Environment - AEM 6.3 GA
Solution:
- Go to the Felix console URL: http://localhost:4502/system/console/healthcheck
- Click on the execute selected healthcheck
- Login with username and password if not logged into the AEM server.
- See the below list of sling health check components which were failed that means below heath checks to be fixed based on their priority.
Deserialization Firewall Attach API Readiness
|
Tags: [deserialization, security] Finished: 2018-06-11 31:49 after 1ms Result: HEALTH_CHECK_ERROR
|
HEALTH_CHECK_ERROR VM Class could not be found using resolvers: {com.adobe.cq.deserfw.impl.attach.SunAttachAPIResolver,com.adobe.cq.deserfw.impl.attach.IBMAttachAPIResolver}
|
HEALTH_CHECK_ERROR Deserialization firewall was not able to detect the VirtualMachine class of the Attach API. Please see error log for nested exception details. This usually happens when running a JRE (instead of a JDK) or a JVM that doesn't provide the Attach API. Please review the AEM Java Deserialization Firewall documentation for how to load the deserialization agent via JVM command line arguments.
|
Deserialization Firewall Functional
|
Tags: [deserialization, security] Finished: 2018-06-11 31:49 after 1ms Result: HEALTH_CHECK_ERROR
|
HEALTH_CHECK_ERROR Deserialization of org.apache.commons.collections.functors.InvokerTransformer should have failed, however it was successful
|
HEALTH_CHECK_ERROR Deserialization firewall is not blocking test classes. Your system may be vulnerable to remote deserialization execution. Please review system log and deserialization agent documentation for more information.
|
Deserialization Firewall Loaded
|
Tags: [deserialization, security] Finished: 2018-06-11 31:48 after 75ms Result: HEALTH_CHECK_ERROR
|
HEALTH_CHECK_ERROR Deserialization firewall is not loaded. Your system may be vulnerable to remote deserialization execution. Please review system log and deserialization agent documentation for more information.
|
Replication Agents Disabled
|
Tags: [pre-upgrade] Finished: 2018-06-11 31:49 after 1ms Result: HEALTH_CHECK_ERROR
|
HEALTH_CHECK_ERROR Agent [offloading_outbox] is enabled . Please disable it before starting the upgrade process.
|
HEALTH_CHECK_ERROR Agent [offloading_outbox1] is enabled . Please disable it before starting the upgrade process.
|
HEALTH_CHECK_ERROR Agent [publish] is enabled . Please disable it before starting the upgrade process.
|
HEALTH_CHECK_ERROR Agent [publish_reverse] is enabled . Please disable it before starting the upgrade process.
|
HEALTH_CHECK_ERROR Agent [test_and_target] is enabled . Please disable it before starting the upgrade process.
|
HEALTH_CHECK_ERROR Agent [youtube] is enabled . Please disable it before starting the upgrade process.
|
INFO [Click here to inspect the replication agent configurations and queues.](/etc/replication.html)
|
Security Checks
|
Tags: [] Finished: 2018-06-11 31:49 after 308ms Result: HEALTH_CHECK_ERROR
|
HEALTH_CHECK_ERROR Deserialization Firewall Attach API Readiness: VM Class could not be found using resolvers: {com.adobe.cq.deserfw.impl.attach.SunAttachAPIResolver,com.adobe.cq.deserfw.impl.attach.IBMAttachAPIResolver}
|
HEALTH_CHECK_ERROR Deserialization Firewall Attach API Readiness: Deserialization firewall was not able to detect the VirtualMachine class of the Attach API. Please see error log for nested exception details. This usually happens when running a JRE (instead of a JDK) or a JVM that doesn't provide the Attach API. Please review the AEM Java Deserialization Firewall documentation for how to load the deserialization agent via JVM command line arguments.
|
HEALTH_CHECK_ERROR Deserialization Firewall Functional: Deserialization of org.apache.commons.collections.functors.InvokerTransformer should have failed, however it was successful
|
HEALTH_CHECK_ERROR Deserialization Firewall Functional: Deserialization firewall is not blocking test classes. Your system may be vulnerable to remote deserialization execution. Please review system log and deserialization agent documentation for more information.
