java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for ********

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for ********

Ghouse, Sherjeel
java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for ********

We implemented jCIFS NTLM authentication in production last month. There were four outages of the Intranet site since then because of java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for ******. The web application is stable most of the time, except a few. The problem is happening during nights and the production in far east  is impacted. This has become a show stopper for us now.Here is the Environment info.

Application Server : WebLogic 8.1 on Windows 2003 Server.

Web.xml configuration looks like

    <init-param>
      <param-name>jcifs.smb.client.domain</param-name>
      <param-value>********</param-value>
    </init-param>
    <init-param>
      <param-name>jcifs.netbios.wins</param-name>
      <param-value> I have listed 6 WINS here</param-value>
    </init-param>
    <init-param>
      <param-name>jcifs.util.loglevel</param-name>
      <param-value>1</param-value>
    </init-param>
    <init-param>
      <param-name>jcifs.smb.client.soTimeout</param-name>
      <param-value>40000</param-value>
    </init-param>
    <init-param>
      <param-name>jcifs.smb.client.responseTimeout</param-name>
      <param-value>30000</param-value>
    </init-param>
    <init-param>
      <param-name>jcifs.netbios.retryTimeout</param-name>
      <param-value>10000</param-value>
    </init-param>
    <init-param>
      <param-name>jcifs.netbios.soTimeout</param-name>
      <param-value>10000</param-value>
    </init-param>


Detailed Exception from Server logs

java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for **********
        at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:126)
        at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
        at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
        at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6987)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
        at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3892)
        at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2766)
        at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
        at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)


Any help resolving this issue will greatly be appreciated


Sherjeel Ghouse


CONFIDENTIALITY NOTICE: This message (including any attachments) may contain Molex confidential information, protected by law. If this message is confidential, forwarding it to individuals, other than those with a need to know, without the permission of the sender, is prohibited.

This message is also intended for a specific individual. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message or taking of any action based upon it, is strictly prohibited.

Chinese Japanese

www.molex.com/confidentiality.html
Reply | Threaded
Open this post in threaded view
|

Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for ********

Michael B Allen-4
On Fri, 24 Feb 2006 13:35:08 -0600
"Ghouse, Sherjeel" <[hidden email]> wrote:

> We implemented jCIFS NTLM authentication in production last month. There
> were four outages of the Intranet site since then because of
> java.net.UnknownHostException: Failed to negotiate with a suitable
> domain controller for ******. The web application is stable most of the

That error is basically what it sounds like. There's some kind of
network failure somewhere and for some reason JCIFS is more sensitive
to it than other software.

Use the CheckAllDC.java example to see what domain controllers JCIFS
is trying to use and if it can authenticate with them. Also, I don't
think you need six WINS servers listed. Alternate WINS server aren't
tried unless JCIFS completely fails to communicate with the current
one. So if the WINS server is just returning bad entries, increasing
the number of WINS servers isn't going to help.  Actually, try the
CheckAllDC.java example with a few of the WINS servers. Maybe one is
sending bad entries. Or maybe it just becomes unresponsive for a time
(e.g. during a replication or backup job). If that turns out to be the
case, aside from increasing the name service timeouts, cachePolicy,
etc, you could just use the lmhosts option to hard code the address of
one reliable domain controller [1]. Read the overview page of the API
documentation for the list of properties. There's a lot of things you
could do (espectially if you diagnose what the exact failure mode is).

Mike

[1] Note this is superior to just using the domainController property
because when the domainController property is used "preauthentication"
doesn't work (this point isn't in the documentation!).