we have a peculiar problem in a BO 6.5 system we run for a customer.
In short, when users login to Webi they are directed to another user’s session.
Users are prompted for userid and password as usual, are logged in and shown another user’s session with full access to that user’s reports etc.
We are running a BO 6.5 system for a customer and have a setup with many thousand users spread all over the earth.
We have a number of centrally located Webi application servers (Solaris unix) that are not clustered.
We use a load balancer to distribute the load across the application servers, using the arrowpoint cookie method.
The authentication method used is the standard BO one.
It has been working fine for years, and then all of a sudden this starts to happen.
The problem for me as administrator is that I cannot recreate the problem. It does not happen to my userid, only users experience it.
When I login as a user with this problem it does not happen to me.
I have not been able to find any error messages in the BO system that could explain this problem.
I access the system using the same load balancer as the users, but my access path to the load balancer is different.
I access the loadbalancer through a firewall between our network and that of the customer.
The users come from all parts of the earth and they sit behind proxies on the customer’s private network.
The users access the system using Internet Explorer version 8.
It seems that a restart of the application servers did rectify the problem, at least for a period of time.
I am suspecting a problem with the proxy servers on the customer network.
I dont think problem lies with proxy server or on network side.
Did you tried scanning BO repository (especially Security Domain)? Also, try Updating ORB…as you mentioned issue resolves after restarting Application Server.
Also check if the issue occurs with users who belongs to particular Group/Region.
I did run a scan of the repository while I had the servers down and it did not dispaly anything unusual compared to previous scans. (we perform Scan and Repairs on a regular basis)
One thing is funny, though, as there were a few errors like:
“User has an invalid number of possible login attempts: 0
Table: OBJ_M_RESERVATION
Record: M_RSRV_N_ENTID=11761, M_RSRV_N_ENTTYPE=1, M_RSRV_N_SESSION=90, M_RSRV_N_ACTORID=1, M_RSRV_N_ENDTIME=0”
It is the M_RSRV_N_ENDTIME that is wrong.
However, this is not unusual in previous scans and had never led to this situation before. Also, I have verified that this condition does not create the error we have observed.
The reason I suspect network/proxy issues is that I cannot recreate the experience or users from my location, even when I use their login while they experience the problem. So it seems to be site related.
When all application servers close down the loadbalancer will clear its memory of exisitng session associations and application servers close all sessions and start from scratch. Therefore, even if a browser/proxy sends an http request with an old session cookie, it will in any case be non existing in the BO system. So I would assume a restart of the BO system would help even if the error is located outside of BO.
Table: OBJ_M_RESERVATION - It stores the information related to password validity and M_RSRV_N_ENDTIME field defines how many times a user is able to log in with an expired password. In your case, its 0.
Ohh…this is strange. :o
Yes, restarting of BO system should solve the purpose…but it will impact all logged in users.
Our installation is running on Unix (Solaris) and there is no “Update Orb” function as such, as I believe there is in the Windows setup.
Instead I can run the wconfigtool, that’s where you set the Orb parameters.
Unfortunately, in Unix I cannot run the wconfigtool while the application is running, I have to shut down the sytem to run it. A restart makes the system read the ORB parameters again anyway so no need to run wconfigtool, unless the parameter files had got corrupted. That does not appear to be the case.
I don’t know of any other way to update Orb in Unix.
Please let me know if you have another way of doing it.
