Index: common/common-util/src/main/java/org/glassfish/admin/payload/PayloadFilesManager.java
===================================================================
--- common/common-util/src/main/java/org/glassfish/admin/payload/PayloadFilesManager.java	(revision 44814)
+++ common/common-util/src/main/java/org/glassfish/admin/payload/PayloadFilesManager.java	(working copy)
@@ -562,7 +562,7 @@
         }
         catch (Exception e) {
             reportExtractionFailure(part.getName(), e);
-            IOException ioe = new IOException();
+            IOException ioe = new IOException(e.getMessage());
             ioe.initCause(e);
             throw ioe;
         } finally {
Index: common/common-util/src/main/java/org/glassfish/admin/payload/ZipPayloadImpl.java
===================================================================
--- common/common-util/src/main/java/org/glassfish/admin/payload/ZipPayloadImpl.java	(revision 44814)
+++ common/common-util/src/main/java/org/glassfish/admin/payload/ZipPayloadImpl.java	(working copy)
@@ -285,6 +285,7 @@
                             extra.getContentType(),
                             extra.getProperties(),
                             Inbound.this);
+                    isNextEntryPrefetched = false;
                     return part;
                 }
Index: core/kernel/src/main/java/com/sun/enterprise/v3/admin/AdminAdapter.java
===================================================================
--- core/kernel/src/main/java/com/sun/enterprise/v3/admin/AdminAdapter.java	(revision 44814)
+++ core/kernel/src/main/java/com/sun/enterprise/v3/admin/AdminAdapter.java	(working copy)
@@ -115,6 +115,8 @@
         SecureAdmin.Util.ADMIN_INDICATOR_HEADER_NAME,
         SecureAdmin.Util.ADMIN_ONE_TIME_AUTH_TOKEN_HEADER_NAME};
 
+    private static final String DAS_LOOK_FOR_CERT_PROPERTY_NAME = "org.glassfish.admin.DASCheckAdminCert";
+
     @Inject
     ModulesRegistry modulesRegistry;
 
@@ -263,7 +265,17 @@
         String password = up.length > 1 ? up[1] : "";
         AdminAccessController authenticator = habitat.getByContract(AdminAccessController.class);
         if (authenticator != null) {
-            final Principal sslPrincipal = req.getUserPrincipal();
+            /*
+             * If an admin request includes a large payload and secure admin is
+             * enabled and the request does NOT include a client cert, then
+             * the getUsePrincipal invocation can cause problems.  So normally
+             * the DAS will not look for a client cert. To override this, the user can
+             * set org.glassfish.admin.DASCheckAdminCert=true but s/he should realize
+             * that this can cause problems with large uploads if secure admin
+             * is enabled and no client cert is present.
+             */
+            final Principal sslPrincipal = ! env.isDas() ||
+                    Boolean.getBoolean(DAS_LOOK_FOR_CERT_PROPERTY_NAME) ? req.getUserPrincipal() : null;
             return authenticator.loginAsAdmin(user, password, as.getAuthRealmName(),
                     req.getRemoteHost(), authRelatedHeaders(req), sslPrincipal);
         }
Index: core/kernel/src/main/java/com/sun/enterprise/v3/admin/CommandRunnerImpl.java
===================================================================
--- core/kernel/src/main/java/com/sun/enterprise/v3/admin/CommandRunnerImpl.java	(revision 44814)
+++ core/kernel/src/main/java/com/sun/enterprise/v3/admin/CommandRunnerImpl.java	(working copy)
@@ -1127,7 +1127,7 @@
             }
 
         } catch (Exception ex) {
-            logger.severe(ex.getMessage());
+            logger.log(Level.SEVERE, "", ex);
                 report.setActionExitCode(ActionReport.ExitCode.FAILURE);
                 report.setMessage(ex.getMessage());
                 report.setFailureCause(ex);
Index: admin/util/src/main/java/com/sun/enterprise/admin/remote/RemoteAdminCommand.java
===================================================================
--- admin/util/src/main/java/com/sun/enterprise/admin/remote/RemoteAdminCommand.java	(revision 44814)
+++ admin/util/src/main/java/com/sun/enterprise/admin/remote/RemoteAdminCommand.java	(working copy)
@@ -665,8 +665,19 @@
                     logger.log(Level.FINER, "Following redirection to " + redirection);
                     url = followRedirection(url, redirection);
                     shouldTryCommandAgain = true;
+                    /*
+                     * Record that, during the retry of this request, we should
+                     * use https.
+                     */
                     shouldUseSecure = url.isSecure();
+
                     /*
+                     * Record that, if this is a metadata request, the real
+                     * request should use https also.
+                     */
+                    secure = true;
+                    
+                    /*
                      * If we have been redirected to https then we can send
                      * the credentials - if we have them - on the next 
                      * request we send because the request and therefore the