Environment
Novell Access Management 3 Linux Access Gateway
Novell Access Manager 3 Interim Release 2 applied
Situation
Linux Access Gateway (LAG) configured to protect a Web portal
server that also contained a Web based email application.Users were
able to authenticate to the Identity Server and access the Web
server but the LAG server would occasionally crash. Looking at the
content of the /var/log/ics_dyn.log file immediately after the
problem occured, it looks like it has crashed while parking the
POST data during re-authentication. With this in mind, we tried to
duplicate the issue as follows:
1) Accelerate any mail server like 'nims'. Keep the attachment window open, but do not attach the file.
2) Restart novell-vmc or wait for the SOFT timeout to happen.
3) Attach the file now. LAG will try to park the POST data and redirect the browser for authentication. It crashes at this point.
From the customer's ics_dyn.log files, it looks like the crashes happened with the new POST after the soft timeout was exceeded:
First crash:
---------
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Path based child service resolution is successful
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Process request 'intranet.jhga.com''/ingres.jhga.com/mail/jwhyte.nsf/($Drafts)/$new/?EditD
Apr 27 09:19:26 amgw LINUX_AG: DATASTREAM : 34702 : Search success for the resource = /ingres.jhga.com/mail/jwhyte.nsf/($Drafts)/$new/?EditDocume
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : AuthEventManager - Process auth event AUTHENTICATION_COOKIE_VALIDATION
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : The request was redirected to ESP after timeout
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : Cookie found, reuse it
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : REDIRECT_TO_ESP
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Process data received from browser (size:0) (origin contLen:9402 remains:9402) - NO FIN
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Have not yet received the data, wait for the data
Apr 27 09:19:26 amgw LINUX_AG: PROFILER : 34702 : Browser req/resp[4056, 0, 0] [timeToResp:-1 respDuration:-1] curTime:4056 ~ServerReques
Second crash:
-----------
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Path based child service resolution is successful
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Process request 'intranet.jhga.com''/ingres.jhga.com/mail/aburr.nsf/($Drafts)/$new/?EditDocumen
Apr 27 10:47:56 amgw LINUX_AG: DATASTREAM : 35345 : Search success for the resource = /ingres.jhga.com/mail/aburr.nsf/($Drafts)/$new/?EditDocument&For
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : AuthEventManager - Process auth event AUTHENTICATION_COOKIE_VALIDATION
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : The request was redirected to ESP after timeout
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : Cookie found, reuse it
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : REDIRECT_TO_ESP
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Process data received from browser (size:0) (origin contLen:12890 remains:12890) - NO FIN
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Have not yet received the data, wait for the data
Apr 27 10:47:57 amgw LINUX_AG: PROFILER : 35345 : Browser req/resp[4770, 0, 0] [timeToResp:-1 respDuration:-1] curTime:4770 ~ServerRequest [au
1) Accelerate any mail server like 'nims'. Keep the attachment window open, but do not attach the file.
2) Restart novell-vmc or wait for the SOFT timeout to happen.
3) Attach the file now. LAG will try to park the POST data and redirect the browser for authentication. It crashes at this point.
From the customer's ics_dyn.log files, it looks like the crashes happened with the new POST after the soft timeout was exceeded:
First crash:
---------
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Path based child service resolution is successful
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Process request 'intranet.jhga.com''/ingres.jhga.com/mail/jwhyte.nsf/($Drafts)/$new/?EditD
Apr 27 09:19:26 amgw LINUX_AG: DATASTREAM : 34702 : Search success for the resource = /ingres.jhga.com/mail/jwhyte.nsf/($Drafts)/$new/?EditDocume
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : AuthEventManager - Process auth event AUTHENTICATION_COOKIE_VALIDATION
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : The request was redirected to ESP after timeout
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : Cookie found, reuse it
Apr 27 09:19:26 amgw LINUX_AG: AUTHENTICATION : 34702 : REDIRECT_TO_ESP
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Process data received from browser (size:0) (origin contLen:9402 remains:9402) - NO FIN
Apr 27 09:19:26 amgw LINUX_AG: REQUEST : 34702 : Have not yet received the data, wait for the data
Apr 27 09:19:26 amgw LINUX_AG: PROFILER : 34702 : Browser req/resp[4056, 0, 0] [timeToResp:-1 respDuration:-1] curTime:4056 ~ServerReques
Second crash:
-----------
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Path based child service resolution is successful
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Process request 'intranet.jhga.com''/ingres.jhga.com/mail/aburr.nsf/($Drafts)/$new/?EditDocumen
Apr 27 10:47:56 amgw LINUX_AG: DATASTREAM : 35345 : Search success for the resource = /ingres.jhga.com/mail/aburr.nsf/($Drafts)/$new/?EditDocument&For
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : AuthEventManager - Process auth event AUTHENTICATION_COOKIE_VALIDATION
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : The request was redirected to ESP after timeout
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : Cookie found, reuse it
Apr 27 10:47:56 amgw LINUX_AG: AUTHENTICATION : 35345 : REDIRECT_TO_ESP
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Process data received from browser (size:0) (origin contLen:12890 remains:12890) - NO FIN
Apr 27 10:47:56 amgw LINUX_AG: REQUEST : 35345 : Have not yet received the data, wait for the data
Apr 27 10:47:57 amgw LINUX_AG: PROFILER : 35345 : Browser req/resp[4770, 0, 0] [timeToResp:-1 respDuration:-1] curTime:4770 ~ServerRequest [au
Resolution
Apply Access Manager SP1 beta 1 build of the LAG
(b1nam3sp1.tar.gz).