April 22, 2020
Estimated Post Reading Time ~

How to find the Sling Health check and their status in AEM through Felix console

Statement -Sling Health check and their status
Environment - AEM 6.3 GA

Solution:

  • Login with username and password if not logged into the AEM server.
  • See the below list of sling health check components which were failed that means below heath checks to be fixed based on their priority.
Deserialization Firewall Attach API Readiness
Tags: [deserialization, security] Finished: 2018-06-11 31:49 after 1ms Result: HEALTH_CHECK_ERROR
HEALTH_CHECK_ERROR VM Class could not be found using resolvers: {com.adobe.cq.deserfw.impl.attach.SunAttachAPIResolver,com.adobe.cq.deserfw.impl.attach.IBMAttachAPIResolver}
HEALTH_CHECK_ERROR Deserialization firewall was not able to detect the VirtualMachine class of the Attach API. Please see error log for nested exception details. This usually happens when running a JRE (instead of a JDK) or a JVM that doesn't provide the Attach API. Please review the AEM Java Deserialization Firewall documentation for how to load the deserialization agent via JVM command line arguments.
Deserialization Firewall Functional
Tags: [deserialization, security] Finished: 2018-06-11 31:49 after 1ms Result: HEALTH_CHECK_ERROR
HEALTH_CHECK_ERROR Deserialization of org.apache.commons.collections.functors.InvokerTransformer should have failed, however it was successful
HEALTH_CHECK_ERROR Deserialization firewall is not blocking test classes. Your system may be vulnerable to remote deserialization execution. Please review system log and deserialization agent documentation for more information.
Deserialization Firewall Loaded
Tags: [deserialization, security] Finished: 2018-06-11 31:48 after 75ms Result: HEALTH_CHECK_ERROR
HEALTH_CHECK_ERROR Deserialization firewall is not loaded. Your system may be vulnerable to remote deserialization execution. Please review system log and deserialization agent documentation for more information.
Replication Agents Disabled
Tags: [pre-upgrade] Finished: 2018-06-11 31:49 after 1ms Result: HEALTH_CHECK_ERROR
HEALTH_CHECK_ERROR Agent [offloading_outbox] is enabled . Please disable it before starting the upgrade process.
HEALTH_CHECK_ERROR Agent [offloading_outbox1] is enabled . Please disable it before starting the upgrade process.
HEALTH_CHECK_ERROR Agent [publish] is enabled . Please disable it before starting the upgrade process.
HEALTH_CHECK_ERROR Agent [publish_reverse] is enabled . Please disable it before starting the upgrade process.
HEALTH_CHECK_ERROR Agent [test_and_target] is enabled . Please disable it before starting the upgrade process.
HEALTH_CHECK_ERROR Agent [youtube] is enabled . Please disable it before starting the upgrade process.
INFO [Click here to inspect the replication agent configurations and queues.](/etc/replication.html)
Security Checks
Tags: [] Finished: 2018-06-11 31:49 after 308ms Result: HEALTH_CHECK_ERROR
HEALTH_CHECK_ERROR Deserialization Firewall Attach API Readiness: VM Class could not be found using resolvers: {com.adobe.cq.deserfw.impl.attach.SunAttachAPIResolver,com.adobe.cq.deserfw.impl.attach.IBMAttachAPIResolver}
HEALTH_CHECK_ERROR Deserialization Firewall Attach API Readiness: Deserialization firewall was not able to detect the VirtualMachine class of the Attach API. Please see error log for nested exception details. This usually happens when running a JRE (instead of a JDK) or a JVM that doesn't provide the Attach API. Please review the AEM Java Deserialization Firewall documentation for how to load the deserialization agent via JVM command line arguments.
HEALTH_CHECK_ERROR Deserialization Firewall Functional: Deserialization of org.apache.commons.collections.functors.InvokerTransformer should have failed, however it was successful
HEALTH_CHECK_ERROR Deserialization Firewall Functional: Deserialization firewall is not blocking test classes. Your system may be vulnerable to remote deserialization execution. Please review system log and deserialization agent documentation for more information.
HEALTH_CHECK_ERROR Deserialization Firewall Loaded: Deserialization firewall is not loaded. Your system may be vulnerable to remote deserialization execution. Please review system log and deserialization agent documentation for more information.
WARN CQ Dispatcher Configuration: Unable to check the dispatcher's basic configuration because its address is not specified.
WARN CQ HTML Library Manager Config: Minification is not enabled.
WARN CRXDE Support: The com.adobe.granite.crx-explorer bundle is active.
WARN CRXDE Support: The com.adobe.granite.crxde-lite bundle is active.
WARN CRXDE Support: [You can disable the CRX Development Bundles in the administration console.](/system/console/bundles)
WARN CRXDE Support: [See Disable CRXDE Support in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_crxde_en)
WARN DavEx Health Check: The SlingDavExServlet is NOT configured.
WARN DavEx Health Check: [The SlingDavExServlet should be configured on instances running in samplecontent mode.]( )
WARN DavEx Health Check: [Check the section about the Sling DavEx bundle and servlet in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
WARN Default Login Accounts: Login as [admin: admin] succeeded, was expected to fail.
WARN Default Login Accounts: The default OSGI console credentials were not changed. It is strongly recommended to change them.
