0 votes

Hi Adaxes team,

We have a second Adaxes server in Asia (main one in Europe) and replication is workgin fine. The problem is that using Web interfaces on this server is painfully slow compared to the first one, just like if it needs to contact his counterpart in Europe for each action. Is there something i can check ?

Thanks in advance

by (800 points)
0

Hello,

It looks like the Web Interface in Asia fails to connect to the nearest Adaxes service...

What version of Adaxes are you using? There was a known issue related to Adaxes service location, but the issue is fixed in the latest versions of Adaxes.

Are the Web Interface and Adaxes Service in Asia installed on the same computer?

Please have a look at the Adaxes Event Log on the computer where the Web Interface is installed. Are there any errors related to the issue?

0

Sorry for late reply.

Version : 3.3.8123.0
Web interface is colocated with Adaxes service
But you're right, there are some errors in eventlog !

When it times out :

Softerra.Adaxes.Web.Utils.LogMessageWrapperException: Failed to fetch the list of groups the user 'ap00sroux@ap.loi.net' belongs to. ---> System.Threading.ThreadAbortException: Thread was being aborted.
at Softerra.Adaxes.Web.Common.ManagedDomainCache.DetermineIfDefaultContextBindable(String domainName, String defaultNamingContext, IAdmService admService, NetworkCredential credential)
at Softerra.Adaxes.Web.Common.ManagedDomainCache.LoadCacheInfo(IHttpContext context)
at Softerra.Adaxes.Web.Common.ManagedDomainCache..ctor(IHttpContext httpContext)
at Softerra.Adaxes.Web.Authentication.ActiveDirectoryRoleProvider.UserDirectoryGroupFetcher..ctor(String username, List`1 roleContainer)
at Softerra.Adaxes.Web.Authentication.ActiveDirectoryRoleProvider.GetRolesForUser(String username)
--- End of inner exception stack trace ---

or

A server-side sponsor for client '1|APHKGRES02.ap.loi.net|APHKGRES02$@ap.loi.net|480|2' has expired. Sponsorship for its '1' registered CAOs will be discontinued.

I will dig it this ev a little bit more and post update if necessary

Thanks

0

Hello

Can you please connect to the Web Interface in Asia, perform an operation, and have a look in the Adaxes Log of the Adaxes service in Europe. Does the log contains a record for the operation?

0

No, the operation is well logged in Asia Adaxes server.

0

Hello,

It looks like the Adaxes service in Asia fails to find any available domain controllers located in Asia and connects to a DC located in Europe. Please make sure there is a DC in Asia that can be accessed by the Adaxes service.

0

We have on the same site a DC for the root domain and the Asia domain. We don't want local IT to manage other domains (for which we don't have DC on that site). What is the good setup then in Adaxes ? Because as we share the configuration, others domains appear in the list.

Thanks

1 Answer

0 votes
by (18.0k points)

I suggest you unregister all AD domains that you don't want to be managed from Asia only on the Adaxes service located in Asia, so that when a user connects to the Asian Adaxes service, he/she would be able to view only two domains (the root domain and the Asian domain).
Unregistering the domains that are not located in Asia may solve the performance issues because the Adaxes service will not try to perform queries in those domains.

Another option is to install a read-only domain controller in Asia.

0

Hello Stephen,

Ooh, that wasn't easy to find the reason, but I think we managed to.

Today or tomorrow we'll release a new update that'll hopefully fix the slowdowns in environments like yours.
I'll update this post as soon as the new build is available.

Note a strange thing : Adaxes can resolve SID/Guid to name (i can see all service administrators full name) if root domain is registered. If i unregister root domain, Adaxes only resolve local (Asian) account. I find it strange, because with Root domain registered it can resolve European account even if the Europe domain is not registered.

That was the key to find the problem.

0

Great to hear my long post was helpful :-)

Thanks a lot, i wait for the fix.

Regards

Stephen

0

Hello Stephen,

We've uploaded the new latest version.

Download URL
Upgrade Instructions

Please let me know whether the issue has gone. Thanks.

0

It seems to be far better ! I will give you an update next week, after few days of use.

Thanks

Stephen

0

Great!

Related questions

0 votes
1 answer

This is issue has been going on for awhile with worsening symptons. We opened up this ticket awhile back when it was just the web interface that wouldn't work and after ... to get to the bottom of this. Having a separate install is not a viable option.

asked Jul 1, 2021 by mark.it.admin (2.3k points)
0 votes
1 answer

We have multiple secondary domains that are being managed by Adaxes. Everything seems to be working except self service portal login. We tested with our other secondary domains and those ... other than sign failed. What else can I look at to figure this out?

asked Aug 21, 2020 by mark.it.admin (2.3k points)
0 votes
1 answer

I'm trying to set the adm-ManagedByList attribute on a few hundred groups via powershell, and found that it's only working for groups in our root domain, but fails for all ... is actually located ##'. Am I missing something here or is this a bug? Thanks Felix

asked Sep 19 by felix (150 points)
0 votes
1 answer

We are migrating away from on-premises AD toward cloud-only. Currently we are in a hybrid configuration with both on-premises AD and Azure AD. We are preparing to eliminate on-premise ... run Adaxes on a Azure vm server with only Azure AD an no on-premise AD.

asked Oct 6, 2023 by kevinleaverton (20 points)
0 votes
1 answer

I am unable to install adaxes web feature on win 2016 server core, because the installer complains of web-mgmt-console feature missing. why is web-mgmt-console necessary ... server core. ps./ some roles are missing too: NetFx4-AdvSrvs and IIS-ManagementConsole

asked Aug 20, 2018 by pyrowing (50 points)
3,536 questions
3,226 answers
8,218 comments
547,720 users