[jcifs] jcifs failing randomly in Win2003 environment
Paul
paul.pree at bmssolutions.com
Wed May 17 06:47:26 GMT 2006
Hi Mike
I'm having a problem with consistency of access in a Windows 2003 environment
(SDK 1.4.2_10, Tomcat 5.5.15 with Compatibility, JCIFS 1.2.9). Initially I had
the problem where only the first user could connect and subsequent users got
dialog boxes headed "Connect to JCIFS... in DomainX". Regardless of detail
input, access was never granted.
We implemented (based on these archives):
Upgrading to JCIFS 1.2.9 (from 1.2.7)
Adding the machine to the Local Intranet Zone
Ensuring it was not in Trusted Sites
Preauthentication (Which I don't think I ever got working correctly)
Setting Hostname
Setting LM Compatibility=3 (Currently removed from web.xml)
Setting ssnLimit=1 (Currently removed from web.xml)
None of the above resolved the problem, but when we set soTimeout to 5000 we
were able to get many users connecting. Testing under load showed this to be
unreliable and resetting soTimeout to 500 helped - but now under further load
it is failing randomly. The same user may be able to move around pages and get
a failure on the 10th (or some random number) access.
Current web.xml is
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>xx.xx.xx.xxx</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>domainxxx</param-value>
</init-param>
<init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>9</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.soTimeout</param-name>
<param-value>500</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.username</param-name>
<param-value>service_account</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.password</param-name>
<param-value>xxxxxxxxxxx</param-value>
</init-param>
<init-param>
<param-name>jcifs.netbios.hostname</param-name>
<param-value>servername</param-value>
</init-param>
Current log entries show items like:
NtlmHttpFilter: domainxxx\UsernameX: 0xC000006D: jcifs.smb.SmbAuthException:
Logon failure: unknown user name or bad password.
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at jcifs.util.transport.Transport.readn(Transport.java:29)
at jcifs.smb.SmbTransport.peekKey(SmbTransport.java:351)
at jcifs.util.transport.Transport.loop(Transport.java:100)
at jcifs.util.transport.Transport.run(Transport.java:248)
at java.lang.Thread.run(Thread.java:534)
also:
NtlmHttpFilter: domainxxx\UsernameZ successfully authenticated against
0.0.0.0<00>/xx.xx.xx.xxx
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at jcifs.util.transport.Transport.readn(Transport.java:29)
at jcifs.smb.SmbTransport.peekKey(SmbTransport.java:351)
at jcifs.util.transport.Transport.loop(Transport.java:100)
at jcifs.util.transport.Transport.run(Transport.java:248)
at java.lang.Thread.run(Thread.java:534
I've tried setting LM_COMPATIBILITY=3 (and other values) to no avail. I've
also tried setting the ssnlimit to 1 and set up a valid logonshare and
attempted to use that.
If my reading of the documentation is correct, my config above should work and
should be preauthenticating. I get the same error (the network login popup)
regardless of what values I put in for preauth (e.g. I tried invalid
username/password and still get the same errors)
Can you suggest where I should start? I think I've tried every possible
combination, starting from the very basic, but am hopefully overlooking
something obvious. Is it worth sending a traffic capture or more log info?
Thanks in advance!
Paul
More information about the jcifs
mailing list