LDAP Response Read Timed Out

LDAP Response Read Timed Out

Issue

After upgrading to 6.4.7.x, customer is experiencing various LDAP timeouts.


One example: unable to search for user's to add to link/tile objects from webAdmin's Link-Menu Admin interface.

Two seconds after clicking the search button, a stack trace with the following error appears:

StonewareException: Access to resource denied (2): Access to resource denied


Cause

If customer enables the com.stoneware.service.DirectoryManager.ds DEBUG option on the loader, they will see an error similar to the following in the resulting logging:

LDAP response read timed out, timeout used:2000ms.; remaining name 'dc=stone-ware,dc=com'

The issue being seen, is from a recent 2 second timeout that was added to prevent a deadlock caused by an LDAP call that never finishes.


Workaround

We have a workaround, that will increase the default timeout to 2 minutes (in milliseconds).  This should be high enough for the LDAP server to return a response, but also prevent the search process from never terminating.  This value can also be tailored to the environment, lowered or increased if necessary.

  1. Shutdown UW on the server.
  2. Edit the c:\stoneware\bin\webNetwork.lax using Notepad (Notepad may need to be Run As Administrator, depending on the Windows Server version).
  3. Find the lax.nl.java.option.additional= line in the webNetwork.lax file.
  4. Add this parameter to the end of that line:
    -DldapReadTimeout=120000
  5. Save the webNetwork.lax file.
  6. Start the webNetwork service from Windows Services.
  7. This needs to be done on each of your UW servers.
The UW servers will now wait 2 minutes for AD to return the results of the search request, instead of timing out after only 2 seconds.

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...
      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...
      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...
      • Related Articles

      • LDAP Error Codes

        AcceptSecurityContext error, data 52e means "bad password" AcceptSecurityContext error, data 525 means "bad user name" AcceptSecurityContext error, data 773 means "password expiring" or similar.  Standard error codes Standard LDAP errors Error / data ...
      • How to read Env Check utility output

        Problem:  Running the Env Check utility (aka Environment Check) for installation or troubleshooting and the tool is reporting errors. Solution(s):  Here are some of the common errors and possible solutions. Error: The connection attempt timed out SSL ...
      • LDAP Signing on windows server 2008 and higher

        The customer is trying to connect to a windows server 2008 domain controller and is getting : javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on ...
      • webNetwork needs to be able to connect to all LDAP registered DCs

        Issue Why does webNetwork need to be able to talk to a DC that is not on our local network? Solution Please see the following article for a complete description on how AD LDAP works: ...
      • General MS AD LDAP information.

        General MS AD LDAP information