Frequently asked questions

Supported platforms

MessageHandler ist supported on these platforms

• any Windows version > 7.
• any 64bit Linux distro

Which versions of Java are supported?

MessageHandler has only been tested mit Java 8. The following versions are supported:

• Java 8: 64/32 bit on Linux, 32bit on Windows. Any OpenJDK based distribution will do.

Note: the Unlimited Strength Jurisdiction Policy Files must be provided in the Java installation. These files are included by default in distributions since Java 8 update 151.

Installation on Microsoft Windows

Does MessageHandler work on Microsoft Windows 64 bit?

MessageHandler works perfectly under the 64bit edition of Windows. However, we recommend using it with the 32bit version of the Java runtime. In order to use the MessageHandler product with a 64bit Java runtime, the supplied Service Wrapper  (wrapper.dll) must be replaced with a 64bit version. Please note, that the 64bit version of the Service Wrapper is a commercial product of  Tanuki Software, which we cannot redistribute for free.

MSI Installer on Windows refuses to install MessageHandler

To diagnose the problem, inspect the file c:\Program Files (x86)\Open eGov MessageHandler\log\message-handler.log , while the MSI Installer still displays this error dialog:

Note, that MessageHandler refuses to install, if you specify directories in the installations wizard,

• which do not exist! 
  Inspect the installation logfile and search for error messages like 

  MSI (c) (7C:54) [14:32:12:501]: Note: 1: 1314 2: /Program Files/Sedexclient/interface 
  MSI (c) (7C:54) [14:32:15:251]: Product: Open eGov MessageHandler -- Error 1314. The specified path '/Program Files/Sedexclient/interface' is unavailable.

• to which the chosen Service User Account does not have sufficient access rights. In this case the MH service will refuse to start in the installation process and the installation fails.
  
  

Alternatively: Execute the MSI installation from the command line. This way the installation process produces a logfile, which may (on may not) contain valuable information. 

msiexec /i "C:\MessageHandler.msi" /L*V "C:\MessageHandler_Installer.log"

MSI Installer fails to uninstall MessageHandler

Do not remove the service or installed files manually! This will break the process of uninstalling the software and thus will lead to the impossibility to reinstall and/or update MessageHandler.

However if you are in the situation that neither uninstalling nor installing works please run the appropriate Microsoft Fix-it to return to a working state.

Download Microsoft Fix-it from support.microsoft.com or download it from Open eGov Wiki.

Installation on servers in Windows Domains

The local service account has to be used, if the server is a member in a Windows domain. Using a domain with local adminstrator rights will not work.

How to configure directory and file names for Windows?

Under Windows we recommend using absolute path names including either drive name or UNC paths. For MessageHandler prior to version 3.1.2 we recommend using slashes as path separators:

C:/sedex/inbox

d:/data/messagehandler/inbox
//fileserver.some.domain.ch/sedex/outbox

MessageHandler doesn't seem to see mounted remote directories on Windows

Suppose you configured an inbox located on a mounted remoted directory such as

<outbox dirPath="O:/application_a/interface/outbox" msgType="10301">

If MessageHandler complains on startup with a message like

 Directory: O:\application_a\interface\outbox either not exist or is not a directory

then first check, if the user account under which the MessageHandler service is run has access to the configured directory. If you can list the directory (using dir O:\application_a\interface\outbox), then it is probable that the Java runtime has problems with the drive letter mapping. Try using the UNC path instead:

<outbox dirPath="//fileserver.some.domain.ch/interface/outbox" msgType="10301">

Mehrere Instanzen auf einer einzigen Windows Maschine

 Generell empfehlen wir, pro Maschine nur eine sedex Client und MessageHandler Instanz zu installieren. 

Wenn Sie auf einer einzigen Windows Maschine mehrere Instanzen des MessageHandlers betreiben wollen, gehen Sie wie folgt vor:

• Installieren Sie pro gewünschte MessageHandler Instanz einen sedex Client. Die Installation und Konfiguration mehrerer sedex Clients ist hier nicht beschrieben. Fahren Sie erst weiter, wenn jede der sedex Client Instanzen korrekt funktioniert.
• Sie brauchen pro MessageHandler Instanz ein separates Installationsverzeichnis (z.B. c:\mh-SEDEXID, wo SEDEXID die sedex ID des entsprechenden eSchKG Teilnehmers ist) und separate Arbeitsverzeichnisse.
• Passen Sie die Variablen wrapper.ntservice.name, wrapper.ntservice.displayname, wrapper.ntservice.description in der Datei conf/wrapper.conf jeder Instanz entsprechend Ihren Bedürfnissen an.
• Passen Sie den Port der Webservice Schnittstelle von Messagehandler in jeder Instanz an (Attribut /config/messageHandler/webserviceInterface/@port in der Datei conf/config.xml). Jede Instanz braucht einen eigenen Port, sonst kann der Messagehandler den Webservice nicht starten.

