BP-2 Support’s Most Common Questions

Alfresco Support Top Tips!
Alfresco Customer Support Team • twitter: alfrescosupport

Core Support Activity (Past Year)
11,604
cases
handled
/
12,814
cases
closed

Reduced
days
to
resolve
from
14
to
7
days

Created
over
400
knowledge
base
ar8cles

Maintenance

140
Hot
Fixes

76
Service
Pack
Escala8ons

107
Informa8on
Requests

Total
323
Escala8ons
into
Engineering
(2%)

Top Tips

• 
Authen8ca8on

• 
Lucene

• 
Java
Founda8on
API

• 
Upgrade
/
Update

• 
Clustering

Authentication
What?
Passthru authentication stops working:
ERROR [auth.ntlm.NtlmAuthenticationHandler] Client WIN7C1-
using NTLMv2 logon, not valid with passthru authentication

Authentication
NTLMv1 Authentication
What?
Active Directory 1 Request Access
Server
2 Challenge
3 Response
4 Challenge + Response
5 Authenticated
6 Response

1
Alfresco
2
Server
3

6

Authentication
What?
Server
2 Challenge
3 Response
5 Authenticated
Why?
6 Response
NTLMv2 prevents man in the middle attacks

1
Alfresco
2
Server
3

6

✕

Authentication
What?
Server
2 Challenge
3 Response
5 Authenticated
Why?
6 Response

1
Alfresco
2
Server
3

6

✕
What’s the answer?

Downgrade workstations to NTLMv1
or
Switch to Kerberos

Authentication
What?
Server
2 Challenge
3 Response
5 Authenticated
Why?
6 Response

Kerberos Ticket Service Request
1
Alfresco
2
Server

✕
Active Directory 1 GET
3
2 AUTH required
Server
6
3 Request Service Ticket
4 Return Service Ticket
5 GET + Service Ticket
6 Validate Ticket
3 4
Downgrade workstations to NTLMv1
or
Client
Switch to Kerberos Workstation
Alfresco
1
Server
2

5

Authentication Top Tips

What? What?
•  Cannot configure CIFS with LDAP •  I have configured Kerberos, but It does
not work
Why?
•  CIFS needs the password stored as Why?
an MD4 hash •  One of the steps was missed
•  LDAP does not normally store them
this way What’s the answer?
•  Kerberos configuration can be
What’s the answer? complex. Follow the documented
•  Use a different subsystem such as Kerberos setup steps EXACTLY, and
Passthru or Kerberos make notes on each step.
•  If you are still having issues, send
Alfresco Support your notes

Lucene
What? Alfresco
•  Different users are getting different search Server
results with the same query

Why?
•  You may have different client and server
locales

What to do
•  Use the same analyzer for both searching
and indexing.
•  Choose a locale
•  Set the server locale to the correct value Alfresco
Server
either with an environment variable, or on the
JAVA_OPTS command line
•  Rename all the
dataTypeAnalyzers_XX.properties files and
configure dataTypeAnalyzers.properties to
use the locale you have chosen

.

Lucene Performance Top Tips
Check how many documents are in Index performance tuning parameter
each index folder lucene.indexer.mergerTargetIndexCount=5
-  Recommended •  Target for the number of indexes after
-  get the 'IndexInfo' file (workspace/ merging. Try settings between 5 and
SpacesStore/), copy out and pass the 15
containing folder as an argument to •  Contact Support for further parameters
org.alfresco.repo.search.impl.lucene.index.IndexInfo()
to try
-  MUST be done on a copy of the indexes DO Local indexes
NOT RUN ON THE LIVE SERVER
•  Ensure that the Lucene indexes are
-  Alternative local to the Alfresco server.
-  Switch on debug for •  A SAN/NFS mounted Lucene index
org.alfresco.repo.search.impl.lucene.index.IndexInfo()
folder, even with slight latency can be
- A lot of debug will be produced and be detrimental to performance.
difficult to read/may affect performance
Disk space
-  If the smallest folder has very large •  Lucene needs a minimum of twice as
number of documents, consider much disk space as the current size of
performance tuning parameters the indexes for the indexes to be able
to merge.

