BP-2 Support’s Most Common Questions
-
Upload
alfresco-software -
Category
Technology
-
view
934 -
download
0
description
Transcript of BP-2 Support’s Most Common Questions
Alfresco Support Top Tips!Alfresco Customer Support Team • twitter: alfrescosupport
Support
Customer Services Focus
140 Hot Fixes
76 Service Pack Escala8ons
107 Informa8on Requests
Total 323 Escala8ons into Engineering (2%)
11,604 cases handled / 12,814 cases closed
Reduced days to resolve from 14 to 7 days
Created over 400 knowledge base ar8cles
Core Support Activity (Past Year)
Maintenance
Top Tips
• Authen8ca8on • Lucene • Java Founda8on API • Upgrade / Update • Clustering
Authentication What?
Passthru authentication stops working: ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1- using NTLMv2 logon, not valid with passthru authentication
Authentication What?
Passthru authentication stops working: ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1- using NTLMv2 logon, not valid with passthru authentication
1 2
1 Request Access 2 Challenge 3 Response 4 Challenge + Response 5 Authenticated 6 Response
Active Directory Server
Alfresco Server
3
6
NTLMv1 Authentication
Authentication What?
Passthru authentication stops working: ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1- using NTLMv2 logon, not valid with passthru authentication
Why? NTLMv2 prevents man in the middle attacks
1 2
1 Request Access 2 Challenge 3 Response 4 Challenge + Response 5 Authenticated 6 Response
Active Directory Server
Alfresco Server
3
6
NTLMv1 Authentication
✕
Authentication What?
Passthru authentication stops working: ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1- using NTLMv2 logon, not valid with passthru authentication
Why? NTLMv2 prevents man in the middle attacks
1 2
1 Request Access 2 Challenge 3 Response 4 Challenge + Response 5 Authenticated 6 Response
Active Directory Server
Alfresco Server
3
6
NTLMv1 Authentication
What’s the answer?
Downgrade workstations to NTLMv1 or Switch to Kerberos
✕
Authentication What?
Passthru authentication stops working: ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1- using NTLMv2 logon, not valid with passthru authentication
Why? NTLMv2 prevents man in the middle attacks
43
1
2
5
1 GET 2 AUTH required 3 Request Service Ticket 4 Return Service Ticket 5 GET + Service Ticket 6 Validate Ticket
Active Directory Server
Alfresco Server
Client Workstation
Kerberos Ticket Service Request 1 2
1 Request Access 2 Challenge 3 Response 4 Challenge + Response 5 Authenticated 6 Response
Active Directory Server
Alfresco Server
3
6
NTLMv1 Authentication
What’s the answer?
Downgrade workstations to NTLMv1 or Switch to Kerberos
✕
Authentication Top Tips
What? • Cannot configure CIFS with LDAP
Why? • CIFS needs the password stored as
an MD4 hash • LDAP does not normally store them
this way
What’s the answer? • Use a different subsystem such as
Passthru or Kerberos
What? • I have configured Kerberos, but It does
not work
Why? • One of the steps was missed
What’s the answer? • Kerberos configuration can be
complex. Follow the documented Kerberos setup steps EXACTLY, and make notes on each step.
• If you are still having issues, send Alfresco Support your notes
Lucene What? • Different users are getting different search
results with the same query
Why? • You may have different client and server
locales
What to do • Use the same analyzer for both searching
and indexing. • Choose a locale • Set the server locale to the correct value
either with an environment variable, or on the JAVA_OPTS command line
• Rename all the dataTypeAnalyzers_XX.properties files and configure dataTypeAnalyzers.properties to use the locale you have chosen
.
