuable information.
msiexec /i "C:\MessageHandler.msi" /L*V "C:\MessageHandler_Installer.log"
MSI Installer fails to install or uninstall MessageHandler
Do not remove the service or installed files manually! This will break the process of uninstalling the software and thus will lead to the impossibility to reinstall and/or update MessageHandler.
However if you are in the situation that neither uninstalling nor installing works please run the appropriate Microsoft Fix-it to return to a working state.
Download Microsoft Fix-it from support.microsoft.com or download it from Open eGov Wiki.
Installation on servers in Windows Domains
The local service account has to be used, if the server is a member in a Windows domain. Using a domain with local adminstrator rights will not work.
How to configure directory and file names for Windows?
Under Windows we recommend using absolute path names including either drive name or UNC paths. For MessageHandler prior to version 3.1.2 we recommend using slashes as path separators:
C:/sedex/inbox d:/data/messagehandler/inbox //fileserver.some.domain.ch/sedex/outbox
MessageHandler doesn't seem to see mounted remote directories on Windows
Suppose you configured an inbox located on a mounted remoted directory such as
<outbox dirPath="O:/application_a/interface/outbox" msgType="10301">
If MessageHandler complains on startup with a message like
Directory: O:\application_a\interface\outbox either not exist or is not a directory
then first check, if the user account under which the MessageHandler service is run has access to the configured directory. If you can list the directory (using dir O:\application_a\interface\outbox
), then it is probable that the Java runtime has problems with the drive letter mapping. Try using the UNC path instead:
<outbox dirPath="//fileserver.some.domain.ch/interface/outbox" msgType="10301">
Mehrere Instanzen auf einer einzigen Windows Maschine
Generell empfehlen wir, pro Maschine nur eine sedex Client und MessageHandler Instanz zu installieren.
Wenn Sie auf einer einzigen Windows Maschine mehrere Instanzen des MessageHandlers betreiben wollen, gehen Sie wie folgt vor:
- Installieren Sie pro gewünschte MessageHandler Instanz einen sedex Client. Die Installation und Konfiguration mehrerer sedex Clients ist hier nicht beschrieben. Fahren Sie erst weiter, wenn jede der sedex Client Instanzen korrekt funktioniert.
- Sie brauchen pro MessageHandler Instanz ein separates Installationsverzeichnis (z.B. c:\mh-SEDEXID, wo SEDEXID die sedex ID des entsprechenden eSchKG Teilnehmers ist) und separate Arbeitsverzeichnisse.
- Passen Sie die Variablen
wrapper.ntservice.name
,wrapper.ntservice.displayname
,wrapper.ntservice.description
in der Dateiconf/wrapper.conf
jeder Instanz entsprechend Ihren Bedürfnissen an. - Passen Sie den Port der Webservice Schnittstelle von Messagehandler in jeder Instanz an (Attribut
/config/messageHandler/webserviceInterface/@port
in der Dateiconf/config.xml
). Jede Instanz braucht einen eigenen Port, sonst kann der Messagehandler den Webservice nicht starten.
MessageHandler logs an ERROR on startup
If starting MessageHandler for the first time after a fresh installation, you will notice the following error message in the file
[ERROR] WrapperListener_start_runner DbLogService Table not found in statement [DELETE FROM status WHERE (received_date IS NULL AND DATEDIFF('dd', sent_date, CURRENT_TIMESTAMP) > ?) OR DATEDIFF('dd', received_date, CURRENT_TIMESTAMP) > ?] Query: DELETE FROM status WHERE (received_date IS NULL AND DATEDIFF('dd', sent_date, CURRENT_TIMESTAMP) > ?) OR DATEDIFF('dd', received_date, CURRENT_TIMESTAMP) > ? Parameters: [2, 2]
This error message can be ignored, as a automatic cleanup job of MessageHandler tries to cleanup a database table, which has not yet been created.