|
HEALTH_CHECK_ERROR Deserialization Firewall Loaded: Deserialization firewall is not loaded. Your system may be vulnerable to remote deserialization execution. Please review system log and deserialization agent documentation for more information.
|
WARN CQ Dispatcher Configuration: Unable to check the dispatcher's basic configuration because its address is not specified.
|
WARN CQ HTML Library Manager Config: Minification is not enabled.
|
WARN CRXDE Support: The com.adobe.granite.crx-explorer bundle is active.
|
WARN CRXDE Support: The com.adobe.granite.crxde-lite bundle is active.
|
WARN CRXDE Support: [You can disable the CRX Development Bundles in the administration console.](/system/console/bundles)
|
WARN CRXDE Support: [See Disable CRXDE Support in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_crxde_en)
|
WARN DavEx Health Check: The SlingDavExServlet is NOT configured.
|
WARN DavEx Health Check: [The SlingDavExServlet should be configured on instances running in samplecontent mode.]( )
|
WARN DavEx Health Check: [Check the section about the Sling DavEx bundle and servlet in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
|
WARN Default Login Accounts: Login as [admin: admin] succeeded, was expected to fail.
|
WARN Default Login Accounts: The default OSGI console credentials were not changed. It is strongly recommended to change them.
|
WARN Default Login Accounts: [You can change the OSGI admin password via the configuration of the Apache Felix OSGI Management Console.](/system/console/configMgr/org.apache.felix.webconsole.internal.servlet.OsgiManager)
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.client.app.ui.apps].
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.client.app.ui.content].
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.commons.content].
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.apps].
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.content].
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.enablement.author].
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.enablement.common].
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.config].
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.ui.apps].
|
WARN Example Content Packages: Example content package installation found based on group [adobe/aem6/sample]): [we.retail.ui.content].
|
WARN Example Content Packages: [10 example content packages installed.]( )
|
WARN Replication and Transport Users: Transport user is admin for replication agent [Offloading_replication_bcd5477c-f9ac-4a99-99c9-e6ed1169caaf].
|
WARN Replication and Transport Users: Transport user is admin for replication agent [Default Agent].
|
WARN Replication and Transport Users: Transport user is admin for replication agent [Reverse Replication Agent].
|
INFO Replication and Transport Users: [You can change the transport user by editing the agent settings in the Replication page.](/etc/replication.html)
|
WARN Replication and Transport Users: [Replication agents should not use the default 'admin' as a transport user.]( )
|
WARN Sling Get Servlet: The default XML renderer is enabled.
|
WARN Sling Java Script Handler: The Sling Java Script Handler generates debug information. The system might be exposed if used as a publish environment.
|
WARN Sling Jsp Script Handler: The Sling JSP Script Handler generates debug information. The system might be exposed if used as a publish environment.
|
WARN Sling Jsp Script Handler: The Sling JSP Script Handler generates mapped content. The system might be exposed if used as a publish environment.
|
WARN Sling Referrer Filter: The Sling Referrer Filter allows empty or missing referrers. The system might be exposed to CSRF attacks.
|
WARN Sling Referrer Filter: [Check Issues with Cross-Site Request Forgery in the security guidelines](https://www.adobe.com/go/aem6_3_docs_security_siteforgery_en)
|
WARN SSL Configuration: SSL was configured, but we failed connecting to the HTTPS port (strict SSL mode, your certificate may be self-signed). ERROR: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
|
WARN WCM Filters Configuration: The WCM Filter is in edit mode. It is recommended to disable it on production environments.
|
WARN WCM Filters Configuration: The WCM Debug Filter configuration has not been changed. It is recommended to change the default configuration for a production environment.
|
WARN WebDAV Health Check: The SimpleWebDavServlet is NOT configured.
|
WARN WebDAV Health Check: [Check the section about the Sling WebDAV bundle and servlet in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
|
WARN Web Server Configuration: The URL of the website served by the server is not configured.
