Reflection Security Proxy Server "Too Many Open Files" Error on UNIX/Linux Systems

  • 7022460
  • 19-Apr-2001
  • 13-Mar-2018

Environment

Reflection for the Web 2014 (All Editions except Limited)
Reflection for the Web 2011 (All Editions except Standard)
Reflection for the Web 2008 (All Editions except Standard)
Reflection Security Gateway 2014 (except Limited Edition)
Reflection Administrator 2011
Reflection Administrator 2008

Situation

When running a large number of concurrent connections to the security proxy server on a Sun Solaris system, additional new connections may fail.

In the security proxy server log, you may see the following error:

Connection Error: Too many open files

If the security proxy server was started manually as an application from a shell prompt, you may also see the following Java exception:

java.net.SocketException: Too many open files

This technical note describes how to increase the number of concurrent connections to the Reflection security proxy server by increasing number of file descriptors and setting the proxy server to allow unlimited connections.

Resolution

Determining the Number of Descriptors Needed

Each security proxy server connection uses two file descriptors. In addition, a baseline of approximately 20 file descriptors is needed to run the security proxy server. To determine the number of file descriptors required, refer to the following formula:

<descriptors> = (<connections> * 2) + 20

where <connections> represents the maximum number of concurrent connections you predict the security proxy server may receive.

For example:

(22 connections * 2) + 20 = 64 descriptors

(502 connections * 2) + 20 = 1024 descriptors

Note: The number of permitted concurrent sessions is governed by your Reflection product licensing.

Increasing the File Descriptors

To increase the file descriptors, follow these steps:

  1. As a user with root privileges, open the command shell that launches the Reflection security proxy server. This should be the same shell used to configure the security proxy server.
  2. At the command line, enter the following command:
ulimit –n <descriptors>

where <descriptors> represents the integer number of descriptors needed to support the security proxy connections.

Note the following:

    • The ulimit command syntax may vary depending on your shell. For more information about using the command, refer to your Solaris documentation or man pages.
    • The shell inherits the default limit from the kernel variable rlim_fd_cur value set in the /etc/system file. The maximum number of descriptors that can be set (“hard limit”) is governed by the kernel variable rlim_fd_max.

Configuring the Security Proxy Server for Maximum Connections

In addition to increasing the file descriptors, it may be helpful to set the MaxConnections value in your Server.Properties file. To verify the MaxConnections value and change it if necessary, follow the steps below.

  1. Run the Security Proxy Wizard.
  2. Click the Advanced Settings tab.
  3. In the Other Settings group box, clear the Limit maximum connections check box if it is selected. Note: Your concurrent session limit is governed by your product licensing. Do not configure more concurrent sessions than authorized by your license.
  4. Click Save.
  5. Export the settings to the management server if prompted to do so.

If you made changes, stop and restart the security proxy server for the changes to take effect.

Cause

This problem occurs when exceeding the maximum number of file descriptors allocated to the Java Virtual Machine that is running the security proxy server. The default number of file descriptors allocated to a given process depends on the Solaris version and kernel configuration.

Solaris Release
Default Limit
Default Hard Limit
Solaris 7
64
1024
Solaris 8
256
1024
Solaris 9
256
65536

Additional Information

Legacy KB ID

This document was originally published as Attachmate Technical Note 1562.