K 
		
								
				
				
			
		Kevin Joseph
I have a Portal web site setup on a cluster of WebLogic servers (3 of
them) which authenticates using LDAP (port 389) against Win2k Active
Directory. There are five domain controllers on Win2k AD and I have
setup WebLogic security provider to round-robin against all of them.
We have around 10,000 users accessing this site. In the mornings, when
the peak is very high, we receive a lot of authorization failed error
messages for quite some users who hit the site. When this happens I
cannot even connect to port 389 on the domain controllers. On the
domain controllers, I see a lot of connection in TIME_WAIT (using
netstat).
Problem is that the maximum connections in TIME_WAIT is always 1000,
it never crosses 1000. Is this a limit which can be bumped up ? I have
reduced the TIME_WAIT delay to 60 (from default of 240), but that
seems to have aggravated the problem if anything else (meaning I can
hit port 389 even less frequently).
NOTE : I have already read about ephemeral ports and it does not apply
in this context as the total number of connections is only around
1500/1700.
If anyone has encountered this problem and knows a solution, please
let me know.
Kevin.
				
			them) which authenticates using LDAP (port 389) against Win2k Active
Directory. There are five domain controllers on Win2k AD and I have
setup WebLogic security provider to round-robin against all of them.
We have around 10,000 users accessing this site. In the mornings, when
the peak is very high, we receive a lot of authorization failed error
messages for quite some users who hit the site. When this happens I
cannot even connect to port 389 on the domain controllers. On the
domain controllers, I see a lot of connection in TIME_WAIT (using
netstat).
Problem is that the maximum connections in TIME_WAIT is always 1000,
it never crosses 1000. Is this a limit which can be bumped up ? I have
reduced the TIME_WAIT delay to 60 (from default of 240), but that
seems to have aggravated the problem if anything else (meaning I can
hit port 389 even less frequently).
NOTE : I have already read about ephemeral ports and it does not apply
in this context as the total number of connections is only around
1500/1700.
If anyone has encountered this problem and knows a solution, please
let me know.
Kevin.