How to upgrade a MH installation on Windows

If you installed MH using the MSI installer, be aware, that the installer always performs a completely new installation. It is not conceive to perform an upgrade! So back-up your MH configuration before installing the new version.

To upgrade:

• Stop the MH service.
• Backup at least the directories listed below. Recommended: backup the whole server before proceeding.
• Uninstall the older version.
• Install the new version. During the installation process, you must list the same directories that the previous installation referenced (sedex directory, etc.)

The MH configuration file config.xml lists all the directories and files to back up. The XML elements referencing the directories to back up are:

• /config/messageHandler/workingDir
• /config/messageHandler/statusDatabase

How to upgrade a MH installation on Linux

Since the installation of the Linux distribution is not carried out with a installer, an upgrade can be done fairly easy.

Suppose, you have installed MH under ${INSTALL_DIR}. To upgrade:

• Unpack the distro unter ${DISTRO_DIR}
• Stop the MH service.

• Remove the current version of MH with

  rm ${INSTALL_DIR}/lib/*

• Install the new version with 

  cp ${DISTRO_DIR}/lib/* ${INSTALL_DIR}/lib/*

• Start the MH service

MessageHandler logs an ERROR on startup

If starting MessageHandler for the first time after a fresh installation, you will notice the following error message in the file 

[ERROR] WrapperListener_start_runner DbLogService Table not found in 
statement [DELETE FROM status WHERE (received_date IS NULL AND 
DATEDIFF('dd', sent_date, CURRENT_TIMESTAMP) > ?) OR DATEDIFF('dd', 
received_date, CURRENT_TIMESTAMP) > ?] Query: DELETE FROM status WHERE 
(received_date IS NULL AND DATEDIFF('dd', sent_date, CURRENT_TIMESTAMP) > ?) 
OR DATEDIFF('dd', received_date, CURRENT_TIMESTAMP) > ? Parameters: [2, 2]

This error message can be ignored, as a automatic cleanup job of MessageHandler tries to cleanup a database table, which has not yet been created.

MessageHandler Service refuses to start with an SQLException

A known bug in MH prior to version 3.4.0 (on Windows only!) corrupts the status database. If you encounter a log entry complaining about an java.sql.SQLException  in wrapper.log or message-handler.log  upon startup of MH such as

INFO   | jvm 1    | 2019/05/22 09:38:19 | Exception in thread "Thread-2" java.lang.IllegalStateException: log service cannot be started: java.sql.SQLException: Table already exists: STATUS in statement [CREATE CACHED TABLE status] Query: CREATE CACHED TABLE status (participant_id VARCHAR(255) NOT NULL, filename VARCHAR(255) NOT NULL, message_id VARCHAR(255), sent_date DATETIME, received_date DATETIME, status TINYINT NOT NULL, source TINYINT NOT NULL, UNIQUE (participant_id, filename)) Parameters: []
INFO   | jvm 1    | 2019/05/22 09:38:19 | 	at ch.admin.suis.msghandler.common.MessageHandler.startLogService(MessageHandler.java:180)
INFO   | jvm 1    | 2019/05/22 09:38:19 | 	at ch.admin.suis.msghandler.common.MessageHandler.run(MessageHandler.java:165)
INFO   | jvm 1    | 2019/05/22 09:38:19 | 	at java.lang.Thread.run(Thread.java:748)
STATUS | wrapper  | 2019/05/22 09:38:21 | <-- Wrapper Stopped

or  

Caused by: java.sql.SQLException: Violation of unique index SYS_IDX_47: duplicate value(s) for column(s)  in statement [UPDATE status SET status = ?, received_date = ? WHERE message_id = ?] Query: UPDATE status SET status = ?, received_date = ? WHERE message_id = ? Parameters: [2, 2019-11-25 08:37:31.217, fa3d12fa-d16c-4d54-af45-27ea311cafb9]

the following instructions get MH going again:

• run MH on Linux  This behaviour never occured on Linux.
• If you prefer to stay on Windows:
  • Make sure that MH is not running.
  • Remove the files of the MH database from the directory 'db'. The directory is located underneath the directory configured in the config element <workingDir dirPath="..."/> in the config.xml file.
  • Decrease the value of the attribute dataHoldTimeInDays  in the element <statusDatabase>. A value of 2 is usually enough.
  • Upgrade to MH v 3.4.0
  • Start MH.

 be aware of the fact, that with this you remove the status database. If your application checks the status of messages using the MH REST interface, you will loose the state information of not already delivered messages! In this case you must probably change the state of these messages manually in your applications database.

