Skip to content

Blog

  • in Safekit
  • 1 min read

Milestone Management and SQL Service are disabled.

Use Case

The Milestone Management and SQL are running on the same server and we’re experiencing that the SQL Server (MSSQLSERVER) services keep getting Disabled when one of the servers goes down rather than just Stopping.

Solutions

Yes it is disabled when the module is stopped (in stop_prim): 

sc.exe config "MSSQLSERVER" start= disabled
And enabled when the module is started (in start_prim): 

sc.exe config MSSQLSERVER start= demand

The MSSQLSERVER service avoid to starting automatically at boot. SafeKit must start the service only after replication mechanisms have been installed on the PRIM server.

In this case Milestone Management and SQL Service set to "startup type" in Manual rather than automatic start.

On Windows, on both servers, pass the EWAM-Directory service and WAM services (pxpadmin, pxpeua, pxpgtw_main, pxpspl and WAM-Tomcat) in manual mode.

  • in WAM
  • 1 min read

Alternatives to Oracle Java / Web Start

ARTICLE TYPE
FAQ

TITLE
Alternatives to Oracle Java / Web Start

ANSWER

Oracle JRE (Web Start) Alternative
Java JRE alternatives (Web Start) can be a combination of (AdoptOpenJDK and icetea-web)

See also: OpenJDK builds

Name Price JCK certified Versions OpenJFX/JavaFX¹ Supported platforms
AdoptOpenJDK free no 8+ no Linux (.deb, .rpm, .tar), Mac, Windows
Amazon Corretto free yes 8, 11 Bundled with 8 only Linux (.deb, .rpm, .tar), Mac, Windows
Azul Zulu free yes 6+ Bundled (choose JDK FX download) Linux (.deb, .rpm, .tar), Mac, Windows
Bellsoft Liberica free 8+ Bundled (choose Full JDK download) inux (.deb, .rpm, .tar), Mac, Windows
Oracle OpenJDK free yes 7+ Linux (⚠ .tar only), Mac, Windows
Red Hat OpenJDK free yes 8+ Separate download for Java 8, Windows only Linux (⚠ RHEL only), Windows

  1. Oracle no longer maintains JavaFX/OpenJFX. At present it appears Gluon is currently developing JavaFX and provides it as a separate download: https://gluonhq.com/products/javafx/

  2. Alternative to adoptopenjdk

  3. Oracle Java Alternative

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM , WAM

Related articles:

  • in Safekit
  • 1 min read

What if you forget your safekit console admin password

  1. Open a PowerShell console as administrator
  2. Go to the root of the SafeKit installation directory (by default)
In Windows SAFE=C:\safekit if %SYSTEMDRIVE%=C:

In Linux SAFE=/opt/safekit
  1. Run on safekit cluster
.\private\bin\webservercfg -passwd pwd
./private/bin/webservercfg -passwd pwd

PS C:\safekit> .\private\bin\webservercfg.ps1 -passwd admin
Updating password for user admin
Adding password for user rcmdadmin
PS C:\safekit>

Where pwd will be your new password and login ID always be admin

Important

The password must be identical on all nodes that belong to the same SafeKit cluster. Otherwise, web console and distributed commands will fail with authentication errors.

  • in WAM
  • 1 min read

WAM and Safekit Migration Procedure

As we understand you have also Evidian WAM and Evidian High Availbilty Safekit.

In this case, you have to follow the WAM and Safekit Migration Procedure as per use case.

Migration Both Safekit and WAM

FAQ : Migration Both WAM and Safekit

Migration only WAM not Safekit

  1. Stop the ewam_gw modules on both Servers.

  2. Stop the ewam_mir modules on both Servers.

    1. Stop the first ewam_mir on the secondary server
    2. Then Primary Server and must note which node was Primary state

  3. Stop the first ewam_mir on the secondary server.

  4. Then Primary Server and must note which node was Primary state.

Four spaces the number

  • in WAM
  • 1 min read

HTTPS quick configuration wizard

ARTICLE TYPE
How To

TITLE

HTTPS quick configuration wizard (Safekit Console)

ANSWER

To re-enable the HTTP protocol for the unsecure SafeKit web console after another configuration disabled it, remove the file SAFE/web/conf/ssl/httpd.webconsolessl.conf and restart the web server.

Product:
Safekit

connection error signals a connection failure with the node. Once the connectivity problem is fixed.

