Troubleshooting

This section includes the following topics:

General Troubleshooting Issues

Q. Why do I get a javax.net.ssl.SSLException (or hang or disconnect) when accessing an applet from an HTTPS site.

A. In some SSL/TLS servers you will encounter this problem if a client message is received in a format it doesn't understand or with a protocol version number that it doesn't support. The problem is on the server side. There may be several aspects of the SSL/TLS protocol that are not implemented correctly. If the server only speaks SSLv3, when a client sends a TLSv1 (aka SSLv3.1) hello the server is supposed to respond with a SSLv3 server hello (aka SSLv3.0). But the server is not doing so; hence, you get the exception (SSLException).

In Java Plug-in 1.3.x the browser's implementation of SSL was used. Netscape 4.x and Internet Explorer provide only an SSLv3.0 implementation. The problem will not be seen because in this version of Plug-in only SSLv3.0 is used.

In Java Plug-in 1.4.0 the JSSE implementation of TLS/SSL was used. By default, JSSE enables the TLSv1, SSLv3, and SSLv2Hello protocols. In this version of Plug-in TLSv1 will be used, and this problem may be seen on servers with incorrect protocol implementations.

Below are some ways to work around this problem. Turn off the TLSv1 protocol and use only SSLv3.

1. In the Java Plug-in Control Panel (Advanced tab) specify:

-Dhttps.protocols="SSLv3,SSLv2Hello"

2. Set the system property:

System.setProperty("https.protocols", "SSLv3");

3. If you have access to the socket, you can do this:

socket.setEnabledProtocols("SSLv3");

In Java Plug-in 1.4.1 the SSLv3 and SSLv2Hello protocols are used by default. Because most browsers use SSLv3 by default and most web servers support it—and to avoid seeing the above problem—the change was made to this version of the Plug-in. Users that need to use TLSv1 should set the https.protocols settings.

Q: Is there a way, other than restarting the browser, to force the JVM to check the server for modified JAR files for a page with an applet?

A: Modified jar files will be downloaded from the server when a page with an applet is refreshed or revisited if you first do this: type "x" in the Java Console to clear the Classloader cache.

Q: When trying to play a game on http://games.yahoo.com I get a ControlAccessException. What is the problem and is there a workaround?

A: The problem is that the game applet needs permission to connect to one or more servers, and it is being denied permission for security reasons. The workaround is this: Add the following to your java.policy file:

grant codeBase "http://download.yahoo.com/games/clients/" {
      permission java.net.SocketPermission "*","connect";};

java.policy is located in <JRE installation directory>/Java/j2re1.4.0/lib/security/.

Q: How do I get Nescape to find my plugin when I've downloaded and installed the J2SE, which includes Java Plug-in?

A: Set the NPX_PLUGIN_PATH envirronement variable to the location of the Java Plug-in (the directory in which the javaplugin.so file is located):

NPX_PLUGIN_PATH=$JAVAHOME/jre/plugin/sparc/ns4 for Netscape 4
NPX_PLUGIN_PATH=$JAVAHOME/jre/plugin/sparc/ns6 for Netscape 6

Q: I can't get Java Plug-in software to install in an intranet environment when I place it on our Netscape Enterprise 3.0 SuiteSpot web server. Why not?

A: We have reports that the Netscape Enterprise 3.0 SuiteSpot Webserver is unable, at least in some circumstances, to serve up .exe files. One apparent workaround has been to configure the HTML so that the Java Plug-in product is installed by a Visigenic Orb Gatekeeper, which also functions as a web server.

Q: I'm having trouble debugging with Java Plug-in Software. Do you have any tips?

A: In some circumstances, Java Plug-in Software will use a different debug connection address than expected. This occurs when Java Plug-in Software is loaded into the Explorer.exe process running in one of the following configurations:

Java Plug-in Software is loaded into the Explorer.exe process when an HTML page containing the OBJECT tag is viewed in the following ways:

This can cause problems when debugging Java applets, since no two processes should use the same debug connection address. (See How to Debug Applets in Java Plug-in in Debugging Support regarding setting of the connection address.). If the Explorer.exe process has already claimed the debug connection address, and the Netscape.exe or Iexplorer.exe tries to use it, debugging problems may result.

Java Plug-in Software avoids this complication when loaded into the Explorer.exe process by prepending the debug connection address specified in the Control Panel with the string Explorer.

For example, if the default connection address set at the time of Java Plug-in Software installation is 2502, when running under Explorer.exe it is actually set to Explorer:2502.

When running JDB from the Java 2 SDK you should specify

jdb -attach Explorer:2502

to attach to the JVM loaded into the Explorer.exe process.

