Hori Masato | 12 Jun 08:15 2006
Picon

monitoring UWC availability


Hi all,

  I want to monitor the availablity of UWC using website monitoring
tool.  Does anybody have experience with softwares like Empirex Onesight or
Mercury's products for this purpose?

Hori Masato
Network Service Department
Infrastructure Service Division

Sony Global Solutions Inc.

Sebastien THOMAS | 12 Jun 08:56 2006
Picon

Re: monitoring UWC availability


Le 12 juin 06 à 08:15, Hori Masato a écrit :

>
>
> Hi all,
>
>   I want to monitor the availablity of UWC using website monitoring
> tool.  Does anybody have experience with softwares like Empirex  
> Onesight or
> Mercury's products for this purpose?
>
> Hori Masato
> Network Service Department
> Infrastructure Service Division
>
> Sony Global Solutions Inc.

Hi,

We usualy use free software like cacti (nsmp) and nagio (network  
polling). Cacti have a beautyfull plug-ins for threshold alerting.
I never heard of the software you are talking about but I'll have a  
look.


sebastien thomas - sebastien.thomas <at> rtl.fr
tel : 01 40 70 40 91


(Continue reading)

Shane Hjorth | 12 Jun 09:12 2006
Picon

Re: MMP hardware SSL acceleration

Hi Chris,

I nuked everything and started from scratch. This time it worked :)

The basic steps I used are as follows:

# enable NSS information for 'msg' user (which MMP software runs as in
my configuration, yours may be different)

-bash-3.00$ pktool setpin
Create new passphrase:
Re-enter new passphrase:
Passphrase changed.
(need this password later for the sslpassword.conf file)

# Verify NCP (you may need to enable/modify the configuration if it
doesn't match this, refer to page 11 of blueprints doco :
http://www.sun.com/blueprints/0306/819-5782.html)

root <at> t1000:/# cryptoadm list -p

User-level providers:
=====================
/usr/lib/security/$ISA/pkcs11_kernel.so: all mechanisms are enabled.
random is enabled.
/usr/lib/security/$ISA/pkcs11_softtoken.so: all mechanisms are
enabled, except
CKM_SSL3_SHA1_MAC,CKM_SSL3_MD5_MAC,CKM_SSL3_MASTER_KEY_DERIVE_DH,CKM_SSL3_KEY_AND_MAC_DERIVE,CKM_SSL3_MASTER_KEY_DERIVE,CKM_SSL3_PRE_MASTER_KEY_GEN.
random is enabled.

(Continue reading)

tomvo | 12 Jun 10:19 2006
Picon

Re: monitoring UWC availability

Hi,

We have implemented this via nagios using a special perl module called 
webtest.
It allows you to simulate a login on a website and check for a certain 
string that must be returned after the login.

works like a charm.

Tom.

---------------------------------------------------------------------------
Tom Van Overbeke - ABSI Service Delivery Coordinator
email: tomvo@...
Tel: +32 2 333 40 00 - Fax: +32  2 333 40 60
website: http://www.absi.be
---------------------------------------------------------------------------

Hori Masato <masato.hori@...>
12/06/2006 08:15
Please respond to Info-iMS

        To:     iMS Mailing List <Info-iMS@...>
        cc: 
        Subject:        [Info-iMS] monitoring UWC availability

Hi all,

  I want to monitor the availablity of UWC using website monitoring
tool.  Does anybody have experience with softwares like Empirex Onesight 
(Continue reading)

Sebastien THOMAS | 12 Jun 10:34 2006
Picon

JES2005Q4 - UWC session timeout

Hi,

My users always complain of timeout on the webmail (UWC) on jes2005  
Q4 sparc. The error is a popup window (surely a javascript) qoying  
the session is expired and login again is needed.
We tried to dig out this problem, but can't be able to solve it for  
now. Here is what we found :

- some users are NAT translated with a pool of IP's that can change.  
So a user connecting with IP A may use IP B for the next request.
- some users connect through a web proxy so many connections comes  
from the same IP

We changed the NAT rules so users always come from the same IP's :
	some are translated (NAT) from their IP to a unique IP
	some use a proxy with a single IP (we have 2 proxies, so 2 IP's in  
fact)

So JES alway sees users coming from 3 IP's (a nat and 2 proxies).

The question is : is the session in AM defined by IP ?
May the problem be that too many users logs in from the same IP so,  
when the limit is reached, the latest session is destroyed ?
I'm not talink of number of session per user, bu number of session  
per IP.

This is only for webmail (UWC, calendar, addressbok). For imap.pop,  
there is a config parameter to solve this problem.

I really don't know where to look at....
(Continue reading)

Simon Mansbridge | 12 Jun 16:02 2006
Picon

RE: monitoring UWC availability

Hi,

We use HP's OVIS product which is an Internet Services monitor. We do
several probes. You can monitor a full web transaction or you can look at
actual mail transactions e.g Mail roundtrip.  So the Web transaction monitor
will measure UWC response time and availability. Then we use Mail roundtrip
to look at the system availability and response time.