Connection issues with the web console If you encounter problems for connecting to the SafeKit web console to SafeKit node, such as no reply or connection error, run the following checks and procedures: - Browser check Chrome or IE

  • Browser state clear -- Clear the browser cache -- Clear the browser SSL cache if HTTPS is used --- Look at advanced settings for the browser and search for SSL cache

  • Server check -- The safeadmin and safewebserver services are started on the server -- safekit cluster confinfo

Check all certificates

On each SafeKit nodes: Log as administrator/root and open a command shell window Change directory to SAFE/web/bin 

Run checkcert -t all
It checks all installed certificates and returns a failure if an error is detected You can check that the server certificate contains some DNS name or IP address with:

checkcert -h ”DNS name value”
checkcert -i ”Numeric IP address value”

The server certificate must contain all DNS names and/or IP addresses used for HTTPS connection. These ones must also be included into the SafeKit cluster configuration file.

Related articles:

  • in WAM
  • 2 min read

Additional heartbeat in Safekit

split-brain vs additional heartbeat

The split-brain situation in a mirror module with file replication is not good. Indeed, the sacrifice of the former secondary server causes file reintegration of this server from the primary one and the loss of data stored on the secondary during the split-brain situation.

For this reason, 2 heartbeats on two physically separate networks are recommended. Typically, a cable between the two servers will allow (1) to avoid split brain with an additional heartbeat network and (2) set the replication flow on a separate network

      <heart>
         <heartbeat>
            <server addr="172.26.76.113"/>
            <server addr="172.26.76.114"/>
         </heartbeat>

         <heartbeat ident="flow">
            <server addr="172.26.32.61"/>
            <server addr="172.26.33.62"/>
         </heartbeat>
      </heart>


      <rfs nbthread="12" nfsbox_options="nocross">
         <flow>
            <server addr="172.26.32.61"/>
            <server addr="172.26.33.62"/>
         </flow>

13.3 Heartbeats ([heart], [heartbeat] tags) Heartbeats must be used only for mirror architecture.

The basic mechanism for synchronizing two servers and detecting server failures is the heartbeat, which is a monitoring data flow on a network shared by a pair of servers. Normally, there are as many heartbeats as there are networks shared by the two servers. In normal operation, the two servers exchange their states (PRIM, SECOND, the Userconfig.xml for a module configuration 39 A2 11LT 25 223 resource states) through the heartbeat mechanism and synchronizes their application start and stop procedures. If all heartbeats are lost, it is interpreted as if the other server is down, and the local server switches to the ALONE state. Although not mandatory, it is better to have two heartbeat channels on two different networks to synchronise the two servers to avoid the split-brain case.

ident="flow" is a reserved name associated with a heartbeat declared on a replication flow. If you set a heartbeat with ident="flow", automatically the replication flow will be set on the same network. If you set ident="flow" without [rfs] configuration, the module starts blocks in WAIT state.

  • in Linux
  • 1 min read

How to change hostname in Linux

ARTICLE TYPE
FAQ

TITLE
How to change hostname in Linux

ANSWER

hostname -f

hostname newname


sudo hostnamectl set-hostname new.name

sudo sysctl kernel.hostname=new.name

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM

Related articles:

  • in WAM
  • 2 min read

Apache Tomcat Memory Leaks

ARTICLE TYPE
FAQ

TITLE
Apache Tomcat Memory Leaks

ANSWER

Kernel info 

[root@oracle bin]# uname -a

Free memory 

[root@oracle bin]# free -h

Top command Result

[root@oracle bin]# top

Third Party Tools.

JConsole and JVisualVM are Java monitoring tools that can help you monitor heap usage, garbage collection (GC) activities, and detect memory leaks.

How to find Tomcat Process ID 

ps aux | grep tomcat
ps aux | grep java

How to find Service Name 

ps aux | grep "Tomcat_PID"


[root@oracle bin]# ps aux | grep tomcat

lpfadmin  194263  4.1 28.9 4350264 1027356 pts/0 Sl   14:47   0:53 /usr/bin/java -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/evidian/lpf/api/httpserv/tomcat/endorsed -classpath /usr/evidian/lpf/api/httpserv/tomcat/bin/bootstrap.jar:/usr/evidian/lpf/api/httpserv/tomcat/bin/tomcat-juli.jar:/usr/evidian/lpf/api/httpserv/tomcat/bin/lpftctlauncher.jar -Dcatalina.base=/usr/evidian/lpf/api/httpserv/tomcat -Dcatalina.home=/usr/evidian/lpf/api/httpserv/tomcat -Djava.io.tmpdir=/usr/evidian/lpf/api/httpserv/tomcat/temp -Xms256m -Xmx1536m -Djava.security.egd=file:/dev/urandom -Djuli-logback.configurationFile=file:/usr/evidian/lpf/api/httpserv/tomcat/conf/logback.xml com.evidian.lpf.adminbean.welcome.Launcher start
root      194627  0.0  0.0 221664  2156 pts/0    S+   15:08   0:00 grep --color=auto tomcat

Where 194263 is the Process ID.