Alfresco Server
Alfresco Server
Lucene Performance Top Tips Check how many documents are in
each index folder - Recommended
- get the 'IndexInfo' file (workspace/SpacesStore/), copy out and pass the containing folder as an argument to org.alfresco.repo.search.impl.lucene.index.IndexInfo()
- MUST be done on a copy of the indexes DO NOT RUN ON THE LIVE SERVER
- Alternative - Switch on debug for
org.alfresco.repo.search.impl.lucene.index.IndexInfo()
- A lot of debug will be produced and be difficult to read/may affect performance
- If the smallest folder has very large number of documents, consider performance tuning parameters
Index performance tuning parameter lucene.indexer.mergerTargetIndexCount=5
• Target for the number of indexes after merging. Try settings between 5 and 15
• Contact Support for further parameters to try
Local indexes • Ensure that the Lucene indexes are
local to the Alfresco server. • A SAN/NFS mounted Lucene index
folder, even with slight latency can be detrimental to performance.
Disk space • Lucene needs a minimum of twice as
much disk space as the current size of the indexes for the indexes to be able to merge.
Search Top Tips What? • Different number of results from
performing the search repeatedly
Why? • Caused by a timeout being exceeded
when permission checking the results set. Caching means that subsequent searches return more results
What’s the answer? • Override alfresco-global.properties file:
maxPermissionCheckTimeMillis=60000
(Limits the time permission checking) maxPermissionChecks=10000 (Limits # of files permission checked)
Remember • It will increase time for users to search
What? • Memory errors when re-building the
index
Why? • JVM memory needs optimization
or • Move the work to the file system
What’s the answer? • lucene.indexer.maxDocsForInMemoryMerge=0
• This will move all the work onto the file system meaning no memory is consumed. The drawback is that the indexing will be a bit slower.
• Remember to change it back when the re-index is done
Java Foundation API!What? • Index directories continually grow.
Why? • The most likely cause is leaving lucene results sets open, which can lead to disk
space and memory leak issues.
What’s the answer? Explicitly close the ResultSet object in a finally block
Example: try { resultSet = <searchquerything>; //do something with the ResultSet } catch (Exception e) { //do something with the exception } finally { if (resultSet != null) { resultSet.close(); } }
Java Foundation API!RunAsWork<String> getUsernameRunAsWork =
new RunAsWork<String>() { public String doWork() throws
Exception { return
retryingTransactionHelper.doInTransaction(<do something>, false);
} }; String username =
AuthenticationUtil.runAs(getUsernameRunAsWork, AuthenticationUtil.SYSTEM_USER_NAME);
What? • Transaction or security exceptions
Why • Not using Alfresco helper beans
What is the answer? • Use the transaction helper and runAs pattern • Guarantees security context
Benefits • Retries if system is under load • Manages long lasting transactions and throws
TooBusyException if busy • Ensures there is a transaction by propagating
the existing one or creating a new one • Easily re-usable code block • No transactional status maintenance
Java Foundation API What? • Services exceptions
Why? • Lower case service bean names are
“POJO” (Plain Old Java Object). Ensure that services are managed <property name="searchService" ref="searchService"/>
What is the answer? • Use upper case bean names. Method
calls will go through the “Spring” interceptor layers and be managed. <property name="searchService" ref="SearchService"/>
Transaction management in webscript • If your webscript is read only then
declare it: <transaction allow="readonly" >...</transaction>.
• This is more efficient in terms of caching because Alfresco core can take advantage of the information for cache management.
Packaging Customizations • Back end (Alfresco) customisation
should be packaged as an Alfresco module.
• Share customizations should be packaged as a jar file.
• Recommendation is to keep Alfresco core code and customization separated.
• Keeping code separate will help when upgrading.
Good to know!
Upgrades!What? • Upgrades between minor versions are
complex and time-consuming
What is the answer? • If you are on a version earlier than 3.1
(especially 1.x or 2.x) it’s worth another upgrade • No new features in service packs • No schema changes, unless there is no
other way to fix the issue • Thorough upgrade testing by both QA and
Support on donated customer data
Clustering!What? • Inconsistent search results when
accessing different nodes on a cluster
What’s the answer? • Use version 3.4.5 or later for cluster
environments to improve performance and ensure consistency
Questions ?
Thank you for your time
“We Work Well With Others”!