Q: My applet is no longer scriptable in Internet Explorer with Java Plug-in. Why?

A: With Java Plug-in Software 1.3 a scriptable tag must be included and given a value of "true" in order for an applet to be scriptable. See the Using OBJECT, EMBED and APPLET Tags in Java Plug-in for more information.

Q: Why am I having problems using some standard extensions/optional packages?

A: Only extensions installed in the <jre>\lib\ext directory will be added to the classpath. Extensions installed in directories pointed to by the java.ext.dirs system property will not be added.

Q: Java Plug-in used to work with my Navigator 4.0.x browser. But when I upgraded to Navigator 4.5 and re-installed Java Plug-in, it does not work with Navigator 4.5. Why?

A: It has been reported that Navigator 4.5 may not install the user profile properly during installation. As a result, Java Plug-in Software may not read the correct user profile setting. To make sure the user profile setting is correct, check the following:

Make sure that these two registry keys exist and <DirRoot> points to an existing user profile. If any of the registry keys are missing or incomplete, use the User Profile Manager tool to recreate your profile.

Q: We are trying to use Java 3D with Java Plug-in but it doesn't work at all. Why?

A: Java 3D comes with various packages. Installing it incorrectly may inadvertently disable Java Plug-in or cause it to fail. Follow these general instructions for using Java 3D and Java Plug-in Software:

  1. Install Java Plug-in first.
  2. Install Java 3D in a new directory. Do not install it over the existing Java 2 SDK, Standard Edition/JRE. See this page for installation instructions.
  3. Install a version of the SDK/JRE that is appropriate for Java 3D if one is not already installed on your computer.
  4. In the Java Plug-in Control Panel, select the appropriate version of the SDK/JRE..
The Java 3D demos should now run within Java Plug-in.

Q: Some web/proxy servers require users to login for authentication. When I used the browser to access this server with Java Plug-in, two login dialog boxes appeared. Why?

A: Normally Java Plug-in will download the applets using its own connection. If the web/proxy server requires login, the browser will first encounter the request and bring up a login dialog box. After the HTML page is downloaded, Java Plug-in will try to download the class or jar files for the applet. However, since Java Plug-in has no access to the login information that the browser previously obtained, it will bring up its own login dialog box.

Q: When I tried to deploy Java Plug-in in the intranet and put the binaries on the internal web server, IE doesn't download and install Java Plug-in Software when it encounters the converted page. What's going on? 

A: You may want to check that the CODEBASE in the OBJECT tag actually has the correct URL for Java Plug-in. Also, turning off execute privileges on the directory in which you put the Java Plug-in Software executable may help.

Q: I am experiencing problems getting an applet to render using Java Plug-in Software. What is the cause of this?

A: While this may be due to a variety of circumstances unique to your operating environment, a frequent cause of this problem is a security exception.

  Q: I changed my browser setting while Java Plug-in Software was running, but it still uses the old settings after the change. Why?

A: The browser settings are read in by Java Plug-in when it is started. These settings are valid throughout the lifetime of the browser session. To make Java Plug-in read in the new settings, restart your browser. If you are running Active Desktop with Java Plug-in, you need to restart the computer.

Q: When I loaded my applet, it said "noninit" or "applet not initialized" in the browser's status bar. How can I identify the cause of the problem?

A: Follow these steps:

  1. Look at the error message in the Java Console.
  2. If you are accessing the applet through the network, make sure the proxy info shown in the Java Console is correct.
  3. Make sure all the class/JAR files are in the right directory.
  4. Make sure the converted HTML page is correct.
  5. Try the unconverted page with AppletViewer on the same machine. If it works, check 3, 4, and 5 again.

Q: When I try to use the AppletClassLoader with Java Plug-in Software, it crashes with a null pointer exception in IE4 but works fine in Netscape. Why does this happen? Is there a way to make it work correctly in IE4?

A: Java Plug-in Software in IE4 tries to load <YourAppletName>BeanInfo.class even if your applet is not a bean. There is a bug in Java 2 SDK, Standard Edition v 1.3 in the AppletClassLoader that occurs when trying to load nonexistent classes. To prevent this problem, create an empty <YourAppletName>BeanInfo.class.

Q: Why does Java Plug-in Software sometimes crash Internet Explorer but not Netscape Navigator?

A: In certain circumstances, bad HTML will cause the browser to crash. One example is the absence of an </XMP> tag. Please make sure your HTML is correct.

Another possibility is that the plug-in was disabled using the Control Panel before you accessed a Plug-in-enabled page. Please check your settings to make sure the Plug-in is enabled.

