Hi Craig;
Re 26 OSD, unable to do so yet in a meaningful way... I had a SunRay 3
perfectly setup with 26 OSD and was collecting utwho, utsession, X info, etc.,
and it went into sleep mode at some time and therefore I can't tell what of the
collected is a result of that ... needless to say, we've disabled sleep mode.
The 26 OSD's occur daily, but it's getting our Customers to isolate a unit with
card in. Will follow up ASAP.
I'll open a support call for sure - thank you. I've been gun shy to do so ...
it took us 3 months to purchase/license solaris, and we just finally got to pay
for more RTU's. We know it's been a read for Sun/Oracle and supportive of your
team - but we've actually had to (literally) beg to pay for licenses.
>From Turbo CAM, (and you provided, via this list, some updated advice to me
>about 6 months ago - thank you!) - we have:
1. Workers = 32
2. Non invasive ways of getting DTU info... I.e. we read from
/tmp/SUNWut/dispinfo/XX and /tmp/SUNWut/displays/XX. Open the files read only,
as root.
No other Turbo CAM changes made.
Will adjust java tonight during maint window to jre included with SRS 5.1.1
package.
1200 MTU because... mostly just historical. All of our sunrays operate across
the Internet. We've had/have many firewalls with broken pmtu/icmp pathways at
Customer locations that we cannot correct. So historically, we've used 1200.
Thank you very much - 150 customer users having gone down is very stressful and
I appreciate your help. Auth.prop's included.
