Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 302 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
NST refuse new connetions, active one works
Phenno
Member Posts: 630
Hello all.
We have a problem for which I cannot find the cause...
From time to time (quite often) we have a situation where NAV2013 R2 clients could not login to NAV while active connections on that tier are working ok. This is going on until NST is restarted. In period when clients could not create new connections there is no error events in event viewer except large number of information events on Security, event id 5152, WFP blocked packet on port 7046.
I've search on this event id and found that it is a part of windows filtering platform where Windows blocks packet to certain port even if that port is opened in firewall (or firewall down) for a reason that no service is listening on that port, thus preventing port scanning (this is called windows stealth mode, working separately of windows firewall). Since existing NAV connections are working properly, I can say that port 7046 has a listening service so I'm stuck, why would windows block this packet if port is opened and service is working.
I have checked Max concurrent calls and Max Concurrent connections setup on NST and it is set way beyond number of users.
Windows 2012 R2
NAV 2013 R2 with CU 10
Three instances in use, one client and two NAS.
No separate AV installed.
This happens from time to time, but usually when there's a lot of users already connected (50+).
Does anyone has idea what could be the cause for this to happen?
We have a problem for which I cannot find the cause...
From time to time (quite often) we have a situation where NAV2013 R2 clients could not login to NAV while active connections on that tier are working ok. This is going on until NST is restarted. In period when clients could not create new connections there is no error events in event viewer except large number of information events on Security, event id 5152, WFP blocked packet on port 7046.
I've search on this event id and found that it is a part of windows filtering platform where Windows blocks packet to certain port even if that port is opened in firewall (or firewall down) for a reason that no service is listening on that port, thus preventing port scanning (this is called windows stealth mode, working separately of windows firewall). Since existing NAV connections are working properly, I can say that port 7046 has a listening service so I'm stuck, why would windows block this packet if port is opened and service is working.
I have checked Max concurrent calls and Max Concurrent connections setup on NST and it is set way beyond number of users.
Windows 2012 R2
NAV 2013 R2 with CU 10
Three instances in use, one client and two NAS.
No separate AV installed.
This happens from time to time, but usually when there's a lot of users already connected (50+).
Does anyone has idea what could be the cause for this to happen?
0
Comments
I've doublechecked max concurent calls (150), max connections (150), but what about other settings such as:
- Operation timeout (MaxValue),
- Idle Client Timeout (1h),
- Reconnect period (10min),
- SQL command timeout (30min),
- Max orphaned connections (20)
When users cannot connect to the NAV Server Service what error message do they get ?
If the error message is permission related then something is not right with AD.
if the error message is network related then something is wrong on the network level.
Thanks,
This is is definitely a network issue. It is not NAV but windows server related.
You can try to change WFP in the Active directory policies.
The Administrator of the system should be able to help you with this issue.
This KB may also be helpful
http://support.microsoft.com/kb/2654852
Installing the latest SP may be an option too.
I hope this helps.
Thanks.
As for network, when server is refusing new connections, I cannot make connection from local client too, and in that case I do not see logged event from WFP (or maybe I missed it).
Does local connextion to server goes through WFP?
Check the used account in servicetier. Probably has the password experied.
//Christer
Christer in Stockholm, Sweden
This occurs from time to time and is solvable by simple restart of service tier so I do not think that it is caused by wrong service credentials.
I think WFP check all connection regardless whether it is localhsot or full IP.
Did you try to disable WPF with group policy in Active directory ?
Thanks.
I'm testing changed setup on max calls and connections parameters to MaxValue. Still getting wpf notifications occasionally, which are caused by poor network imho, but that's OK. I'm now waiting if it will block completely again...
I'm open to any new diagnostic idea...
There is a difference, though, I did not see 5152 events this time.
Checked firewall, it is OK.
Checked connection from local client, netstat says established (hence not a network problem).
Started second backup instance, connected normally to it, meaning nav and sql are communicating.
Allowed connections set to maxvslue, allowed calls to max value, timeout set to one hour, orphaned connections to max value.
Anyone had similar experience?
well, just the point to think about - I saw something similar with N2009 classic. After some time the SQL server started to refuse new connections, while active users were allowed to work.
As I remember, there was a bug in NAS - there was an old testing NAS service with wrong credentials, which was only stopped (not disabled). After some time, they restarted the server and this service attempted to logg-in. But thru this bug, each unsuccessful attempt consumed 1 CAL - and after some time, it consumed everything, just the restart of SQL always helped ...
xStepa
Though, there are differences with NAV2013, NAS sessions are of type background and AFAIK not counted in licence. Furthermore, wouldn't I get License error in that case? I'm receiving only NAV could not establish connection to server.
But I would probably need to inspect Active Session table, which is, to my knowledge, used for session count) at that moment of service deny, maybe there is some licence issue involved...
I've checked cumulative updates for R2, nothing much with similar subject.
I,ve checked performance counters, nothing suspicious.
I've checked SQL stats for blocked processes or similar, nothing suspicious over there.
Quest continues...
How does NAV check for licenses?
Could it be something with DD for LS retail which is installed and working on the same server?
Did you ever get to the bottom of the issue? I will try and remember to update this thread if we do!
I've never found a solution for these but it is occurring rarely, lately. My conclusion was that it was due to network instability between clients and server, causing sessions to hangout, or something like that.
I'm currently investigating an issue related to the session event table auto cleanup. Once every 3 month (default NST value SessionEventTableRetainPeriod) the NST starts a cleanup function to remove all records from the Session Event table older than 3 month. Somehow at some customers environments multiple NST's start the cleanup task at the same time. Causing locking issues on the Session Event table. What causes that, you can guess it by now, new NAV sessions cannot be created.
I've a call open at Microsoft for this. If you have a familiar issue I will let you know the progress on this.
Edit: Since you're using only 3 NST's and around the 50 users this might not be the issue.
Though I should definitively check for long lasting queries too...
when it 'goes down' existing connections are fine. Most users cannot make new connections, but some (apparently) can.
Restarting the service or server (either), temp resolves the problem.
have anyone found the solution for this problem ?
I have the same situation with NAV2013R2 on Windows Server 2012R2.
Two Services in one Database, and twice a day one specific service needs to be restarted to let users log in again to NAV.
Dynamics NAV, MS SQL Server, Wherescape RED;
PRINCE2 Practitioner - License GR657010572SG
GDPR Certified Data Protection Officer - PECB License DPCDPO1025070-2018-03
In my case, they're in the same machine and there are plenty of free memory less than 50% usage
In the cases where we've found a root cause it was related to a high load on the NST by either the quantity of users/sessions or by an application (read: NAV platform or external app) misbehaving causing a high load on the NST and/or SQL.
Few tips that could help: