000034113 - Connection Time out and/or Cannot open connection errors on WebSphere in RSA Adaptive Authentication (OnPrem)

Document created by RSA Customer Support Employee on Sep 30, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034113
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
IssueObserving DB Connection time out and cannot open connection errors on WebSphere and aa_server.log, and degraded AA performance.
Cause"Cannot open connection" & "ConnectionWaitTimeoutException" exceptions in aa_server.log & Web Sphere SystemOut.log.
Along with "Connection not available while invoking method createOrWaitForConnection for resource jdbc/PassMarkDB" errors in the Web Sphere SystemOut.log
These errors could be caused due to low number of DB connections available in the pool.
It's recommended that the number of DB connections should at least be 30% or more of the max number of threads configured for web container.
Also, noticed below messages which suggest that the database connections in the pool are shared (default setting for Web Sphere):
 
"[9/23/16 11:00:46:384 EDT] 000000fb SharedPool    I   J2CA0086W: Shareable connection MCWrapper id c135915c  
Managed connection WSRdbManagedConnectionImpl@ee7000d3  State:STATE_TRAN_WRAPPER_INUSE Connections being held 1
Used with transaction com.ibm.ws.LocalTransaction.LocalTranCoordImpl@52babf6f;RUNNING;
 from resource jdbc/PassMarkDB was used within a local transaction containment boundary."
ResolutionIncreased the max number of connections set in the connection pool (from Web Sphere admin).
And RSA recommends setting the DB connections as "unshareable", on Web Sphere.
Follow steps below to set the connections to "unshareable", by default Web Sphere setting the connections are set to "shareable".
Please refer the below link for more information:
http://www.ibm.com/developerworks/websphere/library/techarticles/0506_johnsen/0506_johnsen.html
 
You can change the DB connections from "shareable" to "unshareable", by setting the below value inside AdaptiveAuthentication/WEB-INF/web.xml file.
Recommend applying these settings for AA Admin application & all other back office applications installed on Web sphere (inside respective web.xml files)
 
<resource-ref>
                   <description>Reference to Passmark DB Datasource</description>
                   <res-ref-name>jdbc/PassMarkDB</res-ref-name>
                   <res-type>javax.sql.DataSource</res-type>
                   <res-auth>Container</res-auth>
                   <res-sharing-scope>Unshareable</res-sharing-scope>
</resource-ref>

Attachments

    Outcomes