You need to configure your firewall properly. With a firewall, you can define what types of packets can create a state entry on the firewall. Typical is syn, syn ack. Even if there is no state entry, a new packet should create a new state (not be dropped). If a new packet does not create a new state, change the firewall rules so that it does. A network dump will tell you what type of packet is going out; the firewall logs should tell you what type of packet was rejected.
I could see that this would be a problem if the midtier servers were behind a NAT. Is this the case? Axton Grams On Tue, Nov 17, 2009 at 12:07 PM, Leihkauff, Kenneth <kenneth.g.leihka...@saic.com> wrote: > ** > > Hello, > > > > We have a firewall between our MidTier server and ARS system. The firewall > is configured to drop tcp connections after being idle for 60 minutes > (typical/default firewall setting). Several MidTier user sessions will make > use of a shared tcp connection so you might have 100 sessions but > significantly fewer tcp connections. During idle times (like at night), the > firewall will discard these idle tcp connections but the MidTier server will > still retain these tcp references (this can be seen by using “netstat > –anto”). So, when users get back on the system, MidTier apparently is > trying to utilize one of these defunct tcp connections so you end up with > problems like ARERR 91 rpc timeouts because these tcp connections are broken > pipes. > > > > Is there a MidTier/Tomcat or other setting that you have found addresses > this problem? > > > > Thanks. > > > > Ken > > > > Background: > > Version 7.5 patch 3 > > MidTier – Linux, Tomcat JSP > > ARS – Linux, Oracle 10g > > _Platinum Sponsor: rmisoluti...@verizon.net ARSlist: "Where the Answers > Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor:rmisoluti...@verizon.net ARSlist: "Where the Answers Are"
