We’ll discuss the most frequently asked questions of the Alfresco Support teams. Alfresco interacts with numerous customers on a daily basis and personnel from the services team are reviewing a few of the most often asked questions along with the associated responses.
4. Core Support Activity (Past Year)
11,604
cases
handled
/
12,814
cases
closed
Reduced
days
to
resolve
from
14
to
7
days
Created
over
400
knowledge
base
ar8cles
Maintenance
140
Hot
Fixes
76
Service
Pack
Escala8ons
107
Informa8on
Requests
Total
323
Escala8ons
into
Engineering
(2%)
5. Top Tips
•
Authen8ca8on
•
Lucene
•
Java
Founda8on
API
•
Upgrade
/
Update
•
Clustering
6. Authentication
What?
Passthru authentication stops working:
ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1-
using NTLMv2 logon, not valid with passthru authentication
7. Authentication
NTLMv1 Authentication
What?
Active Directory 1 Request Access
Passthru authentication stops working:
Server
2 Challenge
ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1-
3 Response
using NTLMv2 logon, not valid with passthru authentication
4 Challenge + Response
5 Authenticated
6 Response
1
Alfresco
2
Server
3
6
8. Authentication
NTLMv1 Authentication
What?
Active Directory 1 Request Access
Passthru authentication stops working:
Server
2 Challenge
ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1-
3 Response
using NTLMv2 logon, not valid with passthru authentication
4 Challenge + Response
5 Authenticated
Why?
6 Response
NTLMv2 prevents man in the middle attacks
1
Alfresco
2
Server
3
6
✕
9. Authentication
NTLMv1 Authentication
What?
Active Directory 1 Request Access
Passthru authentication stops working:
Server
2 Challenge
ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1-
3 Response
using NTLMv2 logon, not valid with passthru authentication
4 Challenge + Response
5 Authenticated
Why?
6 Response
NTLMv2 prevents man in the middle attacks
1
Alfresco
2
Server
3
6
✕
What’s the answer?
Downgrade workstations to NTLMv1
or
Switch to Kerberos
10. Authentication
NTLMv1 Authentication
What?
Active Directory 1 Request Access
Passthru authentication stops working:
Server
2 Challenge
ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1-
3 Response
using NTLMv2 logon, not valid with passthru authentication
4 Challenge + Response
5 Authenticated
Why?
6 Response
NTLMv2 prevents man in the middle attacks
Kerberos Ticket Service Request
1
Alfresco
2
Server
✕
Active Directory 1 GET
3
2 AUTH required
Server
6
3 Request Service Ticket
4 Return Service Ticket
5 GET + Service Ticket
6 Validate Ticket
What’s the answer?
3 4
Downgrade workstations to NTLMv1
or
Client
Switch to Kerberos Workstation
Alfresco
1
Server
2
5
11. Authentication Top Tips
What? What?
• Cannot configure CIFS with LDAP • I have configured Kerberos, but It does
not work
Why?
• CIFS needs the password stored as Why?
an MD4 hash • One of the steps was missed
• LDAP does not normally store them
this way What’s the answer?
• Kerberos configuration can be
What’s the answer? complex. Follow the documented
• Use a different subsystem such as Kerberos setup steps EXACTLY, and
Passthru or Kerberos make notes on each step.
• If you are still having issues, send
Alfresco Support your notes
12. Lucene
What? Alfresco
• Different users are getting different search Server
results with the same query
Why?
• You may have different client and server
locales
What to do
• Use the same analyzer for both searching
and indexing.
• Choose a locale
• Set the server locale to the correct value Alfresco
Server
either with an environment variable, or on the
JAVA_OPTS command line
• Rename all the
dataTypeAnalyzers_XX.properties files and
configure dataTypeAnalyzers.properties to
use the locale you have chosen
.
13. Lucene Performance Top Tips
Check how many documents are in Index performance tuning parameter
each index folder lucene.indexer.mergerTargetIndexCount=5
- Recommended • Target for the number of indexes after
- get the 'IndexInfo' file (workspace/ merging. Try settings between 5 and
SpacesStore/), copy out and pass the 15
containing folder as an argument to • Contact Support for further parameters
org.alfresco.repo.search.impl.lucene.index.IndexInfo()
to try
- MUST be done on a copy of the indexes DO Local indexes
NOT RUN ON THE LIVE SERVER
• Ensure that the Lucene indexes are
- Alternative local to the Alfresco server.