Regards
 
Simon Mansbridge
 
Schlumberger 

Tel  : +44 1530 222936 (Office)
       : +44 7801 556572 (Mobile)



-----Original Message-----
From: Sebastien THOMAS [mailto:sebastien.thomas@...] 
Sent: Monday, June 12, 2006 7:56 AM
To: Info-iMS@...
Subject: Re: [Info-iMS] monitoring UWC availability



Le 12 juin 06 à 08:15, Hori Masato a écrit :

>
(Continue reading)

Jim | 12 Jun 16:34 2006
Picon
Picon

Re: JES2005Q4 - UWC session timeout

Sounds like the problem is the service.http.ipsecurity setting in 
configutil.  Setting this no should take care of the problem.  The only 
problem with doing that is that it makes the server less secure, since 
potentially someone could try using random SIDs to hijack your session.  
I currently have a customer whose security dept. is complaining about 
this.  Someone emailed a friend the URL from Webmail and that person was 
able to get into Webmail as that user.  The security dept. wants to know 
what I am going to do to change this behavior, but turning on IP 
security will break several sites that use proxy farms similar to the 
ones you describe.

Sebastien THOMAS wrote:
> Hi,
>
> My users always complain of timeout on the webmail (UWC) on jes2005 Q4 
> sparc. The error is a popup window (surely a javascript) qoying the 
> session is expired and login again is needed.
> We tried to dig out this problem, but can't be able to solve it for 
> now. Here is what we found :
>
> - some users are NAT translated with a pool of IP's that can change. 
> So a user connecting with IP A may use IP B for the next request.
> - some users connect through a web proxy so many connections comes 
> from the same IP
>
> We changed the NAT rules so users always come from the same IP's :
>     some are translated (NAT) from their IP to a unique IP
>     some use a proxy with a single IP (we have 2 proxies, so 2 IP's in 
> fact)
>
(Continue reading)

Sebastien THOMAS | 12 Jun 17:55 2006
Picon

Re: JES2005Q4 - UWC session timeout


Le 12 juin 06 à 16:34, Jim a écrit :

> Sounds like the problem is the service.http.ipsecurity setting in  
> configutil.  Setting this no should take care of the problem.  The  
> only problem with doing that is that it makes the server less  
> secure, since potentially someone could try using random SIDs to  
> hijack your session.  I currently have a customer whose security  
> dept. is complaining about this.  Someone emailed a friend the URL  
> from Webmail and that person was able to get into Webmail as that  
> user.  The security dept. wants to know what I am going to do to  
> change this behavior, but turning on IP security will break several  
> sites that use proxy farms similar to the ones you describe.

We are using front-end (MEM) and backend msg-store, so ip-security is  
already off. Looking deeper into it we found that many users having  
session timeout after few clicks are on a RTC line, and are  
connecting to the JES UWC frontend through 2 squid proxys....

Do you think this could be a problem ?
What can make a session timeout before the 2 houre based timeout I  
can see in amserver ?

Thanks


>
>
> Sebastien THOMAS wrote:
>> Hi,
(Continue reading)

Jim | 12 Jun 19:00 2006
Picon
Picon

Re: imquotacheck

Do you know when 118207-52 will be available?  The latest patch release 
that I can see is 118207-51.

Kelly Caudill wrote:
> It was intended behavior, but it has been changed.
>
> bug 6197144 imquotacheck should only list users via LDAP if the user 
> asks it to
> was fixed in 118207-52.
>
> With that fix, it will only list all users in LDAP if you use the new 
> -a switch.
>
> Kelly
>
>
> Jim wrote:
>> I just ran imquotacheck -i on a machine with 3 users on it.  After 20 
>> minutes it had not produced any output other than the column 
>> headers.  So I decided to truss the process and it looks like it is 
>> doing a lookup of everyone in the LDAP server, not just the ones that 
>> have a matching mailhost entry.  I run quotacheck -i on my 5.2 
>> systems, with 300,000 users on them, and get full output in about 10 
>> minutes.  Is this intended behavior?  If so please explain the 
>> reasoning behind getting all entries rather than just those on the 
>> machine.
>>
>> Version Info:
>>
>> Sun Java(tm) System Messaging Server 6.2-4.03 (built Sep 22 2005)
(Continue reading)

Jim | 12 Jun 19:27 2006
Picon
Picon

What does the -f do in reconstruct?

I know what the documentation says it does, but it does not appear to 
work like it should.  I had several accounts that were affected by this 
error:

5075042 reconstruct uses NNN.msg file date/time instead of received header

Several dates displayed in the message list used the date the message 
files were moved to the system rather than the date in the message 
headers.  The system was patched to 118207-51 and I ran a reconstruct -r 
-f  on the affected partition.  The dates still appeared to be 
incorrect.  When I deleted the store.idx files and then ran a 
reconstruct the message dates were corrected.  Why didn't reconstruct -r 
-f  fix the problem?  Is this a known issue?


Gmane