I'm working on an application running on Windows servers which requires heavy use of LDAP. For now we are stuck with the slapd LDAP server on a Windows platform - it's not great but for various reasons we are stuck with this architecture.
Our system scales with demand, so at peak times there will be more application servers. Each application server is multi-threaded and may make up to 16 concurrent connections to the single LDAP server.
Any time the system tries to make more than 64 concurrent connections to the LDAP server, the slapd will block any further connection attemps.
It's obvious that the slapd connection pool is maxed-out, but how do I make it bigger? The machine we run Slapd on is a very-powerful 8-core server, so we can theoretically a few hundred concurrent connections. Furthermore, a previous incarnation of this project ran slapd on Ubuntu Linux on a dual-core server. It was able to handle twice the load of ours without any problem, so it would appear that our troubles are Windows spesific.
Found the ansewer:
You have to re-compile slapd with the source-code changed, there's a C++ macro which specifies the connection limit.
Related
We have written (in Go and Delphi) several Windows microservices, which respond to HTTP requests on specific ports in the 11000-12000 range. These are designed to run internally within the Domain or Private network of the client (i.e. not on the internet).
They run perfectly on all but one of our 50+ client systems, on OS's ranging from Windows 7/10/11 to Windows Server 2008R2/2012/2016/2019. The installation process for each of these services sets up rules in the Windows firewall to accept the requests to each service exe.
The one client system that they dont work on is running Windows Server 2016 Essentials. This is the only client system running that specific OS, so that may be a factor in the problem.
Even locally using a web browser on that system to query the services they dont work. The requests just wait for a while and then timeout: ERR_CONNECTION_TIMED_OUT.
However the same requests to the same ports at address 127.0.0.1 (localhost) work instantly - proving the services are actually running.
The mode of failure when the targeted service is not running, or if we address the wrong port, is different. In that case we get a quick "refused to connect" failure: ERR_CONNECTION_REFUSED
There are no third party antivirus or firewall products installed on the system, which is only using Windows Defender with the normal Windows firewall. We've tried everything we can think of with the Windows firewall, including turning it off completely. Nothing we've tried made any difference.
We've tried using many alternative port numbers, but we dont get any success until we get up to the 49000 range and above, but we'd really rather not have to change from our normal port number range unless its completely unavoidable.
We've spent many hours trying to find any solution without any luck. We are really hoping that some bright person out there has some idea that will lead to finding the cause of the problem.
Unable to do the windows update through batch patch. When I tried to check for available updates, some instances are showing the error message as “Error 1601: Failed to retrieve WMI info. The RPC server is unavailable".
I have tried the below troubleshooting steps for those instances which are showing error.
1. Windows Firewall – opened ports 135 and 445
2. Checked the RPC service to see if it is running and set to automatic
3. If the instance is stopped, we have left it alone
Followed this KB https://batchpatch.com/troubleshooting-common-errors-in-batchpatch no luck. Anyone who has experience or idea what is wrong please guide me.
It's peculiar that you would post on stackoverflow rather than contacting BatchPatch support directly (https://batchpatch.com/contact) or posting on the support forum (https://batchpatch.com/forum).
The page that you linked (batchpatch.com/troubleshooting-common-errors-in-batchpatch) contains additional links for troubleshooting the 'RPC server is unavailable' error. It specifically points to these two links:
batchpatch.com/using-batchpatch-with-windows-firewall
batchpatch.com/batchpatch-ports
It is not sufficient to just open 135 and 445 in the Windows Firewall. You must open 'File and Printer sharing' and 'Windows Management Instrumentation (WMI).' In your case, probably the error is occurring because you did not open 'Windows Management Instrumentation (WMI).'
The above link also further explains:
In order for WMI to work properly… The target computer must be able to
receive and process RPC (Remote Procedure Call) requests. Both the WMI
and RPC services must be running on the target computer. If you’re
using Windows Firewall on the target computer, then please follow the
instructions on this page to configure it properly: Using BatchPatch
with Windows Firewall
(batchpatch.com/using-batchpatch-with-windows-firewall).
