Reflection for Secure IT Server for Windows causes CPU Spike on host system

  • 7023486
  • 31-Oct-2018
  • 31-Oct-2018

Environment

Reflection for Secure IT Server for Windows 8.2 SP1 HF1 (8.2.1090) and higher
Microsoft Windows Server 2012 R2

Configuration

The setting "Session time-out (seconds):" is set to 0 (zero) which means idle sessions will remain connected unless disconnected by an intermediary device.  Key Exchange "Rekey interval (seconds):" is enabled at a recommended level above 200 seconds.

Situation

SFTP sessions left idle for long periods of time will cause Reflection for Secure IT Server for Windows (RSSW) to use a large percentage of CPU time on the host system. The host system CPU will remain close to 100 percent busy after the problem occurs. Users who continue to use SFTP sessions interactively experience very slow responsiveness.

Resolution

Workaround Steps

1. Start Reflection for Secure IT Server console.
2. Go to Configuration Tab.
3. In the settings tree on the left side of the Configuration pane mouse click General.
4. Set "Session time-out (seconds):" to a reasonable value that disconnects idle sessions.
5. Click the toolbar Save button or select Save Settings on the File menu.

Additional Information

Steps to duplicate in a test environment (do not do this in production)

1. Start Reflection for Secure IT Server console.
2. Go to Configuration Tab.
3. In the tree window on the left mouse click General.
4. Set "Session time-out (seconds):" to 0 (zero).
5. In tree window expand Encryption and mouse click Key Exchange.
6. Set the Key Exchange "Rekey interval (seconds):" to 300.
8. Go to Network and highlight the listening address being used by clients to connect.
9. Mouse click the Edit button.
10. Set the "Client keep alive (seconds)" to a value that will prevent sessions from being timed out by other devices and click OK.
11. Click Save toolbar button or go to File menu and click Save Settings.
12. Establish at least 2 SFTP client sessions and let them sit idle.

It might take 8 hours or more to reproduce the issue.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.