ScorpionSting Absent Member.
Absent Member.
1098 views

9.1.2?

So, v9.1.2 got released yesterday, but still no idea what was fixed as TID7016794 still hasn't been updated.

Anyone with ideas as to what is included?

Visit my Website for links to Cool Solution articles.
Labels (1)
0 Likes
11 Replies
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

Readme from dl.netiq.com says the Release notes are here:
https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html#t47exhdxra7e

Whats new, and deprecations are listed.

New Linux installer, support for SLES15, bug fixes.
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: 9.1.2?

geoffc;2491992 wrote:
Readme from dl.netiq.com says the Release notes are here:
https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html#t47exhdxra7e

Whats new, and deprecations are listed.

New Linux installer, support for SLES15, bug fixes.


Thanks Geoff....wish they'd stop flip flopping as to where information is kept....download readme also says to refer to TID, not doc readme... :confused:

Visit my Website for links to Cool Solution articles.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

On 12/5/2018 3:46 PM, ScorpionSting wrote:
>
> geoffc;2491992 Wrote:
>> Readme from dl.netiq.com says the Release notes are here:
>> https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html#t47exhdxra7e
>>
>> Whats new, and deprecations are listed.
>>
>> New Linux installer, support for SLES15, bug fixes.

>
> Thanks Geoff....wish they'd stop flip flopping as to where information
> is kept....download readme also says to refer to TID, not doc readme...
> :confused:


I completely agree with you!

0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

geoffc wrote:

>
> Readme from dl.netiq.com says the Release notes are here:
>

https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html#t47exhdxra7e
>
> Whats new, and deprecations are listed.
>
> New Linux installer, support for SLES15, bug fixes.


Very important fix for IDM environments with dynamic groups that control role
membership - note you must opt-in.
I that quite a few customers have seen this behaviour. (especially on Windows)

"eDirectory Exhausts All Ephemeral Ports when Configured with Large Number of
Dynamic Groups"

--
If you find this post helpful, and are viewing this using the web, please show
your appreciation by clicking on the star below
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

On 12/6/2018 3:21 AM, Alex McHugh wrote:
> geoffc wrote:
>
>>
>> Readme from dl.netiq.com says the Release notes are here:
>>

> https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html#t47exhdxra7e
>>
>> Whats new, and deprecations are listed.
>>
>> New Linux installer, support for SLES15, bug fixes.

>
> Very important fix for IDM environments with dynamic groups that control role
> membership - note you must opt-in.
> I that quite a few customers have seen this behaviour. (especially on Windows)
>
> "eDirectory Exhausts All Ephemeral Ports when Configured with Large Number of
> Dynamic Groups"


What did you think about the deprecating of Nested dynamic groups?

0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
> On 12/6/2018 3:21 AM, Alex McHugh wrote:
>
> What did you think about the deprecating of Nested dynamic groups?
>


Never used them. Won’t miss them.
Nested groups have always felt a bit half baked in eDir, so I avoid them
where possible.

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

alexmchugh;2492087 wrote:
Geoffrey Carman <geoffreycarmanNOSPAM@NOSPAMgmail.com> wrote:
> On 12/6/2018 3:21 AM, Alex McHugh wrote:
>
> What did you think about the deprecating of Nested dynamic groups?
>


Never used them. Won’t miss them.
Nested groups have always felt a bit half baked in eDir, so I avoid them
where possible.


Me either, which is why I was asking.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

On 2018-12-06 09:21, Alex McHugh wrote:
> geoffc wrote:
>
>>
>> Readme from dl.netiq.com says the Release notes are here:
>>

> https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html#t47exhdxra7e
>>
>> Whats new, and deprecations are listed.
>>
>> New Linux installer, support for SLES15, bug fixes.