|
Maintenance Task com.day.cq.audit.impl.AuditLogMaintenanceTask
|
Tags: [system] Finished: 2018-06-11 31:49 after 118ms Result: CRITICAL
|
CRITICAL Maintenance task with name 'com.day.cq.audit.impl.AuditLogMaintenanceTask' failed in the last run.
|
Maintenance Task WorkflowPurgeTask
|
Tags: [system] Finished: 2018-06-11 31:48 after 22ms Result: CRITICAL
|
CRITICAL Maintenance task with name 'WorkflowPurgeTask' failed in the last run.
|
Query Performance
|
Tags: [] Finished: 2018-06-11 31:48 after 16ms Result: CRITICAL
|
INFO Maximum number of queries per minute: 19.
|
INFO Maximum total query duration: 416 ms.
|
INFO Maximum average query duration: 21 ms.
|
CRITICAL Average query duration exceeded the 15 ms critical threshold.
|
Sling Jobs
|
Tags: [sling, jobs] Finished: 2018-06-11 31:49 after 0ms Result: CRITICAL
|
INFO Found 0 jobs queued.
|
CRITICAL There are active jobs but the last job activated was over 3600sec ago (25615sec) and is not yet finished
|
System Maintenance
|
Tags: [] Finished: 2018-06-11 31:49 after 468ms Result: CRITICAL
|
CRITICAL Maintenance Task com.day.cq.audit.impl.AuditLogMaintenanceTask: Maintenance task with name 'com.day.cq.audit.impl.AuditLogMaintenanceTask' failed in the last run.
|
CRITICAL Maintenance Task WorkflowPurgeTask: Maintenance task with name 'WorkflowPurgeTask' failed in the last run.
|
INFO Maintenance Task com.day.cq.wcm.core.impl.VersionPurgeTask: Maintenance task with name 'com.day.cq.wcm.core.impl.VersionPurgeTask' succeeded in the last run.
|
INFO Maintenance Task DataStoreGarbageCollectionTask: Maintenance task with name 'DataStoreGarbageCollectionTask' succeeded in the last run.
|
INFO Maintenance Task RevisionCleanupTask: Maintenance task with name 'RevisionCleanupTask' succeeded in the last run.
|
INFO Maintenance Task RevisionCleanupTask: Maintenance task with name 'RevisionCleanupTask' succeeded in the last run.
|
Check for default AEM content packages
|
Tags: [packages, content, startup] Finished: 2018-06-11 31:49 after 275ms Result: WARN
|
WARN Package cq-apns-content is not present
|
WARN Package cq-chart-content is not present
|
WARN Package cq-connector-content is not present
|
WARN Package cq-healthcheck-content is not present
|
WARN 4 content packages are missing or not installed (out of 44)
|
CQ Dispatcher Configuration
|
Tags: [dispatcher, production, security] Finished: 2018-06-11 31:48 after 0ms Result: WARN
|
WARN Unable to check the dispatcher's basic configuration because its address is not specified.
|
CQ HTML Library Manager Config
|
Tags: [cq, security, production] Finished: 2018-06-11 31:48 after 1ms Result: WARN
|
WARN Minification is not enabled.
|
CRXDE Support
|
Tags: [bundles, security, production] Finished: 2018-06-11 31:49 after 3ms Result: WARN
|
WARN The com.adobe.granite.crx-explorer bundle is active.
|
WARN The com.adobe.granite.crxde-lite bundle is active.
|
WARN [You can disable the CRX Development Bundles in the administration console.](/system/console/bundles)
|
WARN [See Disable CRXDE Support in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_crxde_en)
|
DavEx Health Check
|
Tags: [bundles, security, production] Finished: 2018-06-11 31:49 after 2ms Result: WARN
|
WARN The SlingDavExServlet is NOT configured.
|
WARN [The SlingDavExServlet should be configured on instances running in samplecontent mode.]( )
|
WARN [Check the section about the Sling DavEx bundle and servlet in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
|
Default Login Accounts
|
Tags: [login, security, production] Finished: 2018-06-11 31:49 after 35ms Result: WARN
|
WARN Login as [admin: admin] succeeded, was expected to fail.
|
WARN The default OSGI console credentials were not changed. It is strongly recommended to change them.
|
WARN [You can change the OSGI admin password via the configuration of the Apache Felix OSGI Management Console.](/system/console/configMgr/org.apache.felix.webconsole.internal.servlet.OsgiManager)
|
Example Content Packages
|
Tags: [login, content, example, security, production] Finished: 2018-06-11 31:49 after 375ms Result: WARN
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.client.app.ui.apps].