Thanks,
Devin
$ cat auth.props
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved
# @(#)auth.props.txt 1.73 09/09/02
# Timeout
# Terminals are required to send a message to the authentication manager
# at least once every {timeout} seconds.
timeout = 240
# Quick Timeout
# A terminal is required to respond to a 'keepAlive' message
# within {quickTimeout} seconds, if another terminal is presenting
# the same token.
quickTimeout = 10
# Workers
# This is the target number of spare threads to maintain to handle
# new terminal connections.
# Start 8 threads as default, as these threads now service callbacks
# as well.
workers = 32
# maxStarting
# This is the maximum number of sessions to initialize simultaneously.
# It is used to alleviate contention during a startup storm.
maxStarting = 1000
# Controllers
# This is the target number of spare threads to maintain to handle
# new terminal connections.
#controllers = 2
# Default Session Manager Location
# Individual authentication modules are free to override these values.
sessionHost = localhost
sessionPort = 7007
# Token name mappings.
# Mappings between token names assigned by modules and global names.
# Global names are arbitrary, but should not clash with
# names assigned by modules. This provides a low level token rename
# facility. Consider using one of the Registered policies instead.
#token.equiv = token.equiv
# Token Directory
# The authentication manager uses the file system to store token
# to session mappings so that it can recover after being restarted.
tokenDir = /var/opt/SUNWut/tokens
# Session Types
# The sessionTypesFile maps session types to start and stop commands used
# to initialize and tear down the sessions.
sessionTypesFile = sessionTypes.props
# Logfile name
# Log messages go here. (Not implemented yet, just log
# to stdout for now.)
#log = /var/opt/SUNWut/log/authlog
# Service port
# The authentication manager listens on this port for connections from
# terminals.
port = 7009
# Module Directory
# All authentication modules must be located in the following directory.
moduleDir = /opt/SUNWut/lib/modules
# Policy
# The active authentication policy determines which tokens and terminals
# are accepted and granted access to system services.
# policy = RegisteredDistributed
# Call Back Port
# The authentication manager listens on this port for requests from
# other server programs including the session manager (utsessiond).
#cbport = 7010
# Group Manager Port
# The group manager uses this port to send and receive keepalive/discovery
# messages from other auth managers.
#gmport = 7009
# Group Manager keep alive interval
# The group manager uses this as the time in seconds between
# broadcast keepalive messages
#gmKeepAliveInterval = 20
# Use IPv6 or IPv4 multicast for server communication
#enableIPv6 = false
#enableIPv4 = true
# Enable Multicast
# Flag to enable/disable use of multicast in group manager.
# If disabled, group manager will use broadcast.
# If IPv6 is enabled, it is not disabled by this flag.
#enableMulticast = true
# Multicast Address
# Multicast group address used by group manager.
# If multicast is enabled, every interface joins this multicast group.
#multicastAddress = 224.101.101.101
#multicastAddress6 = ff15::65:6565
# Multicast Time-to-Live for IPv4 or HOPS for IPv6.
# Time-to-live or HOPS parameter for forwarding multicast packets.
# If set above one, keepalive messages can pass through routers.
#multicastTTL = 1
# Call Back Timeout
# Services that use port {cbport} timeout after this many seconds.
#cbtimeout = 45
# Session Manager timeout
# Timeout period in seconds for the session manager. (No timeout is the
# default).
#smtimeout = 0
# Terminal timeout for IPv4/IPv6 check
# Timeout period in seconds for IPv4/IPv6 DTU connection check.
#ipctimeout = 180
# Allow Firmware Download
# This variable allows or disallows use of the utload command to
# download firmware to terminals.
#allowFWLoad = true
# Allow LAN Connections
# This parameter enforces the policy that only terminals on the
# private Sunray interconnect can attach to the server. Connection
# attempts from other network interfaces, including the local loopback
# interface, will be rejected.
#
#allowLANConnections = false
allowLANConnections = true
# Allow Annotations
# This variable allows or disallows use of session annotations.
# The default value is false, which only allows the "x_idle" annotation.
#allowAnnotations = false
# Terminal IP Address and Port are Secret
# Set to false in order to enable reporting to anyone of a terminal's
# IP Address and Port.
#termAddrIsSecret = true
# terminateEnable
# Enable the cleanup of empty sessions based on notification from the
# session manager. Default is false.
terminateEnable = true
# reportAllDesktopEvents
# Flag to allow/disallow reporting of all "deskTopEvents".
# Default value is false; only report transitions in "exists" parameter.
#reportAllDesktopEvents = false
# forceSessionLocation
# flag to force use of sessionHost and sessionPort settings from this
# file regardless of the wishes of the various authentication modules.
#forceSessionLocation = true
# enableGroupManager
# Flag to turn on the group manager function.
#enableGroupManager = true
# gmSignatureFile - Group Manager Signature File
# The group manager can "sign" messages to other group managers based
# on the contents of a signature file. Other group managers with the
# same signature file contents are "trusted". To be usable, the file
# must be owned by 'root' and must not be readable, writable, or
# executable by anyone else; it must contain at least 8 bytes, at
# least two of which are letters and at least one which is a non-letter.
gmSignatureFile = /etc/opt/SUNWut/gmSignature
# enableLoadBalancing
# Flag to turn on group manager load balancing.
enableLoadBalancing = true
# gmDebug
# Group manager debugging level.
#gmDebug = 0
# gmTargets
# List of group manager unicast targets. Empty by default.
# Merges with GroupManagerTargets from the DS. See utgmtarget(1M).
#gmTargets =
# The logFacility can be one of the following:
# kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron,
# local0, local1, local2, local3, local4, local5, local6, local7
#logFacility = daemon
logFacility = user
# Log priorities for different utauthd message classes can be one of the
# following:
# emerg, alert, crit, err, warning, notice, info, debug, OFF
#logPriClientError = warning
logPriClientError = info
#logPriDebug = OFF
logPriDebug = OFF
#logPriNotice = notice
logPriNotice = info
#logPriWarning = warning
logPriWarning = info
#logPriConfigError = emerg
logPriConfigError = info
#logPriUnexpectedError = err
logPriUnexpectedError = info
# Add our own timestamp to syslog messages. This may be appropriate for
# debugging or in cases where a remote syslog server is being used and
# higher resolution timestamps are required.
#logAddTimeStamp = false
# Control where server-side smart card identification and
# configuration information comes from. Valid values are:
# - a local filespec
# - the string LDAP
# Not present means don't do server-side smart card identification.
#
# 4327366
# The keys in this property specify the order in which to
# search for the configuration files. The special reserved key
# "LDAP" means go to the configured LDAP database and try to
# find config files there. Any other value refers to a local
# "probe order" file that contains a list of configuration
# file names in the order in which they should be executed
# when a card is inserted.
# All filenames are relative to the base configuration file
# directory on the local server. This directory is:
#
# /etc/opt/SUNWut/smartcard
#
# All configuration file names used in the local "probe order"
# file are also relative to the base configuration file directory.
#
# 4970321
# If at least one config file is found at one of the sources, then
# after all config files from that source have been loaded, no
# additional sources are scanned for config files.
smartcardConfigSource = LDAP probe_order.conf
# Define the types of tokens that are handled by the terminal
# rather than the auth manager. If a token of this type is seen,
# the auth manager will use the ID value generated by the
# terminal rather than trying to determine the ID on the server.
# Case is insensitive.
# MicroPayflex - Schlumberger MicroPayflex
# Mondex - Mondex MM-2
# at88sc1608 - Atmel AT88-SC1608
# Payflex - M10E-P3 Schlumberger
# Cyberflex_Access - class 00
#
terminalTokens = MicroPayflex Mondex at88sc1608 Payflex Cyberflex_Access
# Control enabling of utselect GUI in front of dtgreet screen
# If set to "true", a new session gets utselect first.
selectAtLogin=false
# Control enabling of host entry field in utselect GUI, to allow
# remote connections.
policy=utpolicy
remoteSelect=false
-----Original Message-----
From: sunray-users-boun...@filibeto.org
[mailto:sunray-users-boun...@filibeto.org] On Behalf Of Craig Bender
Sent: Thursday, January 13, 2011 10:04 PM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] utauthd crash - 5.1.1 stability problems
Hi Devin,
Were you able to grab the info during a 26 OSD code that was requested?
Sorry if I missed it. Not sure if I covered this before, but the "B"
in 26B isn't important, basically just means that you are providing DHCP
services that aren't offering all the legacy vendor class options from years
ago. In short, B is fine.
If you have support, your first step should always be to open a support call.