>
> Very important fix for IDM environments with dynamic groups that control role
> membership - note you must opt-in.
> I that quite a few customers have seen this behaviour. (especially on Windows)
>
> "eDirectory Exhausts All Ephemeral Ports when Configured with Large Number of
> Dynamic Groups"
>

What kind of problems does the exhaustion of ports create? How do I know
that I have that problem or not?

If it is a problem why have a flag at all? Why just not fix it by
default? There has to be a downside to it if it's not fixed by default
is what I'm thinking.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

alekz <alekz@no-mx.forums.microfocus.com> wrote:
> On 2018-12-06 09:21, Alex McHugh wrote:
> What kind of problems does the exhaustion of ports create? How do I know
> that I have that problem or not?
>


Check with netstat and count how many ports are in TIME_WAIT state. If you
see a trend that these peak well over 10k (Windows) 30k (Linux) you might
have the issue.

On Windows, there will be an event log that pops up (not always though)
warning that it has started forcibly recycling ports due to exhaustion.

Event ID 4231 is the event to look for if I recall correctly.

If you are using IDM and Roles and Resource driver with dynamic groups ,
don’t set the dynamic groups refresh rate lower than 10-15 mins (anything
below 9 minutes is pretty much a recipe for disaster).

> If it is a problem why have a flag at all? Why just not fix it by
> default? There has to be a downside to it if it's not fixed by default
> is what I'm thinking.
>


It is a substantial change to the way connections are allocated. They pool
(reuse) network connections on the edir side. The first few approaches to
fixing this introduced performance issues. So I guess that is why they are
adopting the opt-in approach.

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

Alex McHugh wrote:

> alekz <alekz@no-mx.forums.microfocus.com> wrote:
> > On 2018-12-06 09:21, Alex McHugh wrote:
> > What kind of problems does the exhaustion of ports create? How do I know
> > that I have that problem or not?
> >

>
> Check with netstat and count how many ports are in TIME_WAIT state. If you
> see a trend that these peak well over 10k (Windows) 30k (Linux) you might
> have the issue.
>
> On Windows, there will be an event log that pops up (not always though)
> warning that it has started forcibly recycling ports due to exhaustion.
>
> Event ID 4231 is the event to look for if I recall correctly.
>


Actually just checked my notes, it is event ID 4227 (in the system log) that
hinted at this problem.

On windows - you can see how large a range is allocated for dynamic ports on
your windows system via this command
netsh int ipv4 show dynamicport tcp

On your eDir box, you should compare the number of established and waiting to
close ports connecting to port 524.

If you observe these numbers occasionally peak at a combined total that
approaches the dynamic port range, then you might see the problem.

--
If you find this post helpful, and are viewing this using the web, please show
your appreciation by clicking on the star below
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: 9.1.2?

On 2018-12-08 12:48, Alex McHugh wrote:
> Alex McHugh wrote:
>
>> alekz <alekz@no-mx.forums.microfocus.com> wrote:
>>> On 2018-12-06 09:21, Alex McHugh wrote:
>>> What kind of problems does the exhaustion of ports create? How do I know
>>> that I have that problem or not?
>>>

>>
>> Check with netstat and count how many ports are in TIME_WAIT state. If you
>> see a trend that these peak well over 10k (Windows) 30k (Linux) you might
>> have the issue.
>>
>> On Windows, there will be an event log that pops up (not always though)
>> warning that it has started forcibly recycling ports due to exhaustion.
>>
>> Event ID 4231 is the event to look for if I recall correctly.
>>

>
> Actually just checked my notes, it is event ID 4227 (in the system log) that
> hinted at this problem.
>
> On windows - you can see how large a range is allocated for dynamic ports on
> your windows system via this command
> netsh int ipv4 show dynamicport tcp
>
> On your eDir box, you should compare the number of established and waiting to
> close ports connecting to port 524.
>
> If you observe these numbers occasionally peak at a combined total that
> approaches the dynamic port range, then you might see the problem.
>

Thanks Alex, that's the sort of information that should be in the
release notes!

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.