Re: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
Markus, Is the header name called Authentication ? If so, we had this exact same issue a few years ago. The length of this HTTP header was too long for mod_jk to process and the request was getting dropped. I think you might be able to configure the packet size of mod_jk now to get around this problem. Our solution a few years ago was I built an ISAPI filter that removed the Authentication header before it was sent to Tomcat (since this wasn't needed). Scott On Fri, Apr 17, 2009 at 10:46 AM, baumar mbj...@active.ch wrote: Hi, We are running an application on Tomcat 6. The authorization is down by IIS with Integrated Windows authentication selected. Whenever we try to access any page (with IE6), we get a request entity too large response. We switched IIS to Basic authentication, then it works. By analyzing the network traffic, we saw that IIS is adding a kerberos header with encrypted data and guess this data cannot be handled by the jconnector or tomcat. we made a test where we switched off tomcat and still got the same error, so unless we didn't get some cached reply, this means the error might be thrown by the jconnector, but we have no clear evidence. Did anybody encounter a similar case or know how to resolve this? Thanks Markus -- View this message in context: http://www.nabble.com/%22Request-entity-too-large%22-when-using-SSO-%28IIS-Integrated-Windows-authentication--Tomcat-%29-tp23099072p23099072.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JK 1.2.28 - load balancer worker fails on startup with one worker down ?
Still continuing to guess.. This is about efficiency. If mod_jk had to do a DNS lookup each time it wants to send a packet to a backend Tomcat (or at least each time it wants to create a new connection to a backend Tomcat), that would be very inefficient. So, instead, mod_jk stores the IP address of each backend Tomcat, and during normal operation uses only that stored IP. But, as a convenience, in the configuration file, it allows you to specify the worker's host as a name if you wish; and if you do that, it does the lookup once at startup, to resolve that to an IP which it stores. But if it cannot at startup do this lookup and resolve the name to an IP, then it is stuck and cannot go further. Agreed - it cannot go further for this worker. I would expect an error to get logged and the load balanced worker to continue on to the next worker configured. Because if it did go further, then it would have to store this workers'host as an unresolved name, and then it would have to do a lookup during normal operation. CQFD. Now, I have really no idea if the code is really like that, but if not at least it seems logical, doesn't it ? ;-) Yes, it does seem logical, but flawed for a load balancer. If it was a normal worker, I would 100% agree it should quit. I will go ahead and configure all the Tomcat nodes by IP address in the mod_jk config file instead of the host name. The risk of having our whole production web application go down if one host is not available is not worth this convenient feature of mod_jk. :-)
JK 1.2.28 - load balancer worker fails on startup with one worker down ?
I apologize if this a silly question, but I can't figure it out! I've looked over the documentation and I'm stumped. I have 5 load balanced workers defined. I have them setup and configured correctly. workers.properties file (partial - not including all the individual workers) --- worker.mygpgby02.type=ajp13 worker.mygpgby02.host=mygpgby02.mycompany.com worker.mygpgby02.port=8009 worker.loadbalancerprod.type=lb worker.loadbalancerprod.balance_workers=mygpgby02,mygpgby03,mygpgby04,mygpgby05,mygpgby06 worker.list=loadbalancerprod --- Now, here is the problem - one of those hosts(mygpgby06) is currently down for maintenence. Whenever I startup IIS, the ISAPI proxy won't work. The ISAPI log file shows this: (please note mycompany.com is not the actual url - i changed it) [Wed Apr 15 14:22:00.463 2009] [4208:2848] [error] jk_ajp_common.c (2526): worker mygpgby06 can't resolve tomcat address mygpgby06.mycompany.com [Wed Apr 15 14:22:00.463 2009] [4208:2848] [error] jk_worker.c (163): validate failed for mygpgby06 [Wed Apr 15 14:22:00.463 2009] [4208:2848] [error] jk_lb_worker.c (1599): Failed creating worker mygpgby06 [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_lb_worker.c (1647): NULL parameters [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_worker.c (163): validate failed for loadbalancerprod [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_worker.c (262): failed to create worker loadbalancerprod [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_uri_worker_map.c (506): Could not find worker with name 'loadbalancerprod' in uri map post processing. If I take this worker out of the balance_workers list, everything starts up fine. If I leave it in, my loadbalancerprod worker is completely dead.. According to the documentation, When starting up, the web server plugin with instantiate the workers whose name appears in the worker.list property... So - one worker in the load balancer won't start so the whole load balancer is considered a failed worker. Is there a property I'm missing to make this work ? Scott
Re: JK 1.2.28 - load balancer worker fails on startup with one worker down ?