- Switch on debug for • A SAN/NFS mounted Lucene index
org.alfresco.repo.search.impl.lucene.index.IndexInfo()
folder, even with slight latency can be
- A lot of debug will be produced and be detrimental to performance.
difficult to read/may affect performance
Disk space
- If the smallest folder has very large • Lucene needs a minimum of twice as
number of documents, consider much disk space as the current size of
performance tuning parameters the indexes for the indexes to be able
to merge.
14. Search Top Tips
What? What?
• Different number of results from • Memory errors when re-building the
performing the search repeatedly index
Why? Why?
• Caused by a timeout being exceeded • JVM memory needs optimization
when permission checking the results or
set. Caching means that subsequent
searches return more results • Move the work to the file system
What’s the answer? What’s the answer?
• Override alfresco-global.properties file: • lucene.indexer.maxDocsForInMemoryMerge=0
maxPermissionCheckTimeMillis=60000
• This will move all the work onto the file
system meaning no memory is
(Limits the time permission checking) consumed. The drawback is that the
maxPermissionChecks=10000 indexing will be a bit slower.
(Limits # of files permission checked) • Remember to change it back when the
re-index is done
Remember
• It will increase time for users to search
15. Java Foundation API!
What?
• Index directories continually grow.
Why?
• The most likely cause is leaving lucene results sets open, which can lead to disk
space and memory leak issues.
What’s the answer?
Explicitly close the ResultSet object in a finally block
try
Example: {
resultSet = <searchquerything>;
//do something with the ResultSet
}
catch (Exception e)
{
//do something with the exception
}
finally
{
if (resultSet != null)
{
resultSet.close();
}
}
16. Java Foundation API!
What? RunAsWork<String> getUsernameRunAsWork =
• Transaction or security exceptions new RunAsWork<String>()
{
Why public String doWork() throws
Exception
• Not using Alfresco helper beans
{
return
What is the answer? retryingTransactionHelper.doInTransaction
• Use the transaction helper and runAs pattern (<do something>, false);
• Guarantees security context }
};
Benefits String username =
• Retries if system is under load AuthenticationUtil.runAs
• Manages long lasting transactions and throws (getUsernameRunAsWork,
TooBusyException if busy AuthenticationUtil.SYSTEM_USER_NAME);
• Ensures there is a transaction by propagating
the existing one or creating a new one
• Easily re-usable code block
• No transactional status maintenance
17. Java Foundation API
What? Packaging Customizations
• Services exceptions • Back end (Alfresco) customisation
should be packaged as an Alfresco
module.
Why?
• Share customizations should be
• Lower case service bean names are packaged as a jar file.
“POJO” (Plain Old Java Object).
Ensure that services are managed • Recommendation is to keep Alfresco
core code and customization
<property name="searchService" ref="searchService"/>
separated.
• Keeping code separate will help when
What is the answer? upgrading.
• Use upper case bean names. Method
calls will go through the “Spring” Transaction management in webscript
interceptor layers and be managed.
• If your webscript is read only then
<property name="searchService" ref="SearchService"/> declare it: <transaction
allow="readonly" >...</transaction>.
• This is more efficient in terms of
caching because Alfresco core can
take advantage of the information for
cache management.
18. Good to know!
Upgrades! Clustering!
What? What?
• Upgrades between minor versions are • Inconsistent search results when
complex and time-consuming accessing different nodes on a cluster
What is the answer? What’s the answer?
• If you are on a version earlier than 3.1 • Use version 3.4.5 or later for cluster
(especially 1.x or 2.x) it’s worth environments to improve performance
another upgrade and ensure consistency
• No new features in service packs
• No schema changes, unless there is no
other way to fix the issue
• Thorough upgrade testing by both QA and
Support on donated customer data
19. Questions ?
Thank you for your time
“We Work Well With Others”!