[Alfresco] Solr requests failed with 403

[nubarron81]

Platform

Virtual Machine

bndiagnostic ID know more about bndiagnostic ID

11c1a430-62bc-e35c-b7f3-c9016c581aed

bndiagnostic output

✓ Mariadb: No issues found
✓ Resources: No issues found
? Connectivity: Found possible issues
✓ Processes: No issues found
? Apache: Found possible issues

[Connectivity]

Server ports 22, 80 and/or 443 are not publicly accessible. Please check the
following guide to open server ports for remote access:

https://docs.bitnami.com/general/faq/administration/use-firewall/

[Apache]

Found recent error or warning messages in the Apache error log.

Press [Enter] to continue:
[Mon Jul 24 07:23:42.694331 2023] [proxy_ajp:error] [pid 535:tid 
140564079048448] (70007)The timeout specified has expired: AH01030: 
ajp_ilink_receive() can't receive header

[Mon Jul 24 07:23:42.694428 2023] [proxy_ajp:error] [pid 535:tid 
140564079048448] [client **ip_address**:50338] AH00992: ajp_read_header: 
ajp_ilink_receive failed

[Mon Jul 24 07:23:42.694442 2023] [proxy_ajp:error] [pid 535:tid 
140564079048448] (70007)The timeout specified has expired: [client 
**ip_address**:50338] AH00878: read response failed from [::1]:8009 
(localhost:8009)

bndiagnostic was not useful. Could you please tell us why?

The suggested guides are not related with my issue

Describe your issue as much as you can

Category manager error:

JavaException: org.alfresco.repo.search.QueryParserException: 06240041 Solr request failed with 403 /solr/alfresco/alfresco?wt=json&fl=DBID%2Cscore&rows=1000&df=TEXT&start=0&locale=es_ES&alternativeDic=DEFAULT_DICTIONARY&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON

Tag manager error:

06240002 Wrapped Exception (with status template): 06240051 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/repository/tagging/tags.get.js': 06240050 Solr request failed with 403 /solr/alfresco/alfresco?wt=json&fl=DBID%2Cscore&rows=1000&df=TEXT&start=0&locale=es_ES&alternativeDic=DEFAULT_DICTIONARY&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON

Tried to apply the solution of #877

[jotamartos]

Hi,

That seems to be a specific error of the application when accessing Solr. We suggest you contact the Alfresco's support team to know more about the issue and how to debug it. We will keep this ticket open to allow other Bitnami users post the solution to this issue in case they also ran into it.

Thanks

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

[nubarron81]

Upgraded to the last Bitnami release. Founded that the secret in /etc/systemd/system/bitnami.alfresco-search-services.service "ExecStart=/opt/bitnami/alfresco-search-services/solr/bin/solr start -a -Dalfresco.secureComms=secret -Dalfresco.secureComms.secret=bitnami" is not the same than the configured in /opt/bitnami/tomcat/shared/classes/alfresco-global.properties
Once changed, not get 403 error, now 404.

[jotamartos]

Hi @nubarron81,

I just checked that the secret's configuration is wrong as you mentioned. I'm going to investigate this and will update this ticket when having more information.

[jotamartos]

Hi @nubarron81,

Apart from confirming the issues configuring the secret in the service and the conf file, we also reproduced the issue when accessing the category manager under admin tools. I created a task for the team to review it and release a new version of the solution with the fix. I can't provide you with an ETA but will update this ticket once we have more information.

[david-windsock]

We experienced the same problem, but after got it working for hours. The 403 error comes after a VM reboot. The only change to the VM was the password for Alfresco admin and bitnami user. Maybe this is related? We tried 7.2 and 7.4 versions.

Anyway, the #868 issue seems to be the same...

[AsierraDEV]

Came across alfresco's documentation
https://docs.alfresco.com/insight-engine/latest/install/options/

where it warns about:

"From version 2.0, you cannot install Search and Insight Engine without mutual TLS (plain HTTP) because it is no longer supported"

So solution must come about configuring the appliance so alfresco and solr use TLS.

I think this is why, after using secret, we get a 404 instead of a 403

Upgraded to the last Bitnami release. Founded that the secret in /etc/systemd/system/bitnami.alfresco-search-services.service "ExecStart=/opt/bitnami/alfresco-search-services/solr/bin/solr start -a -Dalfresco.secureComms=secret -Dalfresco.secureComms.secret=bitnami" is not the same than the configured in /opt/bitnami/tomcat/shared/classes/alfresco-global.properties Once changed, not get 403 error, now 404.

[jotamartos]

Hi @AsierraDEV,

Thanks for the information. We recently released Alfresco 23.x. Could you please check if the problem persists in that version?

[david-windsock]

Hi @jotamartos

We tried again but the problem persists:

02260002 Wrapped Exception (with status template): 02260037 Failed to execute script 'classpath*:alfresco/templates/webscripts/org/alfresco/repository/tagging/tags.get.js': 02260036 Solr request failed with 403 /solr/alfresco/alfresco?wt=json&fl=DBID%2Cscore&rows=1000&df=TEXT&start=0&locale=es_ES&alternativeDic=DEFAULT_DICTIONARY&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON

This message appears on the tag manager page...

[AsierraDEV]

Hi @AsierraDEV,

Thanks for the information. We recently released Alfresco 23.x. Could you please check if the problem persists in that version?

Hi, I've tested version 23-23.2.1-r95 debian and problem persist.

Alfresco properties still tries to use shared secret. There is no valid keystore generated

[AsierraDEV]

Upgraded to the last Bitnami release. Founded that the secret in /etc/systemd/system/bitnami.alfresco-search-services.service "ExecStart=/opt/bitnami/alfresco-search-services/solr/bin/solr start -a -Dalfresco.secureComms=secret -Dalfresco.secureComms.secret=bitnami" is not the same than the configured in /opt/bitnami/tomcat/shared/classes/alfresco-global.properties Once changed, not get 403 error, now 404.

Hi again. Got solr working finally. The problem is that I've done so many things that I'm not sure what got it working finally.

I had to create the alfresco solr cores:

• Stop solr service bitnami.alfresco-search-services stop

• Edited file /etc/systemd/system/bitnami.alfresco-search-services.service and removed parameters on startup, leaving just "_ExecStart=/opt/bitnami/alfresco-search-services/solr/bin/solr start -Dcreate.alfresco.defaults=alfresco,archive"

• start solr: service bitnami.alfresco-search-services start

• Check solr logs and directories in /opt/bitnami/alfresco-search-services/solrhome. There should by newly create alfresco and archive

• Stop solr

• Edited file /etc/systemd/system/bitnami.alfresco-search-services.service and removed parameters on startup, leaving just "_ExecStart=/opt/bitnami/alfresco-search-services/solr/bin/solr start -Dalfresco.secureComms.secret=bitnami"

• Start solr

After that, searchin in alfresco is working, even solr status still gives error 403.

Now I have to work on changing the secret by editing service file, alfresco-global-properties and solr.properties.

Hope this helps.

I have a instalation on my dev machine, on a virtualbox virtual machine. May be first boot on the machine didn't create the solr cores.

Maybe the problem fix is just stop solr, execute point 7 of https://docs.alfresco.com/insight-engine/latest/install/options/ , when using option Install without mutual TLS - HTTP with secret word (zip)., and then start solr

[jotamartos]

I'll add that information to the task I created and will increase the priority for the team to check it.