I have a site that has a firewall between their Identity Vault and their
eDir auth tree. I have a traditional eDirectory driver setup between
the two trees. For some reason, after a while, I'll start seeing tons
of CLOSE_WAIT connections on one side and the driver will stop
functioning. A driver restart fixes it and things start flowing again.

Obviously, it's easy to blame the network/firewall (as support has), but
I can still open TCP connections in either direction when this happens
on the port being used for the eDir driver. It's just that the IdM
engine/driver won't recover.

Support suggested writing a script to change an object on each side
every few minutes to keep the connection alive, which we've done. It
works, but I find this solution somewhat unacceptable.

Has anyone seen behavior like this before? Any ideas how to fix? We
did mess with the publisher timeouts, but that did not seem to make any

This is eDir 8.8 SP8 and IdM 4.0.2 with engine patch 4.

The other big difference here is this is on RedHat. So I'm not sure if
that would play any factor here at all.

Thanks for any suggestions.


matt's Profile: https://forums.netiq.com/member.php?userid=183
View this thread: https://forums.netiq.com/showthread.php?t=49883