/portal/*=loadbalancerprod The uriworkermap.properties file is correct - workers are correctly sent to it assuming all the workers are accessible. The problem is when the workers in the load balancer are being initialized, if one worker is not available, the load balance worker is considered not valid. Because its not valid, requests will not be sent to it. This does not seem to be the desired behavior of a load balancer. Scott On Wed, Apr 15, 2009 at 5:32 PM, Jorge Medina jmed...@e-dialog.com wrote: Your workers.properties looks fine. What is the content of uriworkermap.proeprties ? -Original Message- From: swbrads...@gmail.com [mailto:swbrads...@gmail.com] On Behalf Of Scott Bradshaw Sent: Wednesday, April 15, 2009 3:51 PM To: users@tomcat.apache.org Subject: JK 1.2.28 - load balancer worker fails on startup with one worker down ? I apologize if this a silly question, but I can't figure it out! I've looked over the documentation and I'm stumped. I have 5 load balanced workers defined. I have them setup and configured correctly. workers.properties file (partial - not including all the individual workers) --- worker.mygpgby02.type=ajp13 worker.mygpgby02.host=mygpgby02.mycompany.com worker.mygpgby02.port=8009 worker.loadbalancerprod.type=lb worker.loadbalancerprod.balance_workers=mygpgby02,mygpgby03,mygpgby04,my gpgby05,mygpgby06 worker.list=loadbalancerprod --- Now, here is the problem - one of those hosts(mygpgby06) is currently down for maintenence. Whenever I startup IIS, the ISAPI proxy won't work. The ISAPI log file shows this: (please note mycompany.com is not the actual url - i changed it) [Wed Apr 15 14:22:00.463 2009] [4208:2848] [error] jk_ajp_common.c (2526): worker mygpgby06 can't resolve tomcat address mygpgby06.mycompany.com [Wed Apr 15 14:22:00.463 2009] [4208:2848] [error] jk_worker.c (163): validate failed for mygpgby06 [Wed Apr 15 14:22:00.463 2009] [4208:2848] [error] jk_lb_worker.c (1599): Failed creating worker mygpgby06 [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_lb_worker.c (1647): NULL parameters [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_worker.c (163): validate failed for loadbalancerprod [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_worker.c (262): failed to create worker loadbalancerprod [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_uri_worker_map.c (506): Could not find worker with name 'loadbalancerprod' in uri map post processing. If I take this worker out of the balance_workers list, everything starts up fine. If I leave it in, my loadbalancerprod worker is completely dead.. According to the documentation, When starting up, the web server plugin with instantiate the workers whose name appears in the worker.list property... So - one worker in the load balancer won't start so the whole load balancer is considered a failed worker. Is there a property I'm missing to make this work ? Scott - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JK 1.2.28 - load balancer worker fails on startup with one worker down ?
Yep - you are right on. The machine was taken off the network and moved to a test network for a few days. It currently does not resolve. If I change the host to its old IP address (which does not respond), the system starts up just fine. I would expect to see an error in the log, but just because 1 host does not resolve, I wouldn't expect mod_jk to prevent the rest of the hosts from functioning. In the current configuration I just changed, the IP address I have now is not functioning and could be a configuration error, but mod_jk is still loading. How do I go about submitting this as an enhancement request for the next version? Thanks for your help! Scott On Wed, Apr 15, 2009 at 6:20 PM, André Warnier a...@ice-sa.com wrote: If we just stick to the actual error message for a moment, and assume it means what it says : worker mygpgby06 can't resolve tomcat address mygpgby06.mycompany.com the first question would be : why can the DNS name mygpgby06.mycompany.com not be /resolved/ to an IP address when host mygpgby06 (?) is down for maintenance ? Is there some kind of dynamic DNS system at work there ? What happens if you replace worker.mygpgby06.host=mygpgby06.mycompany.com by worker.mygpgby06.host=xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx being the actual IP address of that host) I'm just guessing here, but what if it is so that, at least at start, the load balancing members must at least be able to be resolved to an IP address, otherwise mod_jk determines that there's really something wrong with the configuration, and won't even start ? Scott Bradshaw wrote: /portal/*=loadbalancerprod The uriworkermap.properties file is correct - workers are correctly sent to it assuming all the workers are accessible. The problem is when the workers in the load balancer are being initialized, if one worker is not available, the load balance worker is considered not valid. Because its not valid, requests will not be sent to it. This does not seem to be the desired behavior of a load balancer. Scott On Wed, Apr 15, 2009 at 5:32 PM, Jorge Medina jmed...@e-dialog.com wrote: Your workers.properties looks fine. What is the content of uriworkermap.proeprties ? -Original Message- From: swbrads...@gmail.com [mailto:swbrads...@gmail.com] On Behalf Of Scott Bradshaw Sent: Wednesday, April 15, 2009 3:51 PM To: users@tomcat.apache.org Subject: JK 1.2.28 - load balancer worker fails on startup with one worker down ? I apologize if this a silly question, but I can't figure it out! I've looked over the documentation and I'm stumped. I have 5 load balanced workers defined. I have them setup and configured correctly. workers.properties file (partial - not including all the individual workers) --- worker.mygpgby02.type=ajp13 worker.mygpgby02.host=mygpgby02.mycompany.com worker.mygpgby02.port=8009 worker.loadbalancerprod.type=lb worker.loadbalancerprod.balance_workers=mygpgby02,mygpgby03,mygpgby04,my gpgby05,mygpgby06 worker.list=loadbalancerprod --- Now, here is the problem - one of those hosts(mygpgby06) is currently down for maintenence. Whenever I startup IIS, the ISAPI proxy won't work. The ISAPI log file shows this: (please note mycompany.com is not the actual url - i changed it) [Wed Apr 15 14:22:00.463 2009] [4208:2848] [error] jk_ajp_common.c (2526): worker mygpgby06 can't resolve tomcat address mygpgby06.mycompany.com [Wed Apr 15 14:22:00.463 2009] [4208:2848] [error] jk_worker.c (163): validate failed for mygpgby06 [Wed Apr 15 14:22:00.463 2009] [4208:2848] [error] jk_lb_worker.c (1599): Failed creating worker mygpgby06 [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_lb_worker.c (1647): NULL parameters [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_worker.c (163): validate failed for loadbalancerprod [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_worker.c (262): failed to create worker loadbalancerprod [Wed Apr 15 14:22:00.479 2009] [4208:2848] [error] jk_uri_worker_map.c (506): Could not find worker with name 'loadbalancerprod' in uri map post processing. If I take this worker out of the balance_workers list, everything starts up fine. If I leave it in, my loadbalancerprod worker is completely dead.. According to the documentation, When starting up, the web server plugin with instantiate the workers whose name appears in the worker.list property... So - one worker in the load balancer won't start so the whole load balancer is considered a failed worker. Is there a property I'm missing to make this work ? Scott - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
