getEffectiveAssignments failing due to closed connection with LDAP server

  • Document ID:7007371
  • Creation Date:14-Dec-2010
  • Modified Date:10-Sep-2015
    • Micro Focus Products:
      ZENworks Configuration Management

Environment

Novell ZENworks 10 Configuration Management

Situation

Randomly, primary ZENworks server fails to deliver user assignments due to disconnected LDAP connection.
 
ERROR (in services-messages.log ):
 
[DEBUG] [11/10/10 9:54:47 AM] [] [Assignment Web Service] [] [com.novell.zenworks.datamodel.exceptions.AuthoritativeSourceConnectionException: javax.naming.CommunicationException: connection closed [[Root exception is java.io.IOException: connection closed]]; remaining name ''
 at com.novell.zenworks.datamodel.utils.ldap.LDAPUtil.handleSearchException(LDAPUtil.java:1298)
 at com.novell.zenworks.datamodel.session.jndi.ldap.LdapAuthoritativeSourceSession.search(LdapAuthoritativeSourceSession.java:1665)
 at com.novell.zenworks.datamodel.session.jndi.ldap.LdapAuthoritativeSourceSession.searchForObject(LdapAuthoritativeSourceSession.java:1521)
 at com.novell.zenworks.datamodel.session.jndi.ldap.LdapAuthoritativeSourceSession.searchForObject(LdapAuthoritativeSourceSession.java:1436)
 at com.novell.zenworks.datamodel.session.jndi.ldap.LdapAuthoritativeSourceSession.getBasicObject(LdapAuthoritativeSourceSession.java:873)
 at com.novell.zenworks.datamodel.services.authsources.AuthoritativeSourceServiceImpl.getBasicObject(AuthoritativeSourceServiceImpl.java:215)
 at com.novell.zenworks.datamodel.services.users.UserAdminImpl.getBasicObject(UserAdminImpl.java:269)
 at com.novell.zenworks.datamodel.services.effectiveassignments.EffectiveAssignmentCache.getBasicObject(EffectiveAssignmentCache.java:205)
 at com.novell.zenworks.datamodel.services.effectiveassignments.EffectiveAssignmentCache.getBasicObject(EffectiveAssignmentCache.java:182)
 at com.novell.zenworks.datamodel.services.effectiveassignments.ConsumerObjectWrapper.<init>(ConsumerObjectWrapper.java:89)
 at com.novell.zenworks.datamodel.services.effectiveassignments.EffectiveAssignmentCache.getConsumerObjectWrapper(EffectiveAssignmentCache.java:342)
 at com.novell.zenworks.datamodel.services.effectiveassignments.EffectiveAssignmentCalculator.getAllAssignments(EffectiveAssignmentCalculator.java:329)
 at com.novell.zenworks.datamodel.services.effectiveassignments.EffectiveAssignmentCalculator.getAllAssignments(EffectiveAssignmentCalculator.java:320)
 at com.novell.zenworks.datamodel.services.effectiveassignments.EffectiveAssignmentCalculator.getAllEffectiveAssignments(EffectiveAssignmentCalculator.java:194)
 at com.novell.zenworks.webservice.assignmentservice.AssignmentWebService.getAllAssignments(AssignmentWebService.java:231)
 at com.novell.zenworks.webservice.assignmentservice.AssignmentWebService.getEffectiveAssignments(AssignmentWebService.java:108)
 at com.novell.zenworks.assignment.schema.AssignmentService_ServiceTieSkeleton.getEffectiveAssignments(AssignmentService_ServiceTieSkeleton.java:41)
 at com.novell.zenworks.assignment.schema.AssignmentService_ServiceSkeleton._invoke(AssignmentService_ServiceSkeleton.java:153)
 at com.novell.soa.ws.server.ServletSkeleton.invokeEndPoint(ServletSkeleton.java:201)
 at com.novell.soa.ws.impl.soap.MessageHandlerInvoker.invokeServerMessageHandlers(MessageHandlerInvoker.java:347)
 at com.novell.soa.ws.impl.soap.SOAPHandler.handleServerRequest(SOAPHandler.java:85)
 at com.novell.soa.ws.impl.rpc.ServerDelegateImpl.handleServerRequest(ServerDelegateImpl.java:92)
 at com.novell.soa.ws.server.ServletSkeleton.handleRequest(ServletSkeleton.java:101)
 at com.novell.soa.ws.server.ServletSkeleton.doPost(ServletSkeleton.java:300)
 at com.novell.zenworks.webservice.assignmentservice.AssignmentServiceImpl.doPost(AssignmentServiceImpl.java:54)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
 at com.novell.zenworks.webservice.lib.AuthenticationFilter.doFilter(AuthenticationFilter.java:176)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
 at com.novell.zenworks.webservice.lib.StatisticFilter.doFilter(StatisticFilter.java:77)
 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
 at com.novell.zenworks.tomcat.ZENRequestValve.invoke(ZENRequestValve.java:1196)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
 at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
 at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
 at java.lang.Thread.run(Thread.java:595)
Caused by: javax.naming.CommunicationException: connection closed [[Root exception is java.io.IOException: connection closed]]; remaining name ''
 at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1986)
 at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1830)
 at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1755)
 at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
 at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
 at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
 at com.novell.zenworks.datamodel.session.jndi.ldap.NamingEnumerationPart.<init>(NamingEnumerationPart.java:115)
 at com.novell.zenworks.datamodel.session.jndi.ldap.NamingEnumerationPart.<init>(NamingEnumerationPart.java:171)
 at com.novell.zenworks.datamodel.session.jndi.ldap.LdapAuthoritativeSourceSession.search(LdapAuthoritativeSourceSession.java:1643)
 ... 46 more
Caused by: java.io.IOException: connection closed
 at com.sun.jndi.ldap.LdapClient.ensureOpen(LdapClient.java:1559)
 at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:505)
 at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1968)

