Win2k - max conn in time_wait

Giganews Newsgroups
Subject: Win2k - max conn in time_wait
Posted by:  Kevin Joseph (kejose…@hotmail.com)
Date: 18 Sep 2004

I have a Portal web site setup on a cluster of WebLogic servers (3 of
them) which authenticates using LDAP (port 389) against Win2k Active
Directory. There are five domain controllers on Win2k AD and I have
setup  WebLogic security provider to round-robin against all of them.
We have around 10,000 users accessing this site. In the mornings, when
the peak is very high, we receive a lot of authorization failed error
messages for quite some users who hit the site. When this happens I
cannot even connect to port 389 on the domain controllers. On the
domain controllers, I see a lot of connection in TIME_WAIT (using
netstat).

Problem is that the maximum connections in TIME_WAIT is always 1000,
it never crosses 1000. Is this a limit which can be bumped up ? I have
reduced the TIME_WAIT delay to 60 (from default of 240), but that
seems to have aggravated the problem if anything else (meaning I can
hit port 389 even less frequently).

NOTE : I have already read about ephemeral ports and it does not apply
in this context as the total number of connections is only around
1500/1700.

If anyone has encountered this problem and knows a solution, please
let me know.

Kevin.

Replies