WARN Default Login Accounts: [You can change the OSGI admin password via the configuration of the Apache Felix OSGI Management Console.](/system/console/configMgr/org.apache.felix.webconsole.internal.servlet.OsgiManager)
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.client.app.ui.apps].
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.client.app.ui.content].
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.commons.content].
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.apps].
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.content].
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.enablement.author].
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.enablement.common].
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.config].
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.ui.apps].
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.ui.content].
WARN Example Content Packages: [10 example content packages installed.]( )
WARN Replication and Transport Users: Transport user is admin for replication agent [Offloading_replication_bcd5477c-f9ac-4a99-99c9-e6ed1169caaf].
WARN Replication and Transport Users: Transport user is admin for replication agent [Default Agent].
WARN Replication and Transport Users: Transport user is admin for replication agent [Reverse Replication Agent].
INFO Replication and Transport Users: [You can change the transport user by editing the agent settings in the Replication page.](/etc/replication.html)
WARN Replication and Transport Users: [Replication agents should not use the default 'admin' as a transport user.]( )
WARN Sling Get Servlet: The default XML renderer is enabled.
WARN Sling Java Script Handler: The Sling Java Script Handler generates debug information. The system might be exposed if used as a publish environment.
WARN Sling Jsp Script Handler: The Sling JSP Script Handler generates debug information. The system might be exposed if used as a publish environment.
WARN Sling Jsp Script Handler: The Sling JSP Script Handler generates mapped content. The system might be exposed if used as a publish environment.
WARN Sling Referrer Filter: The Sling Referrer Filter allows empty or missing referrers. The system might be exposed to CSRF attacks.
WARN Sling Referrer Filter: [Check Issues with Cross-Site Request Forgery in the security guidelines](https://www.adobe.com/go/aem6_3_docs_security_siteforgery_en)
WARN SSL Configuration: SSL was configured, but we failed connecting to the HTTPS port (strict SSL mode, your certificate may be self-signed). ERROR: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
WARN WCM Filters Configuration: The WCM Filter is in edit mode. It is recommended to disable it on production environments.
WARN WCM Filters Configuration: The WCM Debug Filter configuration has not been changed. It is recommended to change the default configuration for a production environment.
WARN WebDAV Health Check: The SimpleWebDavServlet is NOT configured.
WARN WebDAV Health Check: [Check the section about the Sling WebDAV bundle and servlet in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
WARN Web Server Configuration: The URL of the website served by the server is not configured.
Maintenance Task com.day.cq.audit.impl.AuditLogMaintenanceTask
Tags: [system] Finished: 2018-06-11 31:49 after 118ms Result: CRITICAL
CRITICAL Maintenance task with name 'com.day.cq.audit.impl.AuditLogMaintenanceTask' failed in the last run.
Maintenance Task WorkflowPurgeTask
Tags: [system] Finished: 2018-06-11 31:48 after 22ms Result: CRITICAL
CRITICAL Maintenance task with name 'WorkflowPurgeTask' failed in the last run.
Query Performance
Tags: [] Finished: 2018-06-11 31:48 after 16ms Result: CRITICAL
INFO Maximum number of queries per minute: 19.
INFO Maximum total query duration: 416 ms.
INFO Maximum average query duration: 21 ms.
CRITICAL Average query duration exceeded the 15 ms critical threshold.
Sling Jobs
Tags: [sling, jobs] Finished: 2018-06-11 31:49 after 0ms Result: CRITICAL
INFO Found 0 jobs queued.
CRITICAL There are active jobs but the last job activated was over 3600sec ago (25615sec) and is not yet finished
System Maintenance
Tags: [] Finished: 2018-06-11 31:49 after 468ms Result: CRITICAL
CRITICAL Maintenance Task com.day.cq.audit.impl.AuditLogMaintenanceTask: Maintenance task with name 'com.day.cq.audit.impl.AuditLogMaintenanceTask' failed in the last run.
CRITICAL Maintenance Task WorkflowPurgeTask: Maintenance task with name 'WorkflowPurgeTask' failed in the last run.
INFO Maintenance Task com.day.cq.wcm.core.impl.VersionPurgeTask: Maintenance task with name 'com.day.cq.wcm.core.impl.VersionPurgeTask' succeeded in the last run.
INFO Maintenance Task DataStoreGarbageCollectionTask: Maintenance task with name 'DataStoreGarbageCollectionTask' succeeded in the last run.
INFO Maintenance Task RevisionCleanupTask: Maintenance task with name 'RevisionCleanupTask' succeeded in the last run.
INFO Maintenance Task RevisionCleanupTask: Maintenance task with name 'RevisionCleanupTask' succeeded in the last run.
Check for default AEM content packages
Tags: [packages, content, startup] Finished: 2018-06-11 31:49 after 275ms Result: WARN
WARN Package cq-apns-content is not present
WARN Package cq-chart-content is not present
WARN Package cq-connector-content is not present
WARN Package cq-healthcheck-content is not present
WARN 4 content packages are missing or not installed (out of 44)
CQ Dispatcher Configuration
Tags: [dispatcher, production, security] Finished: 2018-06-11 31:48 after 0ms Result: WARN
