I had to increase that parameter once for another reason.. the headers sent from certain logins would be larger than the default 8192 bytes (8K). This was caught when we logged the packets sent and received from IIS where tomcat was serving as a jsp engine. We saw no negatives on increasing it. If I recall right, we had set it to much higher than 32K
Joe From: John Sundberg Sent: Thursday, March 22, 2012 8:16 AM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: Users not able to access Mid-Tier via DNS alias but can access when using IP address ** Uggg - that seems like a tough one to figure out. Good job. -John On Thu, Mar 22, 2012 at 7:12 AM, Jiri Pospisil <jiri.pospi...@lchclearnet.com> wrote: ** Thanks all for their suggestions. The issue was at the end with maxHttpHeaderSize parameter in Tomcat configuration. It was set to 8K, but this was not enough for some users when being authenticated because Kerberos token sent in the header was larger than 8K and the result was broken HTTP request. The token seems to get bigger if the person is a member of many groups (hence only some users being affected). Changed the parameter to 32K and this resolved the issue. Not sure if there is any downside of having this set to a higher number, but so far have not seen any issues. Regards Jiri Pospisil From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Shiju John Sent: 22 March 2012 07:09 To: arslist@ARSLIST.ORG Subject: Re: Users not able to access Mid-Tier via DNS alias but can access when using IP address ** Have you added the DNS entry in the HOSTS file? This file is present in C:\Windows\System32\drivers\etc run notepad in administrator mode and add an entry as below in the HOSTS fiel: <Mid-Tier Server IP Address> <Mid-Tier DNS Name> This will resolve the issue. Thanks and Regards, Shiju John. On Thu, Mar 22, 2012 at 7:56 AM, patchsk <vamsi...@gmail.com> wrote: ** Somethings to verify: 1. OurMidTier is a DNS alias for the physical box or a loadbalanced VIP? 2. Try tracert or telnet from the client computer having issues. 3. Try with full domain ex: http://ourmidtier.abc.com/arsys/home, I have seen in the past depending on the network rules it had worked if you specify FQDN but not with the shortDNS. On Wednesday, March 21, 2012 4:43:03 AM UTC-5, Jiri Pospisil wrote: ** Hello all, This is perhaps not a Remedy issue as such, but was wondering if anybody seen anything like that. We are running mid-tier on a Windows machine and users access it via link such as http://OurMidTier/arsys/home where OurMidTier is a DNS alias of that physical box. The above link works for many users but we have some users who just get page cannot be displayed error in their browser. When we look on their machine, they can ping the alias. We also flushed the DNS cache on their PC but to no avail. What is even stranger is that if we use IP address of the mid-tier box, it connects successfully, so http://10.20.30.40/arsys/home works fine and open the home page. Then on the home page, the overview console returns message Unable to set up data connection ... (ARWARN 9351). Other consoles seem to work fine; it is only overview which I believe uses a plug-in behind it. I have tried running the Fiddler tool on the affected PC. It seems to connect to the web server and then the connection gets simply closed (admittedly, I have only a limited knowledge in that area). Has anybody seen such behaviour before? We are on AR Server 7.6.03 patch 002 for server as well as mid-tier. Browser – tested with IE 7 as well as IE 8 Web server OS – Windows 2003 (64 bit) Java - 1.6.0_26 (64 bit) Web Server - bundled Apache Tomcat - 6.0.20 Thanks for any suggestions. Jiri Pospisil LCH Clearnet ************************************************************************************************* This email is intended for the named recipient(s) only. Its contents are confidential and may only be retained by the named recipient(s) and may only be copied or disclosed with the consent of LCH.Clearnet Limited and/or LCH.Clearnet SA. If you are not an intended recipient please delete this e-mail and notify postmas...@lchclearnet.com. LCH.Clearnet Limited, LCH.Clearnet SA and each other member of the LCH.Clearnet Group accept no liability, including liability for negligence, in respect of any statement in this email. The contents of this email are subject to contract in all cases, and LCH.Clearnet Limited and/or LCH.Clearnet SA makes no contractual commitment save where confirmed by hard copy. Cet e-mail et toutes les pièces jointes (ci-après le "message") sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, est interdite, sauf autorisation expresse de LCH.Clearnet Limited et/ou LCH.Clearnet SA. Si ce message vous a été adressé par erreur, merci de le détruire et d'en avertir immédiatement postmas...@lchclearnet.com. LCH.Clearnet Limited, LCH.Clearnet SA et les autres entités du groupe LCH.Clearnet Group, ne peuvent en aucun cas être tenues responsables au titre de ce message à moins qu’il n’ait fait l’objet d’un contrat signé. LCH.Clearnet Limited, Registered Office: Aldgate House, 33 Aldgate High Street, London EC3N 1EA. Recognised as a Clearing House under the Financial Services & Markets Act 2000. Reg in England No.25932 Telephone: +44 20 7426 7000 Internet: http://www.lchclearnet.com LCH.Clearnet SA, Siège Social, 18 rue du Quatre Septembre, 75002 Paris, Chambre de Compensation conformément au Code Monétaire et Financier. ************************************************************************************************* _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ -- Thanks and Regards, Shiju John _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ -- John Sundberg Kinetic Data, Inc. "Your Business. Your Process." Recipient of: WWRUG10 Best Customer Service/Support Award WWRUG09 Innovator of the Year Award 651-556-0930 I john.sundb...@kineticdata.com www.kineticdata.com I community.kineticdata.com _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