Check for Memory Leaks Using jmap

## Heap Memory Summary:
jmap -heap "Tomcat_PID"

Monitor Memory with jstat 

## Heap Usage
jstat -gc "Tomcat_PID" 1000 10

## GC Statistics:
jstat -gcutil "Tomcat_PID" 1000 10

Check Thread Usage via jstack 

## Thread Dump
jstack "Tomcat_PID" > thread-dump.txt

Analyze Using top and ps (Linux)

## Top Command:
top -p "Tomcat_PID"

## ps Command
ps -p "Tomcat_PID" -o %mem,%cpu,cmd

Check Tomcat Logs for Memory Leak Errors

Check catalina.out or your specific log files for memory leak messages

WAM Version 

[root@oracle bin]# ./lpfversion

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM , Ports , WAM

Related articles:

  • in WAM
  • 2 min read

Evidian WAM Integration with Citrix

ARTICLE TYPE
FAQ

TITLE
List of ports used by Evidian Web Access Manager

ANSWER

Citrix products utilize various technologies to provide virtualization, networking, cloud services, enterprise mobility and many more solutions.

Therefore, it is crucial to have a strong understanding of Citrix Specific Product Technologies before integrating via Evidian WAM.

Citrix Protocols

Here is a list of web protocols commonly used in Citrix products and services.

  1. ICA (Independent Computing Architecture): Core protocol for delivering virtual applications and desktops.
  2. HDX (High Definition Experience): Enhancements to ICA for optimized user experience.
  3. WebSockets: Real-time, bidirectional communication.
  4. HTTP/HTTPS: Web communication protocols.
  5. TCP/UDP: Core network transport protocols.
  6. EDT (Enlightened Data Transport): Optimized transport protocol over UDP.

For official information, please contact the Citrix Support Portal

When it relates to Citrix, these settings must be checked on WAM.

Activate Cache control

By default, Web Access Manager does not allow the caching of data sent by reverse proxies. This may cause problems with applications or protocols, as the CITRIX ICA protocol for example. Select this check box to allow the caching for the URLs Collection.

Citrix NFuse Platform

Citrix Web Interface software (previously known as NFuse) provides Web access to Java, UNIX, and Windows applications that are hosted via Citrix application server software. While Citrix offers server-side control of hosted applications, Citrix Web Interface makes applications accessible through a Web browser interface.

When using Web Access Manager as a gateway for a Citrix NFuse platform, some points need particular attention.

In the ICA protocol, when the client sets the connection to the server, an .ica file is transferred from the server to the client, and with the information provided by this file the ICA client dials the Citrix Server.

  1. With some Citrix NFuse platforms, the security gateway allows the clients to smoothly connect to the Citrix server without any specific configuration.
  2. With some others Citrix NFuse platforms, the client gets an error message "unable to locate ica file" displayed in his browser window when trying to start a Citrix session.

In this case, the definition of a specific URL collection, corresponding to the URL of the ICA file for which the cache control check box is enabled, is mandatory to have the Citrix NFuse platform properly mapped through Web Access Manager.

Active Websockets

WebSockets are used for real-time, event-driven communication between clients and servers. They are particularly useful for building applications requiring instant updates, such as real-time chat, messaging, and multiplayer games.

WAM: How to Enable Web Sockets in the WAM?

Integrated Windows authentication (IWA)

Integrated Windows authentication (IWA) enables users to log in with their Windows credentials, using Kerberos or NTLM.

WAM: IWA connections pool: When should it be turned on?

FAQ Related

WAM: Basic and NTLM Authentications

Kerberos Authentication Does Not Work with WAM

Evidian Expertise Team

For further information about integration, we recommend contacting our Evidian Expertise Team.

Product Version
WAM 9.0.9 , WAM 9.0.10

Keywords
Evidian WAM , Ports , WAM

Related articles: