6 Replies Latest reply on Dec 18, 2014 2:07 PM by Srijith Nair

    user is currently connected from another machine

      Share:|

      Hello guys,

       

      i have a "user is currently connected from another machine" related question. I'm trying to understand how does this mechanism work in details. Reason for that is that our users are sometimes seeing this kind of error while accessing Remedy from the same machine / OS (they have to click it three times in order to get to the overview console).

       

      Some details of our env:

      1. load balancer above midtiers (ACE, cookie-insert)

      2. midtiers (8.1.01 (SP1) 201408220302 Hotfix)

      3 load balancer above apptiers (ACE, sticky disabled)

      4. AR (8.0.00 Patch 003 201408281639Hotfix)

      5. database

       

      As far as i understand when you're accessing the midtier set of cookies is being created:

      G, GKW, ST etc (details --> Cookies used by Mid Tier - BMC Remedy Action Request System Remedy OnDemand 2014.01 - BMC Documentation)

       

      G cookie looks really interesting because of the KB description:

       

      IP-Restriction GUID — A persistent cookie used to track the user so that the same user cannot log on from multiple computers

       

      which would suggest that GUID is based on IP address of the client but...

       

      MC generates a unique ID, that's not based on IP...but in some fashion follows the machine uniquely, to prevent you from using another machine.  So, somehow this uniqueID is getting changed between the client and the MT server (LJ LongWing Re: F5 Load balancer and Remedy 81


      The unique ID that LJ refers to is owned by your client machine.  When a session starts up, we create and store an identifier on the client.  This allows for other processes running from that same client to all come in as being on the same system (Doug Mueller Re: F5 Load balancer and Remedy 81))


      the question is which description is valid? is the G cookie IP based or not? and is it so called GUID?


      From what Doug Mueller is saying in the topic mentioned above it looks like users should be able to access same session using different browser but that clearly doesn't work for us (we're immediately seeing "user is currently connected from another machine" popup in  secondary browser, and the G cookie is different) even when accessing midtier directly.


      Thanks!



        • 1. Re: user is currently connected from another machine
          LJ LongWing

          Chris,

          From what I understand, it used to contain the IP as part of the 'key'...but because of DHCP scenarios, that was changed many years ago....

           

          I don't know the exact mechanism, and my users don't experience it much...so I historically don't worry about it much....BMC seems reluctant to give the exact formula, more than likely because if they do it'll be possible to 'fake it'

          • 2. Re: user is currently connected from another machine

                 i assume that "user is currently connected..." and the GUID details are not to be revealed by BMC, right?

            What's really interesting G cookie is browser-dependend while GKW cookie is not. Do you know something about GKW cookie?

             

            Understanding this whole mechanism would help me troubleshoot the issue my users are experiencing.

             

                 Beside "user is currently connected..." my users are facing another issue related to sessions. Sometimes all of the sudden, during normal Remedy activity, they're receiving "session has expired" notification and they have to reload whatever they did in order to continune working. I've checked LB (ACE, set to cookie-insert), MT (tomcat) and SSO (JSS) and it looks like all settings (timeouts) are set correctly. Any ideas what can be causing this strange behaviour?

             

                 I'm thinking about switching LB cookie-insert to cookie dynamic learn and set stickyness to G cookie. Any thoughts about that one?

             

            Thanks!

            • 3. Re: user is currently connected from another machine
              LJ LongWing

              Chris,

              You are delving deeper into this than I ever have....sorry I can't be of much help.

              • 4. Re: user is currently connected from another machine

                Hi Chris,

                 

                We faced similar issues when we first migrated over to the Barracuda Load Balancer in Server Group.

                The fix was as you mentioned "Sticky Session", i think you can continue to use cookie-insert itself.

                 

                This will most probably solve both of your issues cause what might be happening is the user is connected to a session & since the sticky session is not set a new session might be established but the old session is not let go properly from the server & the system thinks that the user is already connected from a different machine. I dont know the details on how Remedy identifies & manages each sessions & cookies.

                 

                Hope this helps.

                 

                Thanks,

                Srijith Nair

                • 5. Re: user is currently connected from another machine

                  Hello Srijith,

                   

                  the thing is... we've load balancer configured to use cookie-insert sticky session already.

                   

                  Cookie insert—The ACE inserts the cookie on behalf of the server upon the return request, so that the ACE can perform cookie stickiness even when the servers are not configured to set cookies. The cookie contains information that the ACE uses to ensure persistence to a specific real server [Server Load-Balancing Guide vA3(1.0), Cisco ACE 4700 Series Application Control Engine Appliance - Configuring Stickine…

                   

                  Other way to perform sticky session is Dynamic cookie learning (we're planning to test it shortly - and if possible set it to learn "G" cookie):

                   

                  Dynamic cookie learning—You can configure the ACE to look for a specific cookie name and automatically learn its value either from the client request HTTP header or from the server Set-Cookie message in the server response. Dynamic cookie learning is useful when dealing with applications that store more than just the session ID or user ID within the same cookie. Only very specific bytes of the cookie value are relevant to stickiness. [Server Load-Balancing Guide vA3(1.0), Cisco ACE 4700 Series Application Control Engine Appliance - Configuring Stickine…]


                  but let's say that changing the way that LB handles stickyness will not help us solving the issue... what should we check on MT, Tomcat, AP, JSS? Any suggestions?


                  Thanks!

                  • 6. Re: user is currently connected from another machine

                    Hi Chris,

                     

                    Hmm... I hope may be the dynamic cookie learning method helps. If not what i would do is keep only one AR Server active in the Server Group & also have the load balancer set to check for only for that single AR Server you have kept alive & see if that resolves the issue. This will confirm that the Load Balancer is somehow not keeping the same session.

                     

                    If a single server model resolves the issue, i will check the Load Balancer Logs & see if they can find something there.

                    You can always cross check you have followed all the steps & configuration from the Remedy side for the Server Grouping.

                     

                    Thanks,

                    Srijith Nair