I have a pair of Win 2012 servers running as a web-server and WCF-server and I want to increase the number of outgoing connections from the web-server to the WCF-server (which appears to be limited to 24)
Windows 2012 R2
2 CPUs (each server)
IIS 8.5 (Integrated App Pools)
ASP.NET 3.5 WebForms App
wsHttpBinding
WCF v3.5 Service
I have proved that the WCF server can handle more than 24 concurrent connections (by loading the WCF WSDL with JMeter and 800 threads) - so this is pointing me to believe that the ASP.NET outgoing connections are being throttled.
I have already tried;
adding maxconnections (into both web and WS web.config files)
changing machine.config processModel and httpRuntime value (from here)
For example:
<connectionManagement>
<add address="*" maxconnection="96"/>
</connectionManagement>
and
<processModel maxWorkerThreads="100" maxIoThreads="100" minWorkerThreads="50" />
<httpRuntime minFreeThreads="176" minLocalRequestFreeThreads="152" />
Within the web service I have already tried the service model behaviour settings too (2 CPU's);
<serviceThrottling maxConcurrentCalls="32" maxConcurrentSessions="200" maxConcurrentInstances="232"/>
Related
Running an ASP.Net Core application based on IdentityServer 4 on an AWS cluster,
after 14-21 days all outgoing HTTPS requests take 5min or more to finish.
After an investigation found that the WinHTTP Web Proxy Auto-Discovery Service dies with the following error: The endpoint mapper database entry could not be created. not sure if this is the issue or a side effect of something else that breaks lower in the OS.
Environment:
ELB with with an autoscaling group with two instances behind it, issue occurs on both
Windows Server 2019
Notes:
It is a custom AMI but the only difference with the instances that do not experience this is the product is running on it.
Happens on both .Net core 2.2 and 3.1 based versions of the application
Happens on both versions based on IdentityServer4 v2 and v3
The app is deployed self contained
The app uses Kestrel without a reverse proxy in front of it
Tried:
Enabled schannel: no errors in the schannel logs set on trace
No other notable errors in any of the EventViewer logs
Restarting the instance fixes the problem
When running curl.exe -v to an HTTPS site on the machine the request gets stuck on schannel: checking server certificate revocation
The clocks on the instances are OK
Restarting the app process does not resolve the issue
Disabling the HTTPClient in the code using the WinHTTP Web Proxy Auto-Discovery Service service still breaks the service.
For those running into this.
The root of this issue is the WinHTTP autoproxy (wpad) service which is used to autoconfigure proxy settings, WinHTTP 5.1 implements the Web Proxy Auto-Discovery (WPAD) protocol also known as autoproxy, and it must support DHCP. Now this is where the problem occurs, the AWS DHCP does not support DHCP option 252 (used by WPAD) which in turn causes the issue.
The resolution is to disable the WinHTTP service as it is turned on by default in Windows.
I am seeing this exact same problem on a bare-bones AWS Lightsail instance of Server 2019. I am simply using IIS as a reverse proxy with the URL Rewrite module.
Here are some details about my environment/scenario in case it helps narrow down some common factors.
I have zero .Net applications running on this box, it is simply a reverse proxy.
I have 2 web applications, and 2 websites setup in IIS, each is a reverse proxy for a different back-end API.
The websites in IIS on the reverse proxy use the same CA issued wildcard certificate as the back-end API's.
The back-end API's are also hosted in IIS (Server 2012 R2).
The back-end API's run in a PCI compliant environment so IIS Crypto has been used to tighten up encryption protocols/algo's. I have not used IIS Crypto on the reverse proxy yet, so as I type this I'm starting to wonder if there's an SSL aspect to this.
ColdFusion seems to cache its initial request to a web service. When modifying the web service's signature (e.g, adding a parameter to the web service method) it seems that ColdFusion has no idea how to call that web service until the "ColdFusion 2016 Application Server" Windows service is restarted. This complicates development as it affects all ColdFusion websites during that restart period effectively clearing all sessions.
The context of the execution of these web services are through the CreateObject method.
Application.MyWebServiceVariable = CreateObject("webservice", "PATH");
In the past other have mentioned using the refreshwsdl argument, as such.
oWsdlArgs = structNew();
oWsdlArgs.refreshwsdl="yes";
Application.MyWebServiceVariable = CreateObject("webservice", "PATH", oWsdlArgs );
Unfortunately this does not resolve the underlying issue where the actual Windows service must be restarted in order for ColdFusion to refresh its internal cache of that web service method signature.
I can also confirm that simply restarting the ColdFusion application using ApplicationStop() does not work.
