0 votes

we are establishing a sync with our legacy intranet database and appear to have hit a limit with the API for adaxes...is this a soft threshold that we can adjust? also seems to kill connections to the AD server from the adaxes box

the errors are attached

Could not acquire a connection for 'bridgepoint.local'. 3 attempts have been made. Connection pool is full.
Below is the connection pool items dump:
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:27 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:26 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:26 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 10:52:54 AM; Client: AdmReferralCallback.QueryForConnection
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 10:52:54 AM; Client: AdmReferralCallback.QueryForConnection
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:09:56 AM; Client: AdmReferralCallback.QueryForConnection
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:25 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:01 AM; Client: AdmReferralCallback.QueryForConnection
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:25 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:25 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:09:59 AM; Client: AdmReferralCallback.QueryForConnection
Direct
Could not acquire a connection for 'bridgepoint.local'. 3 attempts have been made. Connection pool is full.
Below is the connection pool items dump:
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:27 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:26 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:26 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 10:52:54 AM; Client: AdmReferralCallback.QueryForConnection
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 10:52:54 AM; Client: AdmReferralCallback.QueryForConnection
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:09:56 AM; Client: AdmReferralCallback.QueryForConnection
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:25 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:01 AM; Client: AdmReferralCallback.QueryForConnection
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:25 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:10:25 AM; Client: #9f.#Fg
Directory: BPECA01-DC06.bridgepoint.local; Busy: True; Last access: 2/12/2014 11:09:59 AM; Client: AdmReferralCallback.QueryForConnection
Direct

by (490 points)
0

Hello,

It looks like you don't close connections to your database properly. Do you dispose of them in your code? By the way, what kind of a database are you using?

0

This is not an issue with a connection to a database, it is an issue with the LDAP connection pool. We are getting the following exception:
Softerra.Adaxes.Directory.LdapConnectionPoolFullException

We are running approximately 1000 requests to Adaxes in approximately 2 seconds. What we are trying to find out is, is there a way to increase the size of the LDAPConnectionPool or is there a known limit to the number of inbound requests to Adaxes?

0
0

Hello,

Actually, the Softerra.Adaxes.Directory.LdapConnectionPoolFullException means that somehow you don't release open connections to your AD correctly. Most probably you perform ADSI searches in your AD, and search handles are not disposed of correctly. If searches occurs quite often, earlier or later you'll hit the connections limit for the LDAP connection pool. Could you post here or send us (to support[at]adaxes.com) the script that you use so that we could troubleshoot the issue. It is really hard to say without the actual code.

0

Hello,
I was able to resolve the problem by throttling my service significantly and increasing the maximum number of connections to Active Directory. You are probably correct that we are not disposing of the connections properly though. Does the IAdmNamespace or IAdmService implement IDisposable so I can wrap them in a using statement?

0

Hello,

As for the IAdmNamespace and IAdmService interfaces, they don't need to be disposed of explicitly, thus they don't implement IDisposable. Also, they can't be a reason for reaching the connections limit.

The first thing that you should look at is searches. Do you perform any searches in Active Directory? If so, how do you perform the searches?

By the way, what version of Adaxes are you using?

0

We are using 3.6.9925.0. I emailed you our implementation code as well. Thanks for taking a look.

1 Answer

0 votes
by (216k points)

Hello,

We've taken a look at your code, and it looks OK, we didn't find any potential issues with it. The cause for your issue may be in the way how you use your class. If in your code you make many calls to the Search method of the class, and the calls are made simultaneously, this can be the reason for exhausting the connections pool.

0

Hello,
We are expecting a very large load on this service. We currently have approximately 5,000 active users in our AD, and several automated services that read and write to AD through the service we sent you. Is is possible to load-balance the Adaxes service across several servers to improve performance?

0

Hello,

Yes, it is possible to achieve something similar to that.

First of all, you can install multiple Adaxes services that share common configuration. When configuration is shared, if you modify the configuration of one of the services, the changes are replicated to the other services. Your code can access any of the services sharing common configuration. For more information, see Service Configuration Replication. For information on how to set up such a configuration, see the 2nd bulleted item in step 7 of our Installation Instructions: http://www.adaxes.com/resources/InstNot ... structions.

In your code, you can use the GetNearestService method instead of GetServiceDirectly. The GetNearestService, unlike GetServiceDirectly, returns the nearest available service for a domain. If you have several Adaxes services for the same domain installed in the same AD site (i.e. multiple Adaxes services are equally accessible), Adaxes will return a random service each time. This will help to distribute the load across the multiple services.

You have to take the following two considerations into account when using the method:

  • If you have more than one set of Adaxes services sharing common configuration for the same domain, you will have to specify the ID of the configuration set to use before invoking the GetNearestService method. For more details, see the detailed description of the method in our SDK.
  • It is preferable that you design your code so that the following set of actions be performed within the same session without switching between Adaxes services: find object -> read object properties ->change object properties -> save to directory. If you read properties on one of the services, and set them on another service, most probably, this will also work, but if changes are made to objects very often, issues can occur.
0

so we are on the eve of migrating to 2014.1...however we had this issue come back, seems like only cure is a server reboot...service alone doesnt help...thoughts?

0

Hello,

Did you try with a shared configuration as described in API Max Connection-Modification Limit?? Did it help?

Related questions

0 votes
1 answer

We currently allow users to create users with constraints and some types of accounts need approval. However is there a way to stop using creating more than 1 or 2 users per ... new user accounts have been created on a daily basis and not to report if empty.

asked Jan 25 by MikeBeattie (90 points)
0 votes
1 answer

We are creating a scheduled task with powershell script to check for group licensing errors in Azure/Entra ID using Graph API but the connection throws an error. `# Connect to Graph ... ($count -le 0) { write-host "No user found with license errors" }`

asked Jan 26 by maarten.vaes (70 points)
0 votes
0 answers

Hello, We are using Adaxes' ADSI provider interface to interact with AD via web services. Our AD account has approximately 4000 active users, and most users have ... you would like to see my GetGroupMembership method and my tcp connection settings. Thanks.

asked Oct 15, 2014 by mbcalvin (140 points)
0 votes
0 answers

WorkFlow : From Adaxes, how can the Director or Assistant validate the employee’s "Job Title" modification request?

asked Jul 12, 2023 by LucasGrd (40 points)
0 votes
0 answers

From Adaxes, how can the Director or Assistant validate the employee’s "Job Title" modification request ?

asked Jun 15, 2023 by LucasGrd (40 points)
3,472 questions
3,165 answers
8,057 comments
547,016 users