The support folks supply troubleshooting scripts that capture and flag
potential problems. While many of us at Oracle love and support this list,
it's not a substitute for official support channels. Only a fraction of the
engineering and field peeps from Oracle are on this list. If nothing else, a
support call gets tracked. Up to the "big wigs" if things sit too long.
Two things I'm interested in.
Since I'm responsible for the "Turbo CAM" blog that lists the increase in
worker threads, are you absolutely sure that no other mods from that blog
article are in place? While I really hate to pull blog posts because it sends
a negative, if not mixed message at best, most of those tips are stale.
If possible, can you please try redirecting Java (at least the
/etc/opt/SUNWut/jre link) to the version I1.6 update 13) that is included in
5.1.1 download under the Supplemental directory?
While we claim to support "X or later", that doesn't mean there's not a bug
either in our code or in Java build 23 that is causing problems. I have no
proof of this, but it seems unwise to rule this out. The Sun Ray Server
component of SRS 5.1.1 is 4.2 with Patch -06. Enough time has transpired since
our we "certified" the SRSS components and what you have installed (which is
actually the "latest/greatest" version of the JRE).
A couple of other questions if I may...
The MTU of 1200. Why? If these are physical Sun Rays, hard coding that should
not be necessary unless ICMP is blocked causing PMTUD to fail.
Not that it matters, but is 1200 really the max MTU on your network?
That kinds of seems odd for a LAN. That's not the cause, just curious.
Can you provide auth.props without the filters?
On 1/13/11 6:24 PM, Devin Nate wrote:
> Hi Folks;
>
> We're not having a good experience with SRS 5.1.1 post upgrades vs SRS
> 5.0. You may have seen a thread about 26B errors, and we're still
> following up and gathering info. Today we lost about 150 sun rays when
> utauthd crashed. Our only customization to auth.props is 'workers=32'
> to speed kiosk mode.
>
> I have another thread about 'random' 26B's ... now a full utauthd crash
> ... thoughts? Open a call with Oracle?
>
> We recently upgraded from java 1.5 to java 1.6.0_23.
>
> Solaris 10, all patches via smpatch, official supported paid for
> licensed version.
>
> Sun Ray server has 16GB RAM.
>
> We had a rock solid SRS 5.0 solution ... we're considering backing out
> all changes now, although that's less fun.
>
> There were no messages of memory starvation or otherwise on this server.
> /var/adm/messages clean. Contents of auth.props and the java stack
> trace attached.
>
> Thanks,
>
> Devin
>
> # cat /etc/opt/SUNWut/auth.props |grep -v "^$" |grep -v "^#"
>
> timeout = 240
>
> quickTimeout = 10
>
> workers = 32
>
> maxStarting = 1000
>
> sessionHost = localhost
>
> sessionPort = 7007
>
> tokenDir = /var/opt/SUNWut/tokens
>
> sessionTypesFile = sessionTypes.props
>
> port = 7009
>
> moduleDir = /opt/SUNWut/lib/modules
>
> allowLANConnections = true
>
> terminateEnable = true
>
> gmSignatureFile = /etc/opt/SUNWut/gmSignature
>
> enableLoadBalancing = true
>
> logFacility = user
>
> logPriClientError = info
>
> logPriDebug = OFF
>
> logPriNotice = info
>
> logPriWarning = info
>
> logPriConfigError = info
>
> logPriUnexpectedError = info
>
> smartcardConfigSource = LDAP probe_order.conf
>
> terminalTokens = MicroPayflex Mondex at88sc1608 Payflex
> Cyberflex_Access
>
> selectAtLogin=false
>
> policy=utpolicy
>
> remoteSelect=false
>
> Java Stack trace as follows:
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com utauthd: [ID 396061
> user.info] Worker24 NOTICE: MTU = 1200
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com utauthd: [ID 911656
> user.info] Worker24 UNEXPECTED: createClient:
> java.lang.NullPointerException
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com utauthd: [ID 171443
> user.info] Worker24 UNEXPECTED: java.lang.NullPointerException
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.SessionManager.readActiveSessionId(SessionManager.java:45
> 5)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.SessionManager.sessionFactory(SessionManager.java:392)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.Session.<init>(Session.java:28)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.AuthRecord.createClient(AuthRecord.java:1126)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.AuthRecord.doConnRsp(AuthRecord.java:2517)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.AuthRecord.connRsp(AuthRecord.java:2433)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.Terminal.alreadyHasAR(Terminal.java:1910)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.Terminal.continueProcess(Terminal.java:1654)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.Terminal.process(Terminal.java:1615)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.Terminal.readMessages(Terminal.java:1250)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.Terminal.taskEvent(Terminal.java:906)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.sdk.Task.event(Task.java:33)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> auth.utauthd.Worker.run(Worker.java:76)
>
> Jan 13 14:50:13 srs3.asp.cloudwerxdata.com at
> java.lang.Thread.run(Thread.java:662)
>
>
>
> _______________________________________________
> SunRay-Users mailing list
> SunRay-Users@filibeto.org
> http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
SunRay-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
SunRay-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