WARN Unable to check the dispatcher's basic configuration because its address is not specified.
CQ HTML Library Manager Config
Tags: [cq, security, production] Finished: 2018-06-11 31:48 after 1ms Result: WARN
WARN Minification is not enabled.
CRXDE Support
Tags: [bundles, security, production] Finished: 2018-06-11 31:49 after 3ms Result: WARN
WARN The com.adobe.granite.crx-explorer bundle is active.
WARN The com.adobe.granite.crxde-lite bundle is active.
WARN [You can disable the CRX Development Bundles in the administration console.](/system/console/bundles)
WARN [See Disable CRXDE Support in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_crxde_en)
DavEx Health Check
Tags: [bundles, security, production] Finished: 2018-06-11 31:49 after 2ms Result: WARN
WARN The SlingDavExServlet is NOT configured.
WARN [The SlingDavExServlet should be configured on instances running in samplecontent mode.]( )
WARN [Check the section about the Sling DavEx bundle and servlet in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
Default Login Accounts
Tags: [login, security, production] Finished: 2018-06-11 31:49 after 35ms Result: WARN
WARN Login as [admin: admin] succeeded, was expected to fail.
WARN The default OSGI console credentials were not changed. It is strongly recommended to change them.
WARN [You can change the OSGI admin password via the configuration of the Apache Felix OSGI Management Console.](/system/console/configMgr/org.apache.felix.webconsole.internal.servlet.OsgiManager)
Example Content Packages
Tags: [login, content, example, security, production] Finished: 2018-06-11 31:49 after 375ms Result: WARN
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.client.app.ui.apps].
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.client.app.ui.content].
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.commons.content].
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.apps].
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.content].
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.enablement.author].
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.enablement.common].
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.config].
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.ui.apps].
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.ui.content].
WARN [10 example content packages installed.]( )
Log Errors
Tags: [] Finished: 2018-06-11 31:48 after 1ms Result: WARN
WARN [200 ERROR log messages found (from a total of 200 messages)]( )
Replication and Transport Users
Tags: [security, replication, cq] Finished: 2018-06-11 31:49 after 0ms Result: WARN
WARN Transport user is admin for replication agent [Offloading_replication_bcd5477c-f9ac-4a99-99c9-e6ed1169caaf].
WARN Transport user is admin for replication agent [Default Agent].
WARN Transport user is admin for replication agent [Reverse Replication Agent].
INFO [You can change the transport user by editing the agent settings in the Replication page.](/etc/replication.html)
WARN [Replication agents should not use the default 'admin' as a transport user.]( )
Sling Get Servlet
Tags: [dos, sling, security, production] Finished: 2018-06-11 31:49 after 1ms Result: WARN
WARN The default XML renderer is enabled.
Sling Java Script Handler
Tags: [sling, security, production] Finished: 2018-06-11 31:49 after 1ms Result: WARN
WARN The Sling Java Script Handler generates debug information. The system might be exposed if used as a publish environment.
Sling Jsp Script Handler
Tags: [sling, security, production] Finished: 2018-06-11 31:48 after 1ms Result: WARN
WARN The Sling JSP Script Handler generates debug information. The system might be exposed if used as a publish environment.
WARN The Sling JSP Script Handler generates mapped content. The system might be exposed if used as a publish environment.
Sling Referrer Filter
Tags: [sling, security, production, csrf] Finished: 2018-06-11 31:48 after 0ms Result: WARN
WARN The Sling Referrer Filter allows empty or missing referrers. The system might be exposed to CSRF attacks.
WARN [Check Issues with Cross-Site Request Forgery in the security guidelines](https://www.adobe.com/go/aem6_3_docs_security_siteforgery_en)
SSL Configuration
Tags: [security, production, ssl] Finished: 2018-06-11 31:49 after 797ms Result: WARN
WARN SSL was configured, but we failed connecting to the HTTPS port (strict SSL mode, your certificate may be self-signed). ERROR: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
WCM Filters Configuration
Tags: [cq, security, production] Finished: 2018-06-11 31:48 after 1ms Result: WARN
WARN The WCM Filter is in edit mode. It is recommended to disable it on production environments.
WARN The WCM Debug Filter configuration has not been changed. It is recommended to change the default configuration for a production environment.
WebDAV Health Check
Tags: [bundles, security, production] Finished: 2018-06-11 31:49 after 53ms Result: WARN
WARN The SimpleWebDavServlet is NOT configured.
WARN [Check the section about the Sling WebDAV bundle and servlet in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
Web Server Configuration
Tags: [webserver, production, security, clickjacking] Finished: 2018-06-11 31:49 after 0ms Result: WARN
WARN The URL of the website served by the server is not configured.
Summary
45 HealthCheck executed, 27 failures

That's it!


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.