MessageHandler service fails to start with signature error
To start the Java application as a native Windows service the Tanuki Wrapper is used. This executable is signed and the corresponding certificate must be trusted by the operating system. If this isn’t the case the following statements are logged into wrapper.log
/WARN | wrapper | 2018/04/23 10:49:13 | A signature was found in "C:\BKS\open-egov-msghandler_8-LU-32\bin\wrapper.exe", but checksum failed: (Errorcode: 0x800b010a) A certificate chain could not be built to a trusted root authority. (0x800b010a)/ /WARN | wrapper | 2018/04/23 10:49:13 | Signer Certificate:/ /WARN | wrapper | 2018/04/23 10:49:13 | Serial Number: / /WARN | wrapper | 2018/04/23 10:49:13 | 00 90 4d 8f d1 f3 86 8a ad 5f 17 e8 93 41 c3 08 f2 / /WARN | wrapper | 2018/04/23 10:49:13 | Issuer Name: COMODO RSA Code Signing CA/ /WARN | wrapper | 2018/04/23 10:49:13 | Subject Name: Tanuki Software Ltd./ /WARN | wrapper | 2018/04/23 10:49:13 | TimeStamp Certificate:/ /WARN | wrapper | 2018/04/23 10:49:13 | Serial Number: / /WARN | wrapper | 2018/04/23 10:49:13 | 16 88 f0 39 25 5e 63 8e 69 14 39 07 e6 33 0b / /WARN | wrapper | 2018/04/23 10:49:13 | Issuer Name: UTN-USERFirst-Object/ /WARN | wrapper | 2018/04/23 10:49:13 | Subject Name: COMODO SHA-1 Time Stamping Signer/ /WARN | wrapper | 2018/04/23 10:49:13 | Date of TimeStamp : 2017/09/25 12:55:53The error is not directly related to the Wrapper's signature, therefore continue.../
Please follow the instructions on https://wrapper.tanukisoftware.com/doc/german/troubleshooting.html#9 to solve this issue.
MessageHandler startup fails with error 'Caused by: java.io.FileNotFoundException: ....\${ADAPTER_HOME}\certificate\prod-bit\...'
When you try to configure a signing outbox for a nativeApp and the startup of MessageHandler fails with an error message (found in log file log\message-handler.log
) like
Caused by: java.io.FileNotFoundException: .....\${ADAPTER_HOME}\certificate\prod-bit\......p12
... 8 more
then do the following:
- start you favourite file editor and load the the certificate configuration file of your sedex adapter (usually
..\adapter\conf\certificateConfiguration.xml
) - replace the all occurences of
${ADAPTER_HOME}
with the path of your sedex installation directory
MessageHandler startup fails with error 'Unable to validate sedex certificate config. ex: Content is not allowed in prolog.'
When you try to configure a signing outbox for a nativeApp and the startup of MessageHandler fails with an error message (found in log file log\message-handler.log
) like
org.apache.commons.configuration.ConfigurationException: Unable to validate sedex certificate config. ex: Content is not allowed in prolog. at ch.admin.suis.msghandler.util.XMLValidator.validateSedexCertificateConfig(XMLValidator.java:62) at ch.admin.suis.msghandler.config.SedexCertConfigFactory.<init>(SedexCertConfigFactory.java:57) at ch.admin.suis.msghandler.config.SigningOutboxSedexCfg.refresh(SigningOutboxSedexCfg.java:67) at ch.admin.suis.msghandler.config.SigningOutboxSedexCfg.<init>(SigningOutboxSedexCfg.java:56) at ch.admin.suis.msghandler.config.ClientConfigurationFactory.init(ClientConfigurationFactory.java:247) at ch.admin.suis.msghandler.config.ClientConfigurationFactory.<init>(ClientConfigurationFactory.java:106) at ch.admin.suis.msghandler.common.MessageHandlerService.start(MessageHandlerService.java:95) at org.tanukisoftware.wrapper.WrapperManager$11.run(WrapperManager.java:4042) Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.
in this case there is most probaly a UTF-8 BOM (byte order mark) at the very beginning of the certificate configuration file of your sedex client (usually ..\adapter\conf\certificateConfiguration.xml
). Use a text editor like Notepad++ (on Windows) to convert the file to a UTF-8 file without the BOM (or use a binary editor and remove the 3 first bytes EF BB BF).
MessageHandler verarbeitet die Files aus der sedex inbox nicht
Wenn der MessageHandler die Files aus der sedex inbox nicht verarbeitet, dann liegt das typischerweise an fehlenden Berechtigungen.
