Win2k - max conn in time_wait

  • Thread starter Thread starter Kevin Joseph
  • Start date Start date
K

Kevin Joseph

I have a Portal web site setup on a cluster of WebLogic servers (3 of
them) which authenticates using LDAP (port 389) against Win2k Active
Directory. There are five domain controllers on Win2k AD and I have
setup WebLogic security provider to round-robin against all of them.
We have around 10,000 users accessing this site. In the mornings, when
the peak is very high, we receive a lot of authorization failed error
messages for quite some users who hit the site. When this happens I
cannot even connect to port 389 on the domain controllers. On the
domain controllers, I see a lot of connection in TIME_WAIT (using
netstat).

Problem is that the maximum connections in TIME_WAIT is always 1000,
it never crosses 1000. Is this a limit which can be bumped up ? I have
reduced the TIME_WAIT delay to 60 (from default of 240), but that
seems to have aggravated the problem if anything else (meaning I can
hit port 389 even less frequently).

NOTE : I have already read about ephemeral ports and it does not apply
in this context as the total number of connections is only around
1500/1700.

If anyone has encountered this problem and knows a solution, please
let me know.

Kevin.
 
I have a Portal web site setup on a cluster of WebLogic servers (3 of
them) which authenticates using LDAP (port 389) against Win2k Active
Directory. There are five domain controllers on Win2k AD and I have
setup WebLogic security provider to round-robin against all of them.
We have around 10,000 users accessing this site. In the mornings, when
the peak is very high, we receive a lot of authorization failed error
messages for quite some users who hit the site. When this happens I
cannot even connect to port 389 on the domain controllers. On the
domain controllers, I see a lot of connection in TIME_WAIT (using
netstat).

Problem is that the maximum connections in TIME_WAIT is always 1000,
it never crosses 1000. Is this a limit which can be bumped up ? I have
reduced the TIME_WAIT delay to 60 (from default of 240), but that
seems to have aggravated the problem if anything else (meaning I can
hit port 389 even less frequently).

NOTE : I have already read about ephemeral ports and it does not apply
in this context as the total number of connections is only around
1500/1700.

If anyone has encountered this problem and knows a solution, please
let me know.

Kevin.
Click to expand...


Just grasping at straws, but see if tip 8354 in the 'Tips & Tricks' at
http://www.jsiinc.com helps.


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
Back
Top