Apache 2.4 https ssl hanging. Port 80 stays open...

Any ideas on direction to look. set it on debug logging and generated 150mb in 4 hrs. Set back to error, doesn't show much...

Traffic doesn't just stop. Port 443 stops accepting after about 5-7 minutes of spikes and stops. Very sporadic. Restart service seems to fix it for about 2-4 hrs...

It's win 2012 64 sp2.

Thanks,
jcorso1313Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Phil DavidsonCommented:
You say
Port 443 stops accepting after about 5-7 minutes of spikes and stops.
 Spikes are high traffic periods?  What are stops?  Restarts work for 2 to 4 hours.  Is the problem that manifests after 5 to 7 minutes a reproducible problem?

Does the debug logging indicate the CPU utilization?  If not, I would see check the CPU health.  Can you set up System Monitor to collect the CPU utilization over the 5 to 7 minutes?  Do you have Cacti or a network monitoring service?  Do you know mow many connections are going to the server? (e.g., 10,000)
0
jcorso1313Author Commented:
The spikes are long response times so far, followed by complete drops, for about 5 minutes before the stop, which is basically just turning off 443. Port 80 stays open...
doesn't seem reproducible yet.

CPU and memory use were very low, and never seemed to get over 50% leading to the issue. Didn't check while the service was hung, but will next time.

For now, I can add this error messages until it happens again...

[mpm_winnt:warn] [pid 4924:tid 1920] (OS 121)The semaphore timeout period has expired.  : AH00341: winnt_accept: Asynchronous AcceptEx failed.
0
grahamnonweilerCommented:
I can see from the error messages that you are running Apache under Windows.

From the little information you have provided, it would look like you have some issues with C runtime libraries ( have you installed the correct C runtime libraries for Apache/Open SSL executables?) or conflicts with another service attempting to use port 443 on your server.

To be able to better assist you can you provide some additional information:

Which version of Windows Server are you running?

Is it 64bit install, and if so did you install Apache 64bit?

Which version of Apache 2.4 and where did you download/obtain it from?

Additionally, can you check which version of OpenSSL is running?

Also make sure that the libeay.dll and ssleay.dll that came with your Apache are in your windows root folders.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

jcorso1313Author Commented:
windows 2012 x64
Apache 64 v.2.4.12 (apachehaus)
OpenSSL/1.0.1

libeay32 and ssleay32.dll are there. I presume those are 32 bit?
0
grahamnonweilerCommented:
Yes libeay32 / ssleay32 are indeed 32 bit and this could mean that you have some conflicts with the  OpenSSL/Apache build, that is manifesting itself with the mod_ssl hanging.

If Apache 64Bit is the only application running on your server that uses SSL (any port - for instance you do not have an SFTP services running as well), then the 32bit DLLs should not be there.

With our Apache 64 bit builds we only see libeay / ssleay - while on the 32bit builds we see the 32 bit DLLs.

The  "winnt_accept: Asynchronous AcceptEx failed." is also a typical problem with a 32bit Apache build running on 64bit Windows Servers (we have seen this ourselves on occasions).

However, as a first step, try adding the below to the top of your http.conf file:

      AcceptFilter https none
      AcceptFilter http none
      EnableSendfile Off
      EnableMMAP off

Restart Apache and see if the problem persists.

These instructions merely affect the way Apache interacts with Windows Sockets and memory management.

If this does not make any difference then I would recommend downloading a new/clean build of Apache 2.4.12 (perhaps from Apache Lounge for a change) and install that over your current build. And then report back if the problem still persists.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jcorso1313Author Commented:
I tried a different 64 bit install, OpenSSL 1.0.1j.

I'm not sure why these 32 bit files are there.

Can you point me to a 64 bit build of 2.4.12 with the 64 bit Vers. Of these files.

I have downloaded a couple, and all seem to use the 32 bit ones.

Thank you.
0
grahamnonweilerCommented:
Did you try WAMPServer - http://www.wampserver.com/en/  although the problem with their downloads is that they are installers.  We normally take the binaries from Apache Lounge.

But as I mentioned, you may have another application installed that is running a 32bit version of SSL which would account for why they are there.

I am assuming you tried the changes to the httpd.conf and that they did not help?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.