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.client.app.ui.content].
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.commons.content].
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.apps].
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.content].
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.enablement.author].
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.community.enablement.common].
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.config].
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.ui.apps].
|
WARN Example content package installation found based on group [adobe/aem6/sample]): [we.retail.ui.content].
|
WARN [10 example content packages installed.]( )
|
Log Errors
|
Tags: [] Finished: 2018-06-11 31:48 after 1ms Result: WARN
|
WARN [200 ERROR log messages found (from a total of 200 messages)]( )
|
Replication and Transport Users
|
Tags: [security, replication, cq] Finished: 2018-06-11 31:49 after 0ms Result: WARN
|
WARN Transport user is admin for replication agent [Offloading_replication_bcd5477c-f9ac-4a99-99c9-e6ed1169caaf].
|
WARN Transport user is admin for replication agent [Default Agent].
|
WARN Transport user is admin for replication agent [Reverse Replication Agent].
|
INFO [You can change the transport user by editing the agent settings in the Replication page.](/etc/replication.html)
|
WARN [Replication agents should not use the default 'admin' as a transport user.]( )
|
Sling Get Servlet
|
Tags: [dos, sling, security, production] Finished: 2018-06-11 31:49 after 1ms Result: WARN
|
WARN The default XML renderer is enabled.
|
Sling Java Script Handler
|
Tags: [sling, security, production] Finished: 2018-06-11 31:49 after 1ms Result: WARN
|
WARN The Sling Java Script Handler generates debug information. The system might be exposed if used as a publish environment.
|
Sling Jsp Script Handler
|
Tags: [sling, security, production] Finished: 2018-06-11 31:48 after 1ms Result: WARN
|
WARN The Sling JSP Script Handler generates debug information. The system might be exposed if used as a publish environment.
|
WARN The Sling JSP Script Handler generates mapped content. The system might be exposed if used as a publish environment.
|
Sling Referrer Filter
|
Tags: [sling, security, production, csrf] Finished: 2018-06-11 31:48 after 0ms Result: WARN
|
WARN The Sling Referrer Filter allows empty or missing referrers. The system might be exposed to CSRF attacks.
|
WARN [Check Issues with Cross-Site Request Forgery in the security guidelines](https://www.adobe.com/go/aem6_3_docs_security_siteforgery_en)
|
SSL Configuration
|
Tags: [security, production, ssl] Finished: 2018-06-11 31:49 after 797ms Result: WARN
|
WARN SSL was configured, but we failed connecting to the HTTPS port (strict SSL mode, your certificate may be self-signed). ERROR: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
|
WCM Filters Configuration
|
Tags: [cq, security, production] Finished: 2018-06-11 31:48 after 1ms Result: WARN
|
WARN The WCM Filter is in edit mode. It is recommended to disable it on production environments.
|
WARN The WCM Debug Filter configuration has not been changed. It is recommended to change the default configuration for a production environment.
|
WebDAV Health Check
|
Tags: [bundles, security, production] Finished: 2018-06-11 31:49 after 53ms Result: WARN
|
WARN The SimpleWebDavServlet is NOT configured.
|
WARN [Check the section about the Sling WebDAV bundle and servlet in the security guidelines.](https://www.adobe.com/go/aem6_3_docs_security_webdav_en)
|
Web Server Configuration
|
Tags: [webserver, production, security, clickjacking] Finished: 2018-06-11 31:49 after 0ms Result: WARN
|
WARN The URL of the website served by the server is not configured.
|
Summary
|
45 HealthCheck executed, 27 failures
|
No comments:
Post a Comment
If you have any doubts or questions, please let us know.