Wenn Sie unter Windows in der Datei suis-message-handler.log
eine Meldung dieser Art sehen:
java.lang.IllegalArgumentException: IRGEND_EIN_DIRECTORY is not a directory
dann müssen Sie überprüfen, ob der User, als der der MessageHandler Service (Dienst) läuft, überhaupt die Berechtigung hat, das Directory zu lesen und zu schreiben. Wenn sie den Message Handler unter Windows durch Ausführen von InstallMessage-handler-NT.bat
als Service/Dienst installiert haben, dann präsentieren sich anschliessend die Eigenschaften des Dienstes wie folgt:
Sie müssen hier den User eintragen, der die Berechtigung hat, das Directory zu lesen und zu schreiben.
MessageHandler does not forward the eSchKG/e-LP/e-LEF to the right sedex recipient
MessageHandler determines the sedex ID of the recipient by inspecting the names of the files. A Groovy script is responsible to fumble the sedex ID out of the filenames. The Groovy script has to be configured in the file config.xml
in the participantIdResolver
tag.
The script which has to be referred there, is something like this
/** * Leitet aus einem übergebenen Filenamen die sedex ID des Empfängers * ab. * Dieser Resolver funktioniert für * - eSchKG Meldungen * sedex ID wird aus dem Filenamen extrahiert. * * @param filename the name of the file to be sent including path * @return the resolved Sedex-ID or an empty string * * Igor Metz, 2011-10-20 */ def String resolve(String filename) { // Wenn das File in der eSchKG Outbox liegt, geht es an den im Filenamen // bezeichneten Empfänger def matcher = (filename =~ /^.*\/([1-9]-[0-9A-Z]+-[0-9]+)_.*/) if (matcher.matches()) { return matcher.group(1) } // Wenn alle Stricke reissen: leer zurückgeben return '' }
MessageHandler produces warning "message sent by the Sedex adapter, but there is no envelope in the Sedex sent directory"
This warning can safely be ignored. MessageHandler produces this warning when it has to process a larger batch of eSchKG/e-LP/e-LEF messages and the Sedex adapter already sent out some of the produces Sedex messages while MessageHandler is still processing the batch. The MessageHandler is then surprised by missing envelopes.
MessageHandler refuses to sign PDF files
If MessageHandler fails to sign PDF files and logs a FATAL error like this in message-handler.log
2016-03-01 13:38:30.881 [FATAL] DefaultQuartzScheduler_Worker-6 SenderSessionImpl Not able to sign PDFs. Ex when signing: Cannot open certificate. Is the password correct?, Signing Outbox: signingoutbox ch.admin.suis.msghandler.signer.SignerException: Ex when signing: Cannot open certificate. Is the password correct?, Signing Outbox: signingoutbox at ch.admin.suis.msghandler.signer.Signer.sign(Signer.java:159) at ch.admin.suis.msghandler.signer.Signer.sign(Signer.java:96) at ch.admin.suis.msghandler.sender.SenderSessionImpl.handleSigning(SenderSessionImpl.java:282) at ch.admin.suis.msghandler.sender.SenderSessionImpl.createMessages(SenderSessionImpl.java:108) at ch.admin.suis.msghandler.sender.Sender.execute(Sender.java:63) at ch.admin.suis.msghandler.sender.SenderJob.execute(SenderJob.java:73) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529) Caused by: ch.admin.suis.batchsigner.BatchException: Cannot open certificate. Is the password correct? at ch.admin.suis.batchsigner.BatchRunnerBuilder.getPKCS12Keystore(BatchRunnerBuilder.java:567) at ch.admin.suis.batchsigner.BatchRunnerBuilder.buildPdfSigner(BatchRunnerBuilder.java:434) at ch.admin.suis.batchsigner.BatchRunnerBuilder.buildMinimal(BatchRunnerBuilder.java:211) at ch.admin.suis.msghandler.signer.Signer.sign(Signer.java:143) ... 7 more Caused by: java.io.IOException: exception decrypting data - java.security.InvalidKeyException: Illegal key size at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.cryptData(Unknown Source) at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(Unknown Source) at ch.admin.suis.security.tools.keystore.SignerKeystorePKCS12.<init>(SignerKeystorePKCS12.java:103) at ch.admin.suis.batchsigner.BatchRunnerBuilder.getPKCS12Keystore(BatchRunnerBuilder.java:563) ... 10 more
Reason: your Java installation does not have the Unlimited Strength Jurisdiction Policy Files installed.