I just finished applying the javascript to my three mid-tiers, and yes, it meant that my app admin had to rename about a dozen support staff who had mixed case login names and inform them of the change. I did this primarily because of the problem we have seen with mobile devices that _attempt_ to use the mid tier capitalizing the first letter - and our LDAP will authenticate them if it is otherwise correct, at which point the mid-tier caches a bad login name. Never mind that the mid-tier is useless on a mobile device; the damage to the mid-tier cache has been done. We might have considered retaining them in mixed case if we were working against Active Directory (which is mixed case) but our primary authentication system is Identity Manager which contains ~300,000 lower case login names.
This change (forcing everything lower case) will not prevent another situation, where a support staff member departs and our practice is to remove them from support status which removes their User record and login name. Then the AR server gets thread deaths when the mid-tier tries to prefetch for the previously valid login name that no longer exists. I got eight server terminations (below) tonight from one Sp1 mid-tier without doing anything - I didn't restart it - it was probably an interval-based pre-fetch check. Sun Mar 04 18:29:09 2012: AR System server terminated when a signal/exception was received by the server (ARNOTE 20) Thread Id: 3848 Version: 7.6.04 SP1 HotFix 01 201107051610 Jul 5 2011 17:17:48 ServerName: itsm76 Database: SQL -- SQL Server Hardware: x86_64 OS: Windows Server 2003 RPC Id: 235871 RPC Call: 11 (GLS) RPC Queue: 390620 Client: User <removed username> from Mid-tier (protocol 18) at IP address <xxx.xxx.xxx.xxx> Logging On: User Code: c0000005 Operation: read Access Addr: 0000000000000000 Stack Begin: Stack End Sun Mar 04 18:29:08 2012 390620 : AR System server terminated when a signal/exception was received by the server (ARNOTE 20) Sun Mar 04 18:29:08 2012 0xc0000005 Sun Mar 04 18:29:08 2012 390620 : AR System server terminated — fatal error occurred in ARSERVER (ARNOTE 21) I got 8 more server thread terminations on a different account tonight while upgrading one of the mid-tiers to SP3 for a live test by some of my production users. These were for one of the users my app admin had already changed from mixed case to all lower case - it tried to prefetch for the cached, mixed-case version and no longer could find it, and exploded. I did learn the most effective trick for eliminating a poisoned cache - where the mid-tier remembers a login name in the wrong case or that no longer exists: 1. You add another SERVER NAME in AR Server Settings, then change all four of the General Settings servers to that new one, go back and Delete the original server from AR Server Settings, and Flush the Cache. 2. Repeat the exact same steps to restore the mid-tier to the original (production) AR Server name, flushing the cache again. 3. Set the server to PRE-LOAD = Yes and restart tomcat; after the preload, set it back OFF The mid-tier is now cleaned of improper login names that will kill threads on the AR Server - for now. I have done that successfully on two of my mid-tiers so far. It must be done during a scheduled maintenance window because it definitely knocks it out of action for at least a half hour. I will be watching the system for any new thread terminations from the SP3 mid-tier to see if that SP has fixed the problem with prefetching. I suspect that it can still generate errors, especially since the AR Server is still SP1, but maybe we will get lucky. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of h@rry Sent: Monday, March 05, 2012 1:53 AM To: arslist@ARSLIST.ORG Subject: Re: Message in Error log and AR Server timeout Thanks everyone for your inputs.. @strauss, even we are working with support team on the plan to upgrade to ARS SP3, this might however take time as we don't want to jump to that straight away. Do share your findings on this once you test. @LJ, our authentication chaining mode is set to AREA - ARS, we even tried changing this to 'Off', but the behavior turned weird with even some of the valid users (having entries in both Remedy and LDAP) getting authentication failed message. Other related settings which we have made in EA tab are - Unchecked both 'Authenticate Unregistered users' and 'Cross reference blank password' and also unchecked 'Allow Guest Users' in Configuration tab. @Bill, even we have some user id's in mixed case. As per my understanding, the javascript you mentioned converts the user id's which are in mixed case to lower case irrespective of the case format in People/User form, is this true? _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"