Technical Notes

Reflection Security Proxy Server "Too Many Open Files" Error on Sun Solaris
Technical Note 1562
Last Reviewed 30-May-2008
Applies To
Reflection for the Web 2008 (All Editions except Standard)
Reflection for the Web version 8.0 through 9.6
Reflection Administrator 2008
Reflection Administrator
Summary

This technical note describes how to increase the number of concurrent connections to the Reflection security proxy server by increasing number of file descriptors and setting the proxy server to allow unlimited connections. This information is specific to the Sun Solaris operating system, although the concepts may be applicable to other UNIX systems.

Symptoms

When running a large number of concurrent connections to the security proxy server on a Sun Solaris system, additional new connections may fail.

In the security proxy server log, you may see the following error:

If the security proxy server was started manually as an application from a shell prompt, you may also see the following Java exception:

Explanation

This problem occurs when exceeding the maximum number of file descriptors allocated to the Java Virtual Machine that is running the security proxy server. The default number of file descriptors allocated to a given process depends on the Solaris version and kernel configuration.

Solaris Release	Default Limit	Default Hard Limit
Solaris 7	64	1024
Solaris 8	256	1024
Solaris 9	256	65536

To resolve the problem, increase the number of file descriptors.

Determining the Number of Descriptors Needed

Each security proxy server connection uses two file descriptors. In addition, a baseline of approximately 20 file descriptors is needed to run the security proxy server. To determine the number of file descriptors required, refer to the following formula:

where <connections> represents the maximum number of concurrent connections you predict the security proxy server may receive.

For example:

Note: The number of permitted concurrent sessions is governed by your Reflection product licensing.

Increasing the File Descriptors

To increase the file descriptors, follow these steps:

1. As a user with root privileges, open the command shell that launches the Reflection security proxy server. This should be the same shell used to configure the security proxy server.
2. At the command line, enter the following command:

Note the following:

• The ulimit command syntax may vary depending on your shell. For more information about using the command, refer to your Solaris documentation or man pages.
• The shell inherits the default limit from the kernel variable rlim_fd_cur value set in the /etc/system file. The maximum number of descriptors that can be set (“hard limit”) is governed by the kernel variable rlim_fd_max.

Configuring the Security Proxy Server for Maximum Connections

In addition to increasing the file descriptors, it may be helpful to set the MaxConnections value in your Server.Properties file. To verify the MaxConnections value and change it if necessary, follow the steps below.

1. Run the Security Proxy Wizard.
2. Click the Advanced Settings tab.
3. In the Other Settings group box, clear the Limit maximum connections check box if it is selected. Note: Your concurrent session limit is governed by your product licensing. Do not configure more concurrent sessions than authorized by your license.
4. Click Save.
5. Export the settings to the management server if prompted to do so.

If you made changes, stop and restart the security proxy server for the changes to take effect.

Related Technical Notes

1557	Reflection Security Proxy Server Performance Factors
9988	Reflection for the Web Technical Notes