[LON-CAPA-admin] lonbalancer

Guy Albertelli II guy at albertelli.com
Fri Jun 1 01:37:16 EDT 2007 

Hi Hon-Kie,

> In the past few days, I have complaints that students were able to 
> login to the lonbalancer server but got stuck on the "switch server" 
> page. Checking the lonnet.log file, there are lots of entries for a 
> given user showing something like this
> 
> Wed May 30 13:50:24 2007 (27873): SSO authorized user bmp06d
> Wed May 30 13:50:24 2007 (27873): Flushing log buffers
> Wed May 30 13:50:25 2007 (27869): SSO authorized user bmp06d
> Wed May 30 13:50:25 2007 (27869): Flushing log buffers
> Wed May 30 13:50:26 2007 (27868): SSO authorized user bmp06d
> Wed May 30 13:50:26 2007 (27868): Flushing log buffers
> Wed May 30 13:50:27 2007 (27872): SSO authorized user bmp06d
> Wed May 30 13:50:27 2007 (27872): Flushing log buffers
> Wed May 30 13:50:29 2007 (27873): SSO authorized user bmp06d
> Wed May 30 13:50:29 2007 (27873): Flushing log buffers
> Wed May 30 13:50:31 2007 (27869): SSO authorized user bmp06d
> Wed May 30 13:50:31 2007 (27869): Flushing log buffers
> 
> The user activity file shows that at the same time the lonbalancer is 
> trying to hand the session over to another server but that server is 
> not accepting the service - as far as I can tell. (See sample entries 
> below from the activity file.)
> 
> Wed May 30, 2007 13:50:24 - 1180547424:fsua0:Switch Server to fsua1 
> with role  128.186.24.44
> Wed May 30, 2007 13:50:25 - 1180547425:fsua0:Switch Server to fsua1 
> with role  128.186.24.44
> Wed May 30, 2007 13:50:26 - 1180547426:fsua0:Switch Server to fsua1 
> with role  128.186.24.44
> Wed May 30, 2007 13:50:27 - 1180547427:fsua0:Switch Server to fsua1 
> with role  128.186.24.44
> Wed May 30, 2007 13:50:31 - 1180547431:fsua0:Switch Server to fsua1 
> with role  128.186.24.44

That's weird. My guess is something malconfigured in some way.

switchserver doen't have a retry mechanism behind it. All it does it
send through lonc/d the neccessary login credentials and gets back a
token for those credentials. Switchserver then generates a redirect
webpage to the switched to host. Which should see the token check the
intrenally stored credentials and log the user in.

Hmmm, looking at your setup I guess if the credentials fails in some
way so the user can't actaully get logged into the new server, they
should end up at the lon-capa login screen (migrateuser redirects to
/adm/login on failure)

Can you track down more info from the logs releated to the above
event.

What machines did they visit and what URLs on those machines.

Did they really get sent to loncapa1.fsu.edu which somehow bounced
them back in some way?


> Any idea how to solve this? 

I'm not sure what's failing yet so no idea yet....

> I removed fsua1 from the spare.tab and 
> restart loncontrol but I think it is httpd that I need to restart.

Yes. restart the webserver.

> Is there a way for lonbalancer to hand the session to a third server
> after say, 3 unsuccessful tries?

Shouldn't ever be more than 1 try...

-- 
guy at albertelli.com   0-7-0-9-27,137

More information about the LON-CAPA-admin mailing list