Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago What OS, JVM and application server, and webserver are you using?
What is your java maximum heap size set to? Original comment by jrivard on 16 Jun 2013 at 4:33
GoogleCodeExporter
commented
9 years ago Hey Jason...
OS: Windows Server 2008 R2 Standard
JVM Version: 1.7.0_11-b21
Server: Tomcat 7.0.34
Java maximum heap size: 1GB (not seeing usage rise above 12MB in jconsole)
Original comment by ajmerri...@gmail.com on 17 Jun 2013 at 5:56
GoogleCodeExporter
commented
9 years ago Can you get a packet trace from the server using wireshark while the browser is
opening and logging into pwm?Original comment by jrivard on 17 Jun 2013 at 5:59
GoogleCodeExporter
commented
9 years ago Hey Jason... first, I just wanted to say PWM is a great application and I'm
thankful to you and Menno for all your work on it.
Attached you will find the Wireshark log. Here's the background...
We have an F5 load balancer (10.40.1.23) in front of PWM (10.40.1.12).
The longest string of communication starts on Frame #80. At Frame #83, the
client first sends the "GET /pwm" request. At Frame #88 (0.2 seconds later),
the server sends an acknowledgement packet. There is no more communication
until the server sends the "HTTP/302 Found" message on Frame #95. That is *4.3*
seconds after the server sent out the acknowledgement.
After the client gets the "HTTP/302 Found", it turns around and sends a "GET
/pwm/private/" on Frame #96. That is 0.07 seconds after the client received the
"HTTP/302". The same thing happened here - the server acknowledges it on Frame
#99 which only took 0.21 seconds. Then, it took the server another *4.3*
seconds to send the “HTTP/302” Found message.
Finally, the client sends the "GET /pwm/private/Login” on Frame #111, 0.07
seconds after receiving the last “HTTP/302” response. The server
acknowledges it on Frame #114 but takes another *4.3* seconds to send the first
HTML page (HTTP/200 Ok).
Since we are running the Wireshark on the server, this rules out the F5 as the
cause. If it was the F5, we would see the server sending out the "HTTP/302"
immediately after receiving the GET requests from the clients, not 4.3 seconds
later.
Are we understanding this correctly? Is there something we can look at in PWM
to get this puppy running at normal speeds?
Original comment by ajmerri...@gmail.com on 20 Jun 2013 at 8:37
Attachments:
GoogleCodeExporter
commented
9 years ago Can you try going to config -> View -> Advanced and then config -> Settings ->
Security -> Enable Reverse DNS and then uncheck and save that option?Original comment by jrivard on 22 Jun 2013 at 5:17
GoogleCodeExporter
commented
9 years ago YES! That's it, Jason! Site is responding so quickly now! Thanks so much, man!Original comment by ajmerri...@gmail.com on 22 Jun 2013 at 7:12
GoogleCodeExporter
commented
9 years ago Glad we could help.
I'd still recommend investigating the root cause. PWM makes a reverse DNS
lookup on each request. The OS should cache a negative hit, and it looks like
it is, but then its doing a netbios lookup each time which is taking forever.
There is lots of discussion out there on this topic, many suggesting to disable
netbios resolution on w2k8, especially on internet facing servers.
Original comment by jrivard on 22 Jun 2013 at 5:45
Original issue reported on code.google.com by
ajmerri...@gmail.comon 16 Jun 2013 at 12:56