 ... 54 more

Resolution

This is fixed in version 11.3 - see KB 7014213 "ZENworks Configuration Management 11.3 - update information and list of fixes", which can be found at https://support.microfocus.com/kb/doc.php?id=7014213

Workaround for prior versions:


  • For ZENworks 10.3.2 to 11.2.4, when using more than one usersource connection, backup to another directory then modify the following file to set round robin to true:
    zenworks_home\conf\datamodel\authsource\authsourceconfig.xml (Linux: /etc/opt/novell/zenworks/datamodel/authsource/authsourceconfig.xml

    <AuthSourceConfig>
      <DoConnectionRoundRobin>true</DoConnectionRoundRobin>
    </AuthSourceConfig> 
    Additionally:
    back up to another directory then modify zenworks_home\conf\datamodel\caching\administration\caching-authsources.xml (Linux: /etc/opt/novell/zenworks/datamodel/caching/administration/caching-authsources.xml)
    change timeToIdleSeconds="600" and timeToLiveSeconds="600" to some value between 5 and 10 seconds.  Do this for both sections:
     
    <!-- Configures how long to wait before retrying --> 
    and 
    <!-- Cache of authoritative sources that don't appear to be up -->
    <!-- Configures how long to wait before retrying -->
  • If using eDirectory for the user source, ensure that idle timeout, bind limit and search timeout are set to 0 (infinite).  For more information see 15.4 Configuring LDAP Objects https://www.novell.com/documentation/edir88/edir88/data/agq8auc.html
  • If using eDirectory for the user source, ensure that the eDirectory server is fully patched with the most current version of eDirectory patches.  Ensure all health checks for eDirectory show no problems.
  • Try modifying caching-authsources.xml per TID 7003298.  In this case, increase the timeToIdle and timeToLive settings noted in that TID to increase back to 4 hours to see if it helps. 
    NOTE: the times used here will govern how quickly group member assignments will be seen after the user is added to the group.
    If that helps, try decreasing by one hour per test until the best value is found.
  • If there is more than one User source connection, determine whether one LDAP server behaves better than another for consistently maintaining the connection to the ZENworks Assignment Service thread.  One LDAP server may be more responsive than another due to partitioning, resources etc.