[jcifs] Performance Issue with jcifs and NetApp

Michael B Allen ioplex at gmail.com
Thu Jun 20 22:11:36 MDT 2013 

Hi Torsten,

If DFS is not disabled, JCIFS will try to locate and communicate with
a domain controller to retrieve DFS root information. Generally, you
should NOT use NetBIOS domain names (the short one label names).
Always use fully qualified DNS domain names wherever possible and
things will work a lot better.

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/

On Tue, Jun 11, 2013 at 9:06 AM, Torsten Uhr <torsten.uhr at sql-ag.de> wrote:
> Hi all,
>
> meanwhile I have digged into jcifs sources and found two solutions for our problem.
>
> 1st option:
> If we change the resolve order to
> jcifs.resolveOrder=LMHOSTS,BCAST,DNS
>
> than the NetBIOS broadcast resolves the domain successfully and DNS is not used. Therefore the DNS suffixes are not used to find an address for the domain.
>
> 2nd option:
> If we leave the properties unchanged and use the fully qualified domain name the user is authenticated to, DNS can resolve the address of the domain an everything works as fast as expected.
>
> Thank You for Your help.
>
> With best regards
>
> Torsten Uhr
> Leiter Entwicklung TransConnect®
>
> Email: torsten.uhr at sql-ag.de
> Web  : www.transconnect-online.de
> ·······················································
> SQL Projekt AG
> Franklinstr. 25 a
> 01069 Dresden
>
> Aufsichtsratsvorsitzender: Franz-Josef Günther
> Vorstand: Jürgen Bittner (Vorsitzender), André Engelhorn, Jens Gärtner
> Handelsregister: HRB 28128 Amtsgericht Dresden
>
> Telefon: (0351) 87619-0
> Telefax: (0351) 87619-99
> http://www.sql-ag.de
> ·······················································
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
> Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail oder Inhalte ist nicht gestattet.
>
> This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail.
> Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
>
>  SAVE PAPER - THINK BEFORE YOU PRINT
>
>
> -----Ursprüngliche Nachricht-----
> Von: Michael B Allen [mailto:ioplex at gmail.com]
> Gesendet: Freitag, 7. Juni 2013 19:30
> An: Torsten Uhr
> Betreff: Re: [jcifs] Performance Issue with jcifs and NetApp
>
> Hi Torsten,
>
> Please send all questions to the JCIFS mailing list.
>
> Thanks,
> Mike
>
> On Fri, Jun 7, 2013 at 4:24 AM, Torsten Uhr <torsten.uhr at sql-ag.de> wrote:
>> Hi Michael,
>>
>> our customer has used the ListFiles class to do some test again. May be this can be made the situation more clearly.
>>
>> The conclusion is:
>> - no properties are set
>> - the target server name ist 'target.customer.de'
>> - the domain used to authenticate the user is 'VGM'
>> - in the resolv.conf (DNS-Serverlist) are two entries: 1st is 'customer.de' and 2nd is 'government.de'
>>
>> - first a name lookup for 'target.customer.de' is done and the expected result '172.30.40.62' is returned
>> - than jcifs is building from the (login-) domain a hostname 'VGM.customer.de' and tries to get the address via DNS lookup, which results in 'No such name'
>> - than jcifs is building from the (login-) domain a hostname 'VGM.government.de' and tries to get the address via DNS lookup, because such a server exists (coincidentally) it results in an IP address '193.30.60.233' but that server is not reachable
>>
>> Running the test again using an (not existent) domain name of 'VGM2' has proved the description above.
>> Unfortunately, disabling DFS is not an option for our customer, because they have more SMB servers with a DFS we have to connect to also in the same Java application.
>>
>> The question for me is: Why jcifs is looking for addresses of name servers prefixed by the login domain after the target server was resolved successfully?
>>
>>
>> With best regards
>>
>> Torsten Uhr
>> Leiter Entwicklung TransConnect®
>>
>> Email: torsten.uhr at sql-ag.de
>> Web  : www.transconnect-online.de
>> ·······················································
>> SQL Projekt AG
>> Franklinstr. 25 a
>> 01069 Dresden
>>
>> Aufsichtsratsvorsitzender: Franz-Josef Günther
>> Vorstand: Jürgen Bittner (Vorsitzender), André Engelhorn, Jens Gärtner
>> Handelsregister: HRB 28128 Amtsgericht Dresden
>>
>> Telefon: (0351) 87619-0
>> Telefax: (0351) 87619-99
>> http://www.sql-ag.de
>> ·······················································
>>
>> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen.
>> Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail oder Inhalte ist nicht gestattet.
>>
>> This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail.
>> Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
>>
>>  SAVE PAPER - THINK BEFORE YOU PRINT
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Michael B Allen [mailto:ioplex at gmail.com]
>> Gesendet: Donnerstag, 6. Juni 2013 02:22
>> An: Torsten Uhr
>> Cc: jcifs at samba.org
>> Betreff: Re: [jcifs] Performance Issue with jcifs and NetApp
>>
>> Copying jcifs list again for posterity ...
>>
>> On Wed, Jun 5, 2013 at 4:13 AM, Torsten Uhr <torsten.uhr at sql-ag.de> wrote:
>>>
>>> Hi Michael,
>>>
>>>
>>>
>>> because we have more customers using jcfis we want to find out whats the origin problem is. Therefore I have please our customer to run the test only with logging again. Here are the display results.
>>>
>>>
>>>
>>> Reminder:
>>>
>>> ->aaa.aa.aa.aa is the SMB the client is connecting to.
>>>
>>> > bbb.bb.bb.bbb is very suspicious! This is a remote (not responding host) The domain, the SMB user is authenticating to is 'VGM'. This is similar to the domain of the dead host. But this is only random! This host is not configured in the client.
>>>
>>
>> Hi Torsten,
>>
>> In the stack trace below we can clearly see JCIFS is trying and
>> failing to do something DFS related. If the host is "not configured"
>> to access domain VGM as described by your customer above, then there
>> will simply be no way for JCIFS to get a list of DFS roots. Meaning
>> DFS functionality will simply not be possible. But that also means the
>> server probably isn't using DFS anyway. In any case, you should just
>> disable it with:
>>
>>   jcifs.smb.client.dfs.disabled=true
>>
>> Arguably JCIFS should be more graceful about handling this condition
>> like having a separate shorter timeout. But currently it looks like
>> this error is triggered with each request which is of course
>> completely illogical and renders the client useless. So DFS in JCIFS
>> only really works in a proper DFS environment. Otherwise, it must be
>> disabled.
>>
>> So if you just set that one property to disable DFS and use proper
>> fully qualified DNS hostnames, JCIFS it should be fast and fully
>> functional.
>>
>> Mike

More information about the jCIFS mailing list