I am digging deeper and decided to run a tcpdump between my 2 CAS servers and I
find this:
155.97.165.81.33378 > 155.97.165.82.41001: Flags [P.], cksum 0x81e2 (incorrect
-> 0x054d), seq 633005888:633005973, ack 986232864, win 296, options
[nop,nop,TS val 598826537 ecr 598440177], length 85
0x0000: 4500 0089 d556 4000 4006 e3b1 9b61 a551 E....V@[email protected]
0x0010: 9b61 a552 8262 a029 25ba e740 3ac8 b820 .a.R.b.)%..@:...
0x0020: 8018 0128 81e2 0000 0101 080a 23b1 5e29 ...(........#.^)
0x0030: 23ab 78f1 50ac ed00 0577 2200 0000 0000 #.x.P....w".....
0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0050: 0000 0000 0244 154d c9d4 e63b df74 0029 .....D.M...;.t.)
0x0060: 6f72 672e 6a61 7369 672e 6361 732e 7469 org.jasig.cas.ti
0x0070: 636b 6574 2e54 6963 6b65 7447 7261 6e74 cket.TicketGrant
0x0080: 696e 6754 6963 6b65 74 ingTicket
10:23:11.353558 IP (tos 0x0, ttl 64, id 50960, offset 0, flags [DF], proto TCP
(6), length 1509)
155.97.165.82.41001 > 155.97.165.81.33378: Flags [.], seq
986232864:986234321, ack 633005973, win 114, options [nop,nop,TS val 598440179
ecr 598826537], length 1457
0x0000: 4500 05e5 c710 4000 4006 ec9b 9b61 a552 E.....@[email protected]
0x0010: 9b61 a551 a029 8262 3ac8 b820 25ba e795 .a.Q.).b:...%...
0x0020: 8010 0072 c56e 0000 0101 080a 23ab 78f3 ...r.n......#.x.
0x0030: 23b1 5e29 51ac ed00 0577 0f02 42b5 a534 #.^)Q....w..B..4
0x0040: 0000 014b 9d8f ae8e 80be 7372 001a 6a61 ...K......sr..ja
0x0050: 7661 2e72 6d69 2e4e 6f74 426f 756e 6445 va.rmi.NotBoundE
0x0060: 7863 6570 7469 6f6e e637 f9a7 2d7c 3afb xception.7..-|:.
0x0070: 0200 0070 7872 0013 6a61 7661 2e6c 616e ...pxr..java.lan
0x0080: 672e 4578 6365 7074 696f 6ed0 fd1f 3e1a g.Exception...>.
So I am getting a java.rmi.NotBoundException. That would explain the issue I am
seeing. Now just to figure out why the ehcahce-replicated.xml works with on
version of CAS and not the other.
-Bryan
From: Bryan Wooten [mailto:[email protected]]
Sent: Wednesday, February 18, 2015 9:53 AM
To: [email protected]
Subject: RE: [cas-user] ERROR
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator
Ok, here is an update.
After not getting ehcache to work I went ahead and configured Hazelcast.
Hazelcast failed in the exact same way.
So we took our current production cas.war (3.4.12 with ehcache) and deployed to
our test environment. It works just fine.
It seems we have a much deeper and serious problem. I should point out our
build is really 3.5.2 but with MFA M6 overlay:
https://github.com/Unicon/cas-mfa/wiki/CAS-MFA-v1.0.0-M6-Overlay-Integration-Strategy
All the MFA stuff works fine, it seems as soon as we add a second CAS server we
start getting ST validation errors. The error occurs whether or not the user is
using MFA.
Thanks everyone,
Bryan
From: Jaroslav Kacer [mailto:[email protected]]
Sent: Wednesday, February 18, 2015 8:30 AM
To: [email protected]<mailto:[email protected]>
Subject: RE: [cas-user] ERROR
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator
Hi again Bryan!
I would try adding this to your Log4J config:
<logger name="net.sf.ehcache">
<level value="DEBUG" />
</logger>
And you should see if the data is being exchanged between your nodes.
This could be a good start. If you can't see anything interesting, please
provide us your EH Cache configuration, as Ben suggests.
Best Regards,
Jarda
From: Bryan Wooten [mailto:[email protected]]
Sent: 18. February 2015 12:19 dop.
To: [email protected]<mailto:[email protected]>
Cc: [email protected]<mailto:[email protected]>
Subject: Re: [cas-user] ERROR
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator
All, this issue is killing me. I was supposed to go live with this version
tomorrow morning but this issue forced me to cancel.
The symptom I am seeing is that ST's can't be validated. I believe this because
tickets are not being replicated across my 2 CAS servers. The back channel ST
validation is failing because of this.
I checked and re-checked my ehcache-replication.xml configuration. Both servers
are listening on port 40001.
I am running on RHEL and have verified that there are no firewalls in place. I
can telnet from each server to the other on port 40001.
I have set the remote port in ehcache-replication.xml to 40002 yet neither
server seems to be listening on this port.
Does anyone have suggestions for log4j settings I should set to get additional
debug info.
I did note that my pom.xml has a dependency for ehcache, but I think that is
built into the 3.5.2 overlay and I may not need that dependency.
Ehcache has work well on our 3.4.12 CAS for many years, I am now stumped. Part
of me says Dump ehcache and go to Hazelcast... JPA ticket registry is out of
the question.
Cheers,
Bryan
From: Bryan Wooten <[email protected]<mailto:[email protected]>>
Reply-To: "[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Date: Tuesday, February 17, 2015 at 10:21 AM
To: "[email protected]<mailto:[email protected]>"
<[email protected]<mailto:[email protected]>>
Subject: [cas-user] ERROR
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator
My cas.log is filled with this error: (CAS 3.5.2)
2015-02-17 07:53:18,138 ERROR
[net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator] - Exception on
flushing of replication queue: null. Continuing...
java.lang.NullPointerException
at
net.sf.ehcache.distribution.RMISynchronousCacheReplicator.listRemoteCachePeers(RMISynchronousCacheReplicator.java:335)
at
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator.writeReplicationQueue(RMIAsynchronousCacheReplicator.java:312)
at
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator.replicationThreadMain(RMIAsynchronousCacheReplicator.java:127)
at
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator.access$000(RMIAsynchronousCacheReplicator.java:58)
at
net.sf.ehcache.distribution.RMIAsynchronousCacheReplicator$ReplicationThread.run(RMIAsynchronousCacheReplicator.java:389)
I found this:
https://issues.jasig.org/browse/CAS-1174
But I am not using ClearPass.
Bryan Wooten
UIT-Common Infrastructure Systems
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to
[email protected]<mailto:[email protected]> as:
[email protected]<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