If you are using a hardware firewall, the configuration for WMI can
potentially be a bit trickier, depending on the particular firewall
device. WMI connections, by default, are not established on a
static/fixed port. Instead WMI uses dynamic port configuration for its
connections, which means that the actual ports used for a given
connection are established on-the-fly at the time of connection. Each
connection will end up using different ports. In the context of a
classic hardware firewall, this used to be a problem because hardware
firewalls would typically require any open ports to be configured
manually. An enterprise firewall administrator could never know in
advance which ports would need to be opened. However, fortunately many
modern firewalls now implement DCE/RPC, which solves this problem and
allows the use of dynamic ports for WMI/RPC. If you have a network
level hardware firewall in place between the BatchPatch computer and
the target computers, you’ll need to configure it to allow DCE/RPC, so
that it can open the necessary ports, on-the-fly, for each WMI
connection. More info on DCE/RPC can be found at the following two
links:
en.wikipedia.org/wiki/DCE/RPC
wiki.wireshark.org/DCE/RPC
For testing purpose, I have installed Cassandra Single Node server in my windows 64-bit System where the Cassandra Server running Continuously as a Service. After 2 or 3 Days of Continuous run, my System is getting hanged which does not allows any operations at all. But Cassandra Server is serving requests from Client applications with out creating any problem. What is the reason for this problem and How to solve this issue?
I have a program consisting of a server and a client processes. Both run on Windows systems - Windows 2000 or later versions. The two processes can run on the same machine or on two different machines.
How can the client determine if it is run on the same machine as the server? If the server is not running the client can't work anyway and doesn't care where the server possibly is - so this case is out of the question. I've heard that each Windows machine has an UUID - can I obtain it and use for that purpose?
Windows networking requires computer names to be unique, so calling the GetComputerName api and having the client and server swap names (and compare the received name to the name they see) should suffice. If the client and server can start up independently of one another then you'll need some sort of protocol for this process. It seems logical for the client to initiate the exchange, and the server to only send its name when it has received a name from a client. The client can then abort the connection if it sees the same name.
I believe most virtual machine systems will allow the virtual machine to have its own name, so it should still be possible for you to test on virtual machines. However I don't have extensive experience of all the virtualisation technologies out there, so can't say for sure.
Previous question about generating a unique machine id that might help.
Link to previous answer which mentions MachineGUID
It is straightforward to add an API to the server that reports its machine name. The environment variable is COMPUTERNAME. The client could check that, right?
Do you need to deal with any of these cases?
The client is running, but the server is not responding, and you want to know whether the unresponsive server is on a remote machine.
The client and the server are running in two distinct virtual machines on the same host machine, and you want to report that as "running on the same machine."
The client is running in a virtual machine hosted by the same machine as the server is running on, and you want to report that as "running on the same machine."
The client and the server are running on uncoordinated networks and both might have been assigned the same name.
The server is possibly hostile, and will attempt to deceive the client.
The network card will have a unique MAC. If both server and client report the same MAC then they are using the same network card. If both client and server are running in different virtual machines but using the same network card, do you consider them running on the same machine or different machines?
how about trying to establish a loopback tcp connection? or maybe checking for some lock file created by the server in a predefined folder...
I don't know exactly how, but there's for sure something equivalent in Win32 to the /proc filesystem in Unix (I think there are free replacements for the windows taskmanager, maybe you could look at their sources) where you could search for your server process.
I'm in need of setting up cron-based VPN connectivity from Ubuntu "Jaunty" to a Windows-based VPN over PPTP for incremental DB synchronization. Using the default Network Manager and PPTP module everything seems to work fine. However, I have 2 issues:
1) Despite checking "Use this only for resources", I still lose my local internet connection and am routed through their servers.
2) As a result of 1 I have need to automate connecting to and disconnecting from the VPN in order to perform various tasks as the machine is at the office and I am not.
Much of the information I'm finding on PPTPing from Linux to Windows involves the use of GUI Network Manager, etc. However, I need to perform these steps from the command line for the sake of automation. Can anyone point me to a quality bit of documentation for this specific case?
Best.
http://pptpclient.sourceforge.net/
I think this site has everything that you need :)