|Subject:||Win2k - max conn in time_wait|
|Posted by:||Kevin Joseph (kejose…@hotmail.com)|
|Date:||18 Sep 2004|
I have a Portal web site setup on a cluster of WebLogic servers (3 of
them) which authenticates using LDAP (port 389) against Win2k Active
Directory. There are five domain controllers on Win2k AD and I have
setup WebLogic security provider to round-robin against all of them.
We have around 10,000 users accessing this site. In the mornings, when
the peak is very high, we receive a lot of authorization failed error
messages for quite some users who hit the site. When this happens I
cannot even connect to port 389 on the domain controllers. On the
domain controllers, I see a lot of connection in TIME_WAIT (using
Problem is that the maximum connections in TIME_WAIT is always 1000,
it never crosses 1000. Is this a limit which can be bumped up ? I have
reduced the TIME_WAIT delay to 60 (from default of 240), but that
seems to have aggravated the problem if anything else (meaning I can
hit port 389 even less frequently).
NOTE : I have already read about ephemeral ports and it does not apply
in this context as the total number of connections is only around
If anyone has encountered this problem and knows a solution, please
let me know.