We are using CA SDM 12.6
Since 2 days, login page of CA SDM is taking time to load on IIS(port 80 and 443).
We have configured SDM to run from IIS7 by default.
When using tomcat (port 8443) it loads in 1-2 seconds.
Once logged in, everything else works fine.
Any help on this will be appreciated as I'm now clueless on what might be causing this.
I think it might be single-sign-on / windows authentication that's slowing it down. When you access SDM, do you see the SDM user/pass Logon screen ? OR do you single sign on automatically ?
Close all your browsers and try to access an HTML page (a test page) on the same Default Web Site that's hosting the CAisd virtual directory and see if that takes the same amount of time.
Would Firefox/Chrome behave differently (usually they dont do single-sign-on against IIS by default), so you'd get prompted for your windows credentials.
You are right!
The test page opens right away.
And yes, when SDM is accessed, it logs in directly bypassing the login page.
So windows authentication might be the culprit.
Any ideas/suggestions on how this can be resolved?
I've seen it happen some times when my browser from a host on a windows domain would try to connect to IIS website on a server belonging to another domain, wherein the domains do not trust each other. So it would take a while for the site to understand/process the auth request before it let me in to SDM.
Were there any changes made to the domain / authentication mechanism recently ?
You are right Raghu.
Thanks a lot of giving me these tips.
Will need to check internally with the IT team if any changes were done to the authentication mechanism.
I'm getting below errors in logs when accessing SDM:
ldap_agent_nxd 3324 ERROR ldap_agent.c 1519 ldap_get_next_page() error: (Timeout)
boplgin 2772 ERROR bplaccess.c 3041 AHD04013:Internal error in method (got_ldap_domset): ldap_get_next_page() error: (Timeout)
The error normally indicates that the LDAP Searches that Service Desk is doing are timing out because they're not getting result from the LDAP server with in a specified interval.
@NX_LDAP_TIMEOUT=XXXX #in seconds
The above could help, but you're basically delaying the inevitable. I believe the LDAP server is either overloaded and/or the SDM Server is connecting to the wrong/slow domain controller / LDAP server. That could be why the logins are slow AND once you're logged in there's no need to contact that server so SDM appears fast again.