Support recommends reboot when deploying a Web Tier update in Authentication Manager 8.5 and later
Originally Published: 2021-09-09
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.5.0
Platform: Linux
Platform (Other): null
O/S Version: SUSE Linux 12
Product Name: null
Product Description: null
Issue
After several hours, the customer rebooted the Web Tier, at which point it started working correctly. The Web Tier Readme does not say a reboot is required.
The reboot cleared out effective file descriptor limits and set them back to a reasonable level, and that appears to be the difference that prevented the HTTP 404 errors to the Web Tier
Tasks
2. generate new web tier package
3. Install new version of Web Tier software using the Web Tier package
4. Reboot the Web Tier.
Step 4 is not in the Web Tier Readme or manuals. However, Technical Support has been advocating for a reboot to be added to the documentation as it is typically the first fix tried whenever a new Web Tier is not working correctly after update.
Resolution
* different
During Restart
Aug 13, 2021 12:41:25,655 AM CDT> ExecuteThread: '3' for queue:
<System has file descriptor limits of soft: 16,384, hard: 16,384
Aug 13, 2021 12:41:25,655 AM CDT> <Using effective file descriptor limit of: 16,384 open sockets and files.>
During Reboot
Aug 13, 2021 8:21:16,718 AM CDT> ExecuteThread: '2' for queue:
<Using effective file descriptor limit of: 4,096 open sockets and files.>
Aug 13, 2021 8:21:16,718 AM CDT> <Using effective file descriptor limit of: 4,096 open sockets and files.>
We know that under load testing conditions, much more file descriptors are opened which can result in stack issues. We also know that for years Support has been advocating that our documentation call for a reboot of a Web Tier after it is installed. The Reboot clears out all the file descriptors and starts with a fresh limit. This is the difference and this explains what we have seen.
Notes
===AdminServerWrapper.log===
Aug 13, 2021 12:41:24,846 AM CDT> <Network Configuration for Channel "AdminServer"
Listen Address :7030 (SSL)
Aug 13, 2021 12:41:24,855 AM CDT> <Network Configuration for Channel "VirtualHostChannel"
Listen Address https://:443
Public Address https://:443
* different Aug 13, 2021 12:41:25,655 AM CDT> ExecuteThread: '3' for queue:
<System has file descriptor limits of soft: 16,384, hard: 16,384
Aug 13, 2021 12:41:25,655 AM CDT> <Using effective file descriptor limit of: 16,384 open sockets and files.>
Aug 13, 2021 12:41:25,655 AM CDT> <PosixSocketMuxer was built on Apr 24 2007 16:05:00>
Aug 13, 2021 12:41:25,717 AM CDT> <Allocating 3 reader threads.>
<Native I/O enabled.>
Reboot including restart WT services
===AdminServerWrapper.log===
Aug 13, 2021 8:21:15,606 AM CDT> <Network Configuration for Channel "AdminServer"
Listen Address :7030 (SSL)
Aug 13, 2021 8:21:15,610 AM CDT> <Network Configuration for Channel "VirtualHostChannel"
Listen Address https://:443
Public Address https://:443
* different Aug 13, 2021 8:21:16,718 AM CDT> ExecuteThread: '2' for queue:
<Using effective file descriptor limit of: 4,096 open sockets and files.>
Aug 13, 2021 8:21:16,718 AM CDT> <Using effective file descriptor limit of: 4,096 open sockets and files.>
Aug 13, 2021 8:21:16,719 AM CDT> <PosixSocketMuxer was built on Apr 24 2007 16:05:00>
Aug 13, 2021 8:21:16,797 AM CDT> <Allocating 3 reader threads.>
<Native I/O enabled.>
Related Articles
How to address a customer request for Customer Support to perform RSA Web Threat Detection upgrade Number of Views How to turn on debug logging to troubleshoot AFX connectors in versions 7.0.0, 6.9.1 and 6.8.1 of RSA Identity Governance … Number of Views Why do I need to run the SFTP service with a specific user? Number of Views RSA Authentication Manager 8.x running on Hyper V enters maintenance mode. Failed to start file system check on /dev/dis..… Number of Views How to manually update the internal SHA-1 certificates used by earlier versions of Authentication Manager after upgrading … Number of Views
Trending Articles
RSA Authentication Manager Patch Updates RSA Authentication Manager 8.9 Release Notes (January 2026) Unification is failing at step 8 on "AVUSER.ROLE_MANAGEMENT_PKG", line 2469 in RSA Governance & Lifecycle How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device How to Update the Root (Server) and Client Certificates in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
