01-06-2011 11:31 AM
I have a VIP built to load balance traffic to 2
SAP servers hosting the InfoViewApp. The VIP is functioning just fine, and balances traffic without a problem, but single-sign-on is not working. When a user points his/her browser to the server directly, it works, but when going through the ACE it always lands on the login page awaiting entry. I've tried IP-source, JSESSIONID, and http-cookie for stickiness, all with the same result.
Can anyone give me some advice as to what I may be missing here?
Jeff Bull
Network Analyst 2 | IGT
01-06-2011 12:06 PM
Jeff,
When you have stickyness configured, have you verified that you are indeed getting sticky entires? The show sticky database command will show all the sticky entries. Could you share the configuration you are using for sticky?
Thanks
Chris
01-06-2011 01:12 PM
Chris,
I am indeed getting a sticky created in the database (see below). Also, i've attached the sticky config for this VIP.
sticky group : SAP-BOXI_SG
type : IP
timeout : 720 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
---------------------+--------------------------------+--------------+-------+
181561366 rnosapbop1:8080 43196 -
-Jeff B
Sticky config:
sticky ip-netmask 255.255.255.255 address source SAP-BOXI_SG
timeout 720
replicate sticky
serverfarm SAP-BOXI_SF
01-06-2011 01:36 PM
Jeff,
Is this vip in production? If not can you do the following:
Clear serverfarm SAP-BOXI_SF (This will clear the counters on the serverfarm)
Attach to vip
Do sh serverfarm SAP-BOXI_SF
See which server got the connection.
Attach to vip the second time
do sh serverfarm SAP-BOXI_SF again.
you should now see 2 total connections on the same Rserver.
Can you please verify that you are indeed being stuck the the same Rserver.
Thanks
01-06-2011 01:43 PM
Here's what I get after performing those steps...looks like the traffic is sticking to the same server:
ACE/SAP_CRM# clear serverfarm SAP-BOXI_SF
ACE/SAP_CRM# sh serverfarm SAP-BOXI_SF
serverfarm : SAP-BOXI_SF, type: HOST
total rservers : 2
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: rnosapbop1
10.210.42.109:8080 8 OPERATIONAL 1 1 0
rserver: rnosapbop2
10.210.42.158:8080 8 OPERATIONAL 0 0 0
ACE/SAP_CRM# clear serverfarm SAP-BOXI_SF
ACE/SAP_CRM# sh serverfarm SAP-BOXI_SF
serverfarm : SAP-BOXI_SF, type: HOST
total rservers : 2
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: rnosapbop1
10.210.42.109:8080 8 OPERATIONAL 1 1 0
rserver: rnosapbop2
10.210.42.158:8080 8 OPERATIONAL 0 0 0
01-06-2011 01:45 PM
Jeff,
I was expecting to see total = 2. Looks like it just reconnected on the same TCP connection. You may need to close the browser and reopen it to get a new TCP connection.
01-06-2011 01:45 PM
(cont'd)...
Cleared out my browser cookies, and ran the test again....here's the result:
ACE/SAP_CRM# clear serverfarm SAP-BOXI_SF
ACE/SAP_CRM# sh serverfarm SAP-BOXI_SF
serverfarm : SAP-BOXI_SF, type: HOST
total rservers : 2
---------------------------------
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: rnosapbop1
10.210.42.109:8080 8 OPERATIONAL 3 3 0
rserver: rnosapbop2
10.210.42.158:8080 8 OPERATIONAL 0 0 0
01-06-2011 01:54 PM
Jeff,
Sticky is working and returning the Client to the same Rserver. It would be best if you would open a TAC Case so we can get some sniffer traces to look at.
Thanks,
Chris
01-06-2011 01:56 PM
Chris,
Good point, and already done. Unfortunately, I haven't received any response from my assigned engineer since yesterday afternoon, which is why I came here.
Jeff B
01-19-2011 11:34 AM
As a follow-up for anyone else reading this. The issue turned out to be a few 'setspn' commands that were needed on the SAP
servers. Once that was done (per SAP), single-sign-on began to work just fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide