AJP Protocol Error – “Invalid Message Received”

Applies to: Transact 2020.1.06 and above.

Issue

You may receive an error message for unauthorized or misconfigured AJP connections, such as:

ERROR org.apache.coyote.ajp.AjpMessage- Invalid message received with signature

Root Cause

The updated Tomcat server in Transact 2020.1.06 introduces tightened security around using the AJP protocol. An incorrectly configured or unauthorized system with invalid AJP messaging may be sending messages to your Tomcat server.

Solution

If you do not need AJP messaging, disable the AJP protocol in Tomcat. For instructions on this, see How to Disable the AJP Protocol in Tomcat.

 If you are using AJP messaging, you may need to reconfigure connections to the Tomcat AJP endpoint so they align with the updated Tomcat AJP specifications. Ensure your AJP Connector secret is valid with both Tomcat and the front-end web server (e.g. Apache, Nginx, IIS). This may require you to upgrade the front-end web server to a version that supports the revised AJP Connector options.

If you are using Apache bundled with Transact, we recommend transitioning to a separate front-end web server that meets your needs, or configuring Tomcat to provide direct access to Transact. 

Note: AJP connections are not typically needed for Transact by default. These connections are sometimes used when web servers or load balancers are requirements for integration. 

For more information, see Apache Tomcat 8 Configuration Reference: The AJP Connector.