I have registered 3 LDAP Servers in Solace for client authentication using LDAP protocol. I understand that Solace creates a connection pool to handle requests to one of the LDAP Servers. But, I wonder whether the other two LDAP Servers are being used for load balancing purposes (meaning Solace will send LDAP requests to them in the event that the first one is overloaded) or only for backup purposes in case the first one is not accessible.
The additional LDAP servers are configurable for redundancy purposes. The Solace PubSub+ message broker will attempt to connect to the LDAP server in the order of preference based off of the index number. Once connected, the message broker continues to use this connection to authenticate clients until the connection goes down. (e.g. timeout from the far end or a shutdown of the LDAP profile).
Related
Greeetings,
I have the following setup
Application Gateway -- Private Endpoints -- App Services
The application gateway is in its own resource group along with the virtual network in the 1.0.0.0 subnet.
The private endpoints and app services have a resource group per resource. So for me that would be 5 Services plus the main group with the AG.
I created all elements via the Portal.
After setting up the backend pool (for starters just for one service) and using the basic settings on all the elements (listeners, rules) I wanted to connect to the gateway public ip or dns name, however all I receive is a timeout, without any hint whatsoever in the monitoring as to what could cause the problem.
The application gateway does not even register a request.
Does anyone know what could be the cause of this? Could the Public IP be faulty for some reason? I even tried disabling the private endpoint on one of the services for debugging purposes but to no avail, seems like that is not the cause.
Any help is appreciated :)
Connection Timeout means that one or more than one server could not
complete your request within some period and does not receive a timely
response from another one that works as a gateway or proxy i.e; did
not complete within alloted time.
Initially try to reload the page in different browser or even on different devices.Clean the site from spam and cookies.
Please check if any of the below possible causes:
(main cause)REQUEST TIMEOUT : The number of seconds that
the application gateway will wait to receive a response from the
backend pool before it returns a “connection timed out” error
message.
When a user request is received, the application gateway applies the
configured rules to the request and routes it to a back-end pool
instance. It waits for a configurable interval of time for a response
from the back-end instance. By default, this interval is 20 seconds.
Solution: Reference >> Try Setting request-timeout :Application Gateway allows you to configure this setting via the
BackendHttpSetting,
Ex:
New-AzApplicationGatewayBackendHttpSettings -Name 'Setting01' -Port 80 -Protocol Http -CookieBasedAffinity Enabled -RequestTimeout 60
Also see App gateway
-troubleshoot-app-service-redirection-app-service-url.
NOTE: If your connections are getting dropped at less than the request
time out seconds set, then we need to find which connection is
trigged. And may need to Contact azure support
In addition to server timeouts, there are other causes
See if it due to default health check probe:like 1) Back-end VMs or
instances of virtual machine scale set are not responding to the
default health probe. 2) Invalid or improper configuration of custom
health probes. 3) Azure Application Gateway's back-end pool is not
configured or empty.
Troubleshoot problems-with-default-health-probe and custom healtH probe : Application gateway automatically configures a
default health probe using properties of the BackendHttpSetting but
Custom health probes allow additional flexibility to the default
probing behavior where you can configure the probe interval, the URL, the path to test, and how many failed responses to accept
before marking the back-end pool instance as unhealthy.
Also check the app service time outs : see appgw-timeouts and app
service time out setting
Other causes to check
Slow server, Problems with the firewall,network connection
If NSG, UDR or Custom DNS blocking access to backend pool members.
If VMs or instances in virtual machine scale set are healthy.
For those : Check the logs and DNS records and try by disabling the proxy or temporarily disabling the CDN
References:
Azure application gateway throws 502 when application sends 401 -
Stack Overflow
Azure Application Gateway error 502 when using application gateway
-Stack Overflow
I have multiple devices sending messages to a mosquito broker. I would like to manage a kind of device revocation so that when a device is revoked, I want the mosquito broker to automatically close the connection for this specific device.
Is there any command or way to ask the broker to explicitly close a connection to a specific client?
Thanks in advance,
hak
I do not think you can kick an already connected client.
But what you can do if using the Authentication Plugin (either a 3rd party or the included dynamic security plugin) to change the ACL that the user can publish/subscribe to which should effectively stop the client sending or receiving any messages and when it next tries to connect it will not be allowed.
We have an mqtt server (VerneMq on Linux VM on Azure) which is configured like below
max_inflight_messages=500
upgrade_outgoing_qos=on
max_offline_messages=1000000
max_online_messages=1000000
persistent_client_expiration=1w
in addition to it's default configuration.
In order to test the persistent message mechanism, we created the following scenario:
We fed the server with some test messages and wait couple of minutes before subscribing with the client (with cleanSession = false), we were able to receive all the messages.
But if we do the same thing and wait 24 hours, we can not receive all stored messages, even if we can see awaiting messages for that client with
vmq-admin trace client client-id=<client_id>
Broker and client both use qos=2.
Is there any other configuration on client or server we have to change?
I noticed that when an MQTT Client with the same Client ID as another MQTT Client already connected to Solace, the second client will get "Not authorized to connect (5)" error message. When I tried the same scenario but connect to a different Solace appliance, the second client succeeded in connecting but the first client was disconnected forcefully by Solace. I checked the settings in both appliances but could not find any settings that lead to the different behaviour. Can anyone advise?
When a new client connects to a Solace appliance, and that client uses the same client name as an existing, connected client, you can configure the appliance to either:
reject the new duplicate client’s connection attempt
disconnect the existing client and connect the new, duplicate client
By default, the replacement of duplicate client connections during authentication is enabled on the appliance. To disable the replacement of duplicate client connections during authentication, use the following CONFIG command:
solace(config)# authentication
solace(config-auth)# no replace-duplicate-client-connections
If you are using SolAdmin to manage the appliance, you can change this property by navigating to the User Management tab, and selecting User Authentication from the Select View box. From the box at the right side of the Element Details area, select Manage Global Authentication, and click Execute Task. In the dialog box that appears, you can select or clear the Replace Duplicate Client Connections check box.
MQTT Broker can disconnect the existing client if the following condition is came up.
http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718090
If the ClientId represents a Client already connected to the Server then the Server MUST disconnect the existing Client
[MQTT-3.1.4-2].
At this time, can broker send any specific message excluding "DISCONNECT" to client before server disconnect the existing client ?
Most brokers are going to follow the spec, if you want one to do something different then you will have to either write your own or modify one of the open source versions.