MessageHandler service fails to start with signature error

To start the Java application as a native Windows service the Tanuki Wrapper is used. This executable is signed and the corresponding certificate must be trusted by the operating system. If this isn’t the case the following statements are logged into wrapper.log

/WARN   | wrapper  | 2018/04/23 10:49:13 | A signature was found in
"C:\BKS\open-egov-msghandler_8-LU-32\bin\wrapper.exe", but checksum failed:
(Errorcode: 0x800b010a) A certificate chain could not be built to a trusted root
authority. (0x800b010a)/
/WARN   | wrapper  | 2018/04/23 10:49:13 |   Signer Certificate:/
/WARN   | wrapper  | 2018/04/23 10:49:13 |     Serial Number: /
/WARN   | wrapper  | 2018/04/23 10:49:13 |       00 90 4d 8f d1 f3 86 8a ad 5f 17 e8 93 41 c3 08 f2 /
/WARN   | wrapper  | 2018/04/23 10:49:13 |     Issuer Name: COMODO RSA Code Signing CA/
/WARN   | wrapper  | 2018/04/23 10:49:13 |     Subject Name: Tanuki Software Ltd./
/WARN   | wrapper  | 2018/04/23 10:49:13 |   TimeStamp Certificate:/
/WARN   | wrapper  | 2018/04/23 10:49:13 |     Serial Number: /
/WARN   | wrapper  | 2018/04/23 10:49:13 |       16 88 f0 39 25 5e 63 8e 69 14 39 07 e6 33 0b /
/WARN   | wrapper  | 2018/04/23 10:49:13 |     Issuer Name: UTN-USERFirst-Object/
/WARN   | wrapper  | 2018/04/23 10:49:13 |     Subject Name: COMODO SHA-1 Time Stamping Signer/
/WARN   | wrapper  | 2018/04/23 10:49:13 |     Date of TimeStamp : 2017/09/25 12:55:53The error is not directly related to the Wrapper's signature, therefore continue.../

Please follow the instructions on https://wrapper.tanukisoftware.com/doc/german/troubleshooting.html#9 to solve this issue.

MessageHandler startup fails with error 'Caused by: java.io.FileNotFoundException: ....\${ADAPTER_HOME}\certificate\prod-bit\...'

When you try to configure a signing outbox for a nativeApp and the startup of MessageHandler fails with an error message (found in log file log\message-handler.log) like

Caused by: java.io.FileNotFoundException: .....\${ADAPTER_HOME}\certificate\prod-bit\......p12
 ... 8 more

then do the following:

• start you favourite file editor and load the the certificate configuration file of your sedex adapter (usually  ..\adapter\conf\certificateConfiguration.xml)
• replace the all occurences of  ${ADAPTER_HOME}  with the path of your sedex installation directory

MessageHandler startup fails with error 'Unable to validate sedex certificate config. ex: Content is not allowed in prolog.'

When you try to configure a signing outbox for a nativeApp and the startup of MessageHandler fails with an error message (found in log file log\message-handler.log) like

org.apache.commons.configuration.ConfigurationException: Unable to validate sedex certificate config. ex: Content is not allowed in prolog.
	at ch.admin.suis.msghandler.util.XMLValidator.validateSedexCertificateConfig(XMLValidator.java:62)
	at ch.admin.suis.msghandler.config.SedexCertConfigFactory.<init>(SedexCertConfigFactory.java:57)
	at ch.admin.suis.msghandler.config.SigningOutboxSedexCfg.refresh(SigningOutboxSedexCfg.java:67)
	at ch.admin.suis.msghandler.config.SigningOutboxSedexCfg.<init>(SigningOutboxSedexCfg.java:56)
	at ch.admin.suis.msghandler.config.ClientConfigurationFactory.init(ClientConfigurationFactory.java:247)
	at ch.admin.suis.msghandler.config.ClientConfigurationFactory.<init>(ClientConfigurationFactory.java:106)
	at ch.admin.suis.msghandler.common.MessageHandlerService.start(MessageHandlerService.java:95)
	at org.tanukisoftware.wrapper.WrapperManager$11.run(WrapperManager.java:4042)
Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.

in this case there is most probaly a UTF-8 BOM (byte order mark) at the very beginning of  the certificate configuration file of your sedex client (usually  ..\adapter\conf\certificateConfiguration.xml). Use a text editor like Notepad++ (on Windows) to convert the file to a UTF-8 file without the BOM (or use a binary editor and remove the 3 first bytes EF BB BF).

MessageHandler verarbeitet die Files aus der sedex inbox nicht

Wenn der MessageHandler die Files aus der sedex inbox nicht verarbeitet, dann liegt das typischerweise an fehlenden Berechtigungen.

