ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

IM Fatal error - Unable to parse web.xml


Article ID: 213792


Updated On:


CA Identity Manager


After migrating CA IM (Identity Manager) 14.2 (over JBoss eap6.4) to Symantec IM (Identity Manager) 14.4 (over JBoss eap 7.2 / Wildfly 15.x), the application server log shows following error:

15:07:13,219 FATAL [org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser] (ServerService Thread Pool -- 124) Unable to parse web.xml:
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]
 at [rt.jar:1.8.0_181]


This happens when IM machine cannot access file which resides in the Internet, i.e. Document Type Definition file that defines the structure and the legal elements and attributes of an XML document. IM requires access to the dtd file to parse the \standalone\deployments\iam_im.ear\user_console.war\WEB-INF\web.xml



Release : 14.4 GA

Component : IdentityMinder(Identity Manager)


Non-vApp case:

Review the \standalone\deployments\iam_im.ear\user_console.war\WEB-INF\web.xml and test the access from the server to the specified dtd file.

If you find or know, that the server does not have access to this file, go to a system where you can access this file, download it, place it locally to Wildfly /Jboss, then change the pointer to reference the local file path:

Then restart the application server and check the error is gone.

vApp Case:

There is no write privilege for 'config' user to modify web.xml file in vApp. Please do the following to workaround this problem.

1. Build a Windows Server with IIS that runs on the network reachable by the vApp

2. Create dtd directory under C:\inetpub\wwwroot directory and store downloaded web-app_2_3.dtd file in there.

3. Using IIS manager, select the Default Web Site node and double-click MIME Type and modify .dtd entry to have application/octet-stream MIME type. Restart the IIS service.

3. On the vApp, add the following custom host entry in /opt/CA/VirtualAppliance/custom/hosts file

<IIS machine IP Address>

Note: Replace <IIS machine IP Address> with actual IIS machine's IP address

4. On the vApp, run the following alias


5. On the vApp, restart IM


Additional Information

Status on July/23 about 14.4 GA Virtual Appliance installation type:

Check if new CP was published with a HF about this problem if yes, use the new CP and skip the above workaround.