Support recommends reboot when deploying a Web Tier update in Authentication Manager 8.5 and later
Originally Published: 2021-09-09
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.5.0
Platform: Linux
Platform (Other): null
O/S Version: SUSE Linux 12
Product Name: null
Product Description: null
Issue
After several hours, the customer rebooted the Web Tier, at which point it started working correctly. The Web Tier Readme does not say a reboot is required.
The reboot cleared out effective file descriptor limits and set them back to a reasonable level, and that appears to be the difference that prevented the HTTP 404 errors to the Web Tier
Tasks
2. generate new web tier package
3. Install new version of Web Tier software using the Web Tier package
4. Reboot the Web Tier.
Step 4 is not in the Web Tier Readme or manuals. However, Technical Support has been advocating for a reboot to be added to the documentation as it is typically the first fix tried whenever a new Web Tier is not working correctly after update.
Resolution
* different
During Restart
Aug 13, 2021 12:41:25,655 AM CDT> ExecuteThread: '3' for queue:
<System has file descriptor limits of soft: 16,384, hard: 16,384
Aug 13, 2021 12:41:25,655 AM CDT> <Using effective file descriptor limit of: 16,384 open sockets and files.>
During Reboot
Aug 13, 2021 8:21:16,718 AM CDT> ExecuteThread: '2' for queue:
<Using effective file descriptor limit of: 4,096 open sockets and files.>
Aug 13, 2021 8:21:16,718 AM CDT> <Using effective file descriptor limit of: 4,096 open sockets and files.>
We know that under load testing conditions, much more file descriptors are opened which can result in stack issues. We also know that for years Support has been advocating that our documentation call for a reboot of a Web Tier after it is installed. The Reboot clears out all the file descriptors and starts with a fresh limit. This is the difference and this explains what we have seen.
Notes
===AdminServerWrapper.log===
Aug 13, 2021 12:41:24,846 AM CDT> <Network Configuration for Channel "AdminServer"
Listen Address :7030 (SSL)
Aug 13, 2021 12:41:24,855 AM CDT> <Network Configuration for Channel "VirtualHostChannel"
Listen Address https://:443
Public Address https://:443
* different Aug 13, 2021 12:41:25,655 AM CDT> ExecuteThread: '3' for queue:
<System has file descriptor limits of soft: 16,384, hard: 16,384
Aug 13, 2021 12:41:25,655 AM CDT> <Using effective file descriptor limit of: 16,384 open sockets and files.>
Aug 13, 2021 12:41:25,655 AM CDT> <PosixSocketMuxer was built on Apr 24 2007 16:05:00>
Aug 13, 2021 12:41:25,717 AM CDT> <Allocating 3 reader threads.>
<Native I/O enabled.>
Reboot including restart WT services
===AdminServerWrapper.log===
Aug 13, 2021 8:21:15,606 AM CDT> <Network Configuration for Channel "AdminServer"
Listen Address :7030 (SSL)
Aug 13, 2021 8:21:15,610 AM CDT> <Network Configuration for Channel "VirtualHostChannel"
Listen Address https://:443
Public Address https://:443
* different Aug 13, 2021 8:21:16,718 AM CDT> ExecuteThread: '2' for queue:
<Using effective file descriptor limit of: 4,096 open sockets and files.>
Aug 13, 2021 8:21:16,718 AM CDT> <Using effective file descriptor limit of: 4,096 open sockets and files.>
Aug 13, 2021 8:21:16,719 AM CDT> <PosixSocketMuxer was built on Apr 24 2007 16:05:00>
Aug 13, 2021 8:21:16,797 AM CDT> <Allocating 3 reader threads.>
<Native I/O enabled.>
Related Articles
Using Vault instead of cleartext password in WildFly configuration file in RSA Identity Governance & Lifecycle Number of Views How to address a customer request for Customer Support to perform RSA Web Threat Detection upgrade Number of Views How to perform Validation checks when building Request Forms in RSA Identity Governance & Lifecycle Number of Views Obtain the version of PostgreSQL used with RSA Authentication Manager 8.x Number of Views CVE-2021-41617 Security vulnerability for RSA Authentication Manager 8.6.x Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
Don't see what you're looking for?