Wenn Sie unter Windows in der Datei suis-message-handler.log eine Meldung dieser Art sehen:

java.lang.IllegalArgumentException: IRGEND_EIN_DIRECTORY is not a directory

dann müssen Sie überprüfen, ob der User, als der der MessageHandler Service (Dienst) läuft, überhaupt die Berechtigung hat, das Directory zu lesen und zu schreiben. Wenn sie den Message Handler unter Windows durch Ausführen von InstallMessage-handler-NT.bat als Service/Dienst installiert haben, dann präsentieren sich anschliessend die Eigenschaften des Dienstes wie folgt:

Sie müssen hier den User eintragen, der die Berechtigung hat, das Directory zu lesen und zu schreiben.

MessageHandler does not forward the eSchKG/e-LP/e-LEF to the right sedex recipient

MessageHandler determines the sedex ID of the recipient by inspecting the names of the files. A Groovy script is responsible to fumble the sedex ID out of the filenames. The Groovy script has to be configured in the file config.xml in the participantIdResolver tag.

The script which has to be referred there, is something like this

/**
 * Leitet aus einem übergebenen Filenamen die sedex ID des Empfängers
 * ab.
 * Dieser Resolver funktioniert für
 * - eSchKG Meldungen
 *   sedex ID wird aus dem Filenamen extrahiert.
 *
 * @param filename the name of the file to be sent including path
 * @return the resolved Sedex-ID or an empty string
 *
 * Igor Metz, 2011-10-20
 */
def String resolve(String filename) {
  // Wenn das File in der eSchKG Outbox liegt, geht es an den im Filenamen
  // bezeichneten Empfänger
  def matcher = (filename =~ /^.*\/([1-9]-[0-9A-Z]+-[0-9]+)_.*/)
  if (matcher.matches()) {
    return matcher.group(1)
  }

  // Wenn alle Stricke reissen: leer zurückgeben
  return ''
}

MessageHandler produces warning "message sent by the Sedex adapter, but there is no envelope in the Sedex sent directory"

This warning can safely be ignored. MessageHandler produces this warning when it has to process a larger batch of eSchKG/e-LP/e-LEF messages and the Sedex adapter already sent out some of the produces Sedex messages while MessageHandler is still processing the batch. The MessageHandler is then surprised by missing envelopes.

MessageHandler refuses to sign PDF files

If MessageHandler fails to sign PDF files and logs a FATAL error like this in message-handler.log 

2016-03-01 13:38:30.881 [FATAL] DefaultQuartzScheduler_Worker-6 SenderSessionImpl Not able to sign PDFs. Ex when signing: Cannot open certificate. Is the password correct?, Signing Outbox: signingoutbox
ch.admin.suis.msghandler.signer.SignerException: Ex when signing: Cannot open certificate. Is the password correct?, Signing Outbox: signingoutbox
	at ch.admin.suis.msghandler.signer.Signer.sign(Signer.java:159)
	at ch.admin.suis.msghandler.signer.Signer.sign(Signer.java:96)
	at ch.admin.suis.msghandler.sender.SenderSessionImpl.handleSigning(SenderSessionImpl.java:282)
	at ch.admin.suis.msghandler.sender.SenderSessionImpl.createMessages(SenderSessionImpl.java:108)
	at ch.admin.suis.msghandler.sender.Sender.execute(Sender.java:63)
	at ch.admin.suis.msghandler.sender.SenderJob.execute(SenderJob.java:73)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: ch.admin.suis.batchsigner.BatchException: Cannot open certificate. Is the password correct?
	at ch.admin.suis.batchsigner.BatchRunnerBuilder.getPKCS12Keystore(BatchRunnerBuilder.java:567)
	at ch.admin.suis.batchsigner.BatchRunnerBuilder.buildPdfSigner(BatchRunnerBuilder.java:434)
	at ch.admin.suis.batchsigner.BatchRunnerBuilder.buildMinimal(BatchRunnerBuilder.java:211)
	at ch.admin.suis.msghandler.signer.Signer.sign(Signer.java:143)
	... 7 more
Caused by: java.io.IOException: exception decrypting data - java.security.InvalidKeyException: Illegal key size
	at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.cryptData(Unknown Source)
	at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source)
	at java.security.KeyStore.load(Unknown Source)
	at ch.admin.suis.security.tools.keystore.SignerKeystorePKCS12.<init>(SignerKeystorePKCS12.java:103)
	at ch.admin.suis.batchsigner.BatchRunnerBuilder.getPKCS12Keystore(BatchRunnerBuilder.java:563)
	... 10 more

Reason: your Java installation does not have the Unlimited Strength Jurisdiction Policy Files installed. 

Is MessageHandler affected by "Log4Shell" vulnerability?

Although MessageHandler uses the log4j software library, MessageHandler is not affected by the vulnerability. The reason is that MessageHandler uses an older version of log4j, which is not vulnerable.

Please note that the sedex client, with which MessageHandler work together, is also not vulnerable in versions > 5.0.