[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1155
  • Last Modified:

Iseries WS session keeps disconnecting after periods of inactivity

We have recently experienced constant disconnects on users' WS sessions.  All PC users have a WS session file to connect to our AS/400.  We have recently installed a ServGate M30 sercuity device/firewall.  Aftewards, sessions constantly disconnect after periods of inactivity.  All PCs are running XP pro, SP 2.  All users are connected to our internal network.  There are 2 users connected to our DMZ that do not experience this problem.

My troubleshooting has included the following:
1. A constant ping to the IP of the AS/400 shows no communication loss.
2. I created a KeepAliveTime DWORD in the registry (LocalMachine\CurrentControlSet\Services\TcpIp\Parameters\ and set it to 3600000 seconds (decimal)
3. I created a startup script at login - CWBCOPWR /KA:1 /MKA:60,3600

I have looked navigated through the ServGate device and do not see anything that would cause the disconnect because of inactivity.  

Any help or suggestions is much appreciated.
0
ConexionDave
Asked:
ConexionDave
  • 3
  • 3
1 Solution
 
Dave FordSoftware Developer / Database AdministratorCommented:
You might have more success by posting your question in the AS/400 topic area:

http://www.experts-exchange.com/Programming/Programming_Platforms/AS400/

-- DaveSlash
0
 
giltjrCommented:
I would check to see if the ServGate is actually passing the keepalive packets.

I would also check DB2 log on the iSeries server to see if it is showing anything.

Prior to using the ServGate, what were you using as a firewall?
0
 
ConexionDaveAuthor Commented:
Prior to the ServGate, we were using a DLINK firewall, and also had a Symantec Security device.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
giltjrCommented:
Do you have the ability to do a packet capture in-front of the firewal and behind the firewall?

If so I would suggest that you capture the packets to verify what is going on.  

I am assuming that you can predict how long after the session starts and there is no activity that it will end.  If so, then I would suggest capturing two traces on each side.  Trace 1 is the session setup to make sure that the session/connection is starting correctly.  Trace two you would start just prior to when you think the connection is going to drop and capture the drop.

I just thought of something, some stateful firewalls have a timer value on how long they will keep track of a conneciton.  I may be that your session is lasting longer than this and the firewall is deleting the information it has for the connection.

Also you have the keepalive timer set to  3600000 in the registry which is in ms, in seconds this is 3600, or 1 hour.  Do you really want to send the keepalive packet ever hour?
0
 
ConexionDaveAuthor Commented:
I've changed the regestiry to send keep alives every minute if there is inactity for a 5 minute period.  Unfortuantely, I can't predict when the session will disconnect.  Seemingly, it varies.  
0
 
ConexionDaveAuthor Commented:
I did find a timer value on our firewall.  It was set to 15 minutes.  Changing the value to 60 did the trick.   thanks giltjr.
0
 
giltjrCommented:
Glad to be of help.
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now