Search Top Tips
What? What?
•  Different number of results from •  Memory errors when re-building the
performing the search repeatedly index

Why? Why?
•  Caused by a timeout being exceeded •  JVM memory needs optimization
when permission checking the results or
set. Caching means that subsequent
searches return more results •  Move the work to the file system

What’s the answer? What’s the answer?
•  Override alfresco-global.properties file: •  lucene.indexer.maxDocsForInMemoryMerge=0
maxPermissionCheckTimeMillis=60000
•  This will move all the work onto the file
system meaning no memory is
(Limits the time permission checking) consumed. The drawback is that the
maxPermissionChecks=10000 indexing will be a bit slower.
(Limits # of files permission checked) •  Remember to change it back when the
re-index is done
Remember
•  It will increase time for users to search

Java Foundation API!
What?
•  Index directories continually grow.

Why?
•  The most likely cause is leaving lucene results sets open, which can lead to disk
space and memory leak issues.

Explicitly close the ResultSet object in a finally block
try
Example: {
resultSet = <searchquerything>;
//do something with the ResultSet
}
catch (Exception e)
{
//do something with the exception
}
finally
{
if (resultSet != null)
{
resultSet.close();
}
}

Java Foundation API!
What? RunAsWork<String> getUsernameRunAsWork =
•  Transaction or security exceptions new RunAsWork<String>()
{
Why public String doWork() throws
Exception
•  Not using Alfresco helper beans
{
return
What is the answer? retryingTransactionHelper.doInTransaction
•  Use the transaction helper and runAs pattern (<do something>, false);
•  Guarantees security context }
};
Benefits String username =
•  Retries if system is under load AuthenticationUtil.runAs
•  Manages long lasting transactions and throws (getUsernameRunAsWork,
TooBusyException if busy AuthenticationUtil.SYSTEM_USER_NAME);
•  Ensures there is a transaction by propagating
the existing one or creating a new one
•  Easily re-usable code block
•  No transactional status maintenance

Java Foundation API
What? Packaging Customizations
•  Services exceptions •  Back end (Alfresco) customisation
should be packaged as an Alfresco
module.
Why?
•  Share customizations should be
•  Lower case service bean names are packaged as a jar file.
“POJO” (Plain Old Java Object).
Ensure that services are managed •  Recommendation is to keep Alfresco
core code and customization
<property name="searchService" ref="searchService"/>
separated.
•  Keeping code separate will help when
What is the answer? upgrading.
•  Use upper case bean names. Method
calls will go through the “Spring” Transaction management in webscript
interceptor layers and be managed.
•  If your webscript is read only then
<property name="searchService" ref="SearchService"/> declare it: <transaction
allow="readonly" >...</transaction>.
•  This is more efficient in terms of
caching because Alfresco core can
take advantage of the information for
cache management.

Good to know!
Upgrades! Clustering!
What? What?
•  Upgrades between minor versions are •  Inconsistent search results when
complex and time-consuming accessing different nodes on a cluster

What is the answer? What’s the answer?
•  If you are on a version earlier than 3.1 •  Use version 3.4.5 or later for cluster
(especially 1.x or 2.x) it’s worth environments to improve performance
another upgrade and ensure consistency
•  No new features in service packs
•  No schema changes, unless there is no
other way to fix the issue
•  Thorough upgrade testing by both QA and
Support on donated customer data

Questions ? 
Thank you for your time  

“We Work Well With Others”!

BP-2 Support’s Most Common Questions

Recommended

Recommended

More Related Content

More from Alfresco Software

More from Alfresco Software (20)

Recently uploaded

Recently uploaded (20)

BP-2 Support’s Most Common Questions