500: Server Error [20-0004]

when you get below mentioned error

500: Server Error [20-0004]

This is siteminder Web Agent error, If your website is SSO protected, then it might have Siteminder ISAPI issue with initializing.

Check Event and SSO logs.


Thread: HTTP Error 400 – Bad Request – Request Too Long

When you get error given below while browsing application hosted on IIS 6 or 7.0.


Bad Request – Request Too Long


HTTP Error 400. The size of the request headers is too long.

400 - Bad Request

Solution :

Create DWORD keys in register @ HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters”

Name Value
MaxFieldLength 32767(Decimal)
MaxRequestBytes 16777216(Decimal)

and reboot the server as http.sys will not take these parameters in effect until you reboot the server.

Related Article:


Tomcat service terminated unexpectedly ?

You will get this Event after SAN changes or moving tomcat from one Disk location to another on Windows.

The tomcat55 service terminated unexpectedly. It has done this x time(s).

Compare old directory with windiff and if you find follwing file missing then tomcat service will not start. also this files should have very specific permissions.

only the service account should have ownership permission and no ohter user should have any kind of permisions otherwise tomcat service will terminate itself during startup.

jmxremote.password & snmp.acl

you can setup permission again using the steps given below.

Login with the service account.

Below describes how to set the file permissions of the password
file on a Windows system using NTFS so that only the owner has read
and write permissions on this file. If the file system is FAT32,
the file system security is not supported and the password
file cannot be secured.

  1. Right-click on the jmxremote.password file and
    select the Properties option.Explorer
  2. Select the Security tab:File Properties

    Note: If you are on Windows XP and the computer is not part of
    a domain, then the Security tab may be missing.
    To reveal the Security tab, do the following:

    1. Open Windows Explorer, and choose Folder Options from the
      Tools menu.
    2. Select the View tab and scroll to the bottom of
      the Advanced Settings and clear the check box next to “Use
      Simple File Sharing.”
    3. Click OK to apply the change

    Folder Options

    When you restart Windows Explorer, the Security tab should now be

  3. Select the Advanced button in the Security tab:Security
  4. Select the Owner tab to check if the file owner matches
    the user under which the VM is running:Advanced Security Setting
  5. Select the Permission tab to set the permissions:If there are permission entries inherited from a parent directory that
    allow users or groups other than the owner access to the file,
    then clear the “Inherit from parent the permission entries that apply to
    child objects” checkbox as shown in the following:

    Clear Inherit

    At this point it will prompt you to ask if the inherited permissions should
    be copied from the parent or removed. Press the Copy button:

    Copy Permission

    Then remove all permission entries that grant access to users or groups
    other than the file owner by clicking the user or group and press
    the Remove button for all users and groups except the file owner.
    Now there should be a single permission entry which grants
    Full Control to the owner.


Press OK to apply the file security change. The password file is now secure and can only be accessed by the owner.

How to generate 2048-bit keypair using Sun One or iPlanet 6.1 servers?

  1. Log on to the web server that you want to create the CSR for.
  2. Open a command prompt and go to the Sun One Webserver admin bin directory (i.e. c:\Sun\WebServer6.1\bin\https\admin\bin)
  3. Run the following command:

    certutil -R -s “CN=www.mywebsite.com,OU=Test,O=India,L=Mumbai,ST=MAH,C=IN” -a -o mycsr.csr -k rsa -g 2048 -v 12 -d (location of Sun One WebServer directory)\alias -P https-www.mywebsite.com-www- -Z SHA1

Note: Change the value of CN, OU, O, L, ST and C fields appropriately to suit your website and company. Change the value of the -P option to suit the web instance (i.e. c:\Sun\WebServer6.1\alias).

This will generate the files https- http://www.mywebsite.com-www-cert8.db and https- http://www.mywebsite.com-www-key3.db files.  The output file, mycsr.csr, will be the certificate signing request file.