Linux Access Gateway crashing when accessing protected resource

  • 3697158
  • 16-May-2007
  • 26-Apr-2012

Environment


Novell Access Management 3 Linux Access Gateway
Novell Access Manager 3 Interim Release 2 applied

Situation

Linux Access Gateway (LAG) configured to protect a Web portal server that also contained a Web based email application.Users were able to authenticate to the Identity Server and access the Web server but the LAG server would occasionally crash. Looking at the content of the /var/log/ics_dyn.log file immediately after the problem occured, it looks like it has crashed while parking the POST data during re-authentication. With this in mind, we tried to duplicate the issue as follows:

1) Accelerate any mail server like 'nims'. Keep the attachment window open, but do not attach the file.
2) Restart novell-vmc or wait for the SOFT timeout to happen.
3) Attach the file now. LAG will try to park the POST data and redirect the browser for authentication. It crashes at this point.

From the customer's ics_dyn.log files, it looks like the crashes happened with the new POST after the soft timeout was exceeded:

First crash:
---------

Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Path based child service resolution is successful
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Process request 'intranet.jhga.com''/ingres.jhga.com/mail/jwhyte.nsf/($Drafts)/$new/?EditD
Apr 27 09:19:26 amgw LINUX_AG: DATASTREAM : 34702 : Search success for the resource = /ingres.jhga.com/mail/jwhyte.nsf/($Drafts)/$new/?EditDocume
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : AuthEventManager - Process auth event AUTHENTICATION_COOKIE_VALIDATION
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : The request was redirected to ESP after timeout
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : Cookie found, reuse it
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : REDIRECT_TO_ESP
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Process data received from browser (size:0) (origin contLen:9402 remains:9402) - NO FIN
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Have not yet received the data, wait for the data
Apr 27 09:19:26 amgw LINUX_AG: PROFILER : 34702 : Browser req/resp[4056, 0, 0] [timeToResp:-1 respDuration:-1] curTime:4056 ~ServerReques

Second crash:
-----------
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Path based child service resolution is successful
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Process request 'intranet.jhga.com''/ingres.jhga.com/mail/aburr.nsf/($Drafts)/$new/?EditDocumen
Apr 27 10:47:56 amgw LINUX_AG: DATASTREAM : 35345 : Search success for the resource = /ingres.jhga.com/mail/aburr.nsf/($Drafts)/$new/?EditDocument&For
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : AuthEventManager - Process auth event AUTHENTICATION_COOKIE_VALIDATION
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : The request was redirected to ESP after timeout
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : Cookie found, reuse it
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : REDIRECT_TO_ESP
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Process data received from browser (size:0) (origin contLen:12890 remains:12890) - NO FIN
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Have not yet received the data, wait for the data
Apr 27 10:47:57 amgw LINUX_AG: PROFILER : 35345 : Browser req/resp[4770, 0, 0] [timeToResp:-1 respDuration:-1] curTime:4770 ~ServerRequest [au

Resolution

Apply Access Manager SP1 beta 1 build of the LAG (b1nam3sp1.tar.gz).

Feedback service temporarily unavailable. For content questions or problems, please contact Support.