Is there a way to recycle this internal cache of the web service signature so that developers don't need to restart the Windows service?
Additional Notes
Apparent in ColdFusion 9 to ColdFusion 2016
Web services are SOAP-based hosted on IIS
Web services' logic are within a DLL
If you are calling these webservices using createObject and/or cfinvoke, then as you have seen, CF caches the definitions. The easiest way I have found to refresh these definitions without a CF service restart is if you have access to the Coldfusion Administrator.
CF Admin -> Data & Services -> Web Services
Under there you should see an entry for each wsdl that CF has cached, with a button to use to force it to update.
We are trying to add a https web service via CFadmin in ColdFusion 8.
We have two ColdFusion applications. One on ColdFusion 2016 and other in ColdFusion 8.
The CF8 application consumes few of the Web services of CF2016 application.
Recently, we added SSL to CF2016 application. So now the URLs of this application are HTTPS.
After it, few of the modules of cf8 that were consuming the webservices of cf2016 stopped working.
We figured it out that we need to update the webservice urls in cf8 with https urls.
We tried to update the webservice urls in CFAdmin but with no success. ColdFusion doesnot allow us to do it. It shows one error message
Error creating web service. Please ensure that you have entered a correct Web Service name or URL.
We have checked the WS url in browser. It's returning the WSDL XML.
After a bit of searching we found this link
http://www.richarddavies.us/archives/2006/02/enabling_web_services.php
It suggests to add the SSL certificate to ColdFusion's Java Keystore and restart ColFusion services. We followed the steps - Imported the SSL certificate to keystore and restarted coldfusion service. But no success. We also tried restarting the whole server.
Can some suggest what else needs to be done to add HTTPS webservice to ColdFusion 8. We are currently clueless.
Configuration:
App1(non ssl) - CF8-multiserver, java6,iis7.5, windows server 2008 r2
App2(SSL installed) - CF2016, java8, iis8.5, windows server 2012 R2
The quickest solution you can do is to upgrade the CF8 to cf2016.
If Windows 2003 Server as there is no support from Microsoft for TLS 1.1 or 1.2 in this server version.
https://blogs.msdn.microsoft.com/kaushal/2011/10/02/support-for-ssltls-protocols-on-windows/
Scenario: Jetty server is configured to use Blocking connector and the servlet deployed in the jetty server is forwarding the request to other application using jetty httpclient(configured using CONNECTOR_SELECT_CHANNEL) using exchanges.
Sometimes in heavy load the thread below causes high cpu
java.lang.Thread.State: RUNNABLE
at org.mortbay.jetty.HttpGenerator.flush(HttpGenerator.java:689)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:413)
at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Could this be reason that jetty server connector(blocking) and HttpClient connection(CONNECTOR_SELECT_CHANNEL )are different? Should they be same?
I'm trying to setup an Apache Web Server, so that it balances requests of a client on two Tomcat servers. For the Web Service I uses Axis2. It is deployed on two Tomcats. When I invoke the Web Service, there is always only one Server answering, although the cluster is established. I used this tutorial, Axis2 1.6.1, Tomcat 7, Apache Web Server 2.2 and I am running it on a Windows 32 bit system.
How is it possible to balance the client requests on both Tomcats?
It might have something to do with the proxy configuration of the Web Server, but its just a thought.
If you need screenshots or else, please let me know. And sorry for my german accent :)
Usually with load-balancing (clustering) one server will be answering first - which one will be decided by load-balancer (proxy) in it's configuration. Load-balancer (proxy) usually queries all clustered servers until it finds one that is less busy. In order to tests clustered environment you have to simulate (or create) high load or you can "slow down" (or stop completely) one of the servers.
Ok it works now. It was a configuration problem in the axis2.xml file, where I had the wrong IP. now I have the following configuration on every instance:
<!-- The host name or IP address of this member -->
<parameter name="localMemberHost">127.0.0.1</parameter>
Also important is the server.xml file of the Tomcat instances. Here the Shutdown port must be different for each instance:
Instance 1:
<Server port="8005" shutdown="SHUTDOWN">
Instance 2:
<Server port="8015" shutdown="SHUTDOWN">
The connector port must be different, too:
Instance 1:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Instance 2:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8010" protocol="AJP/1.3" redirectPort="8443" />
Then I just set these adjustments in the httpd.conf file of the Apache Webserver like this:
BalancerMember ajp://127.0.0.1:8009 min=1 max=1 route=node1 loadfactor=1
BalancerMember ajp://127.0.0.1:8010 min=1 max=1 route=node2 loadfactor=1
and now my cluster works fine. Sometimes you have to go back some steps to understand whats wrong.