Q: My applet used to create a top-level frame that would remain visible through page switches. When I upgraded to Java Plug-in this no longer occurs. Why?

A: In Java Plug-in Software, applets are stopped and destroyed during page switches. All the visible components should be destroyed as well. There has been an enhancement in Java 2 SDK that makes sure that all of the resources of the applet are properly released, including the top-level frame.  

Troubleshooting Installation Issues

Q: I am trying to install the Java Plug-in on a network drive. However, it doesn't install. Why? 

A: If your network drive is protected or read-only, you will not be able to install the Java Plug-in. Contact your system administrator for more details.

Q: I am trying to install Java Plug-in. However, whenever the install program tries to install the Java Plug-in for Netscape Navigator, it displays an error. My Navigator is on a network drive. Is there a way to fix this? 

A: If your Navigator is installed on a network drive, you may not have permission to install the plugin DLL on the Navigator Plugins directory. Contact your system administrator for more details.

Q: I'm having trouble installing the Java Plug-in on my Microsoft Windows machine. I see the error: "An application error has occurred and an application error log is being generated. Exception: access violation ..." What might be the problem? 

A: The Microsoft Window installation (using Installshield's installer) may not work if you have Quarterdeck's Cleansweep product running in the background.

Q: When I reboot after I uninstalling Java Plug-in software, I get a dialog box warning that a .cpl file has been removed. What is this?

A: If the Java Plug-in Control Panel is open while you are uninstalling the plug-in, plugincpl.cpl will not be removed as it is locked when the Control Panel folder is open.

Q: When I uninstall Java Plug-in, the Microsoft Window Plugin for Netscape seems to stay on the machine. How can I remove that? 

A: Delete the NPJPI<modified version number>.dll from the Netscape Plugins directory. For example, for Java Plug-in 1.4.0, delete NPJPI140.dll from the Plugins directory.

Troubleshooting Security Issues

Q: I have some security-related issues in my applet. How do I debug it?

A: You can enable the java.security.debug property to enable trace messages from the security system. Please see java.security.debug Property in the chapter called Debugging Support for more information.

Q: When downloading applets from the Internet, an AccessControlExcpetion is thrown. However, when the applet is located on the intranet, it works. Why?

A: To prevent DNS spoofing, a security check in Java Plug-in requires the host name to be resolved into an IP address before any connection is made from the applet. However, the side-effect of this security check is to require the intranet DNS server to be able to resolve any external host name from the Internet. For some customers, this is not the way their DNS servers are setup within the enterprise, and it causes Java Plug-in to fail. To resolve this issue, there are several options:

  1. Modify the HTML page of the applet, so the codebase and document base of the applet contains IP addresses instead of host names. This will avoid Java Plug-in performing a DNS lookup for the host name.
  2. Set trustProxy to true in Java Plug-in. By setting this property, Java Plug-in will trust the proxy to perform a proper DNS lookup and return information to Java Plug-in from trusted hosts. For intranet customers whose proxy servers are setup internally and can be trusted, this property may be used. This property may be specified as -DtrustProxy=true in the Java Plug-in Control Panel.

    Note that this property should be set by administrator, as setting this property improperly with an untrusted proxy server may expose the client machines to DNS spoofing. This property is similar to the security.lower_java_network_security_by_trusting_proxies property supported by Netscape Navigator's JVM.

Q: I keep getting a ClassFormatError exception when my webpage is loaded with HTTPS in Netscape Navigator. Why?

A: This is caused by an applet specifying a nonexistent .jar or .class file in the EMBED tag. Due to limitation of what information can be returned via HTTPS in Navigator, the web server's "File Not Found" HTML page is returned instead of the appropriate status. This HTML page is treated as a .class file and that causes the exception.

Q: I tried to run an RSA signed applet with Java Plug-in, but it is being treated as an untrusted applet. What is the problem?

A: There are several possibilities:

Please see our How to Sign Applets Using RSA-Signed Certificates for details.

Q: Why do I get a yellow banner across my applet frame when using Java Plug-in?

A: When an applet creates a free-standing Frame, Java Plug-in adds a yellow warning banner so users will know they are dealing with an untrusted applet window.

Q: Can I disable the yellow warning banner on frames? 

A: The yellow warning banner is an important security feature. It cannot be disabled by untrusted applets.

If you use a signed applet, where the signing key is trusted by the end user, then the warning banner will not be shown.

Q: How do I prevent the warning banner from covering my GUI state? 

A: See the same question in the Developer FAQ.

Q: Why does InetAddress.getLocalHost().getHostName() return "localhost"?

A: See the same question in the Developer FAQ.