deadlock errors when IdP under load

[Terry Smith]

The AAF has a subscriber with a 4 node IdP cluster (v3.3.1) connected to a
Microsoft SQL server database (also clustered - MS SQL Server 2012). We're
hoping to get advice on a problem that has occurred under increased load
due to start of semester usage.

All IdP instances are reporting "Transaction (Process ID 165) was
deadlocked on lock resources with another process and has been chosen as
the deadlock victim. Rerun the transaction.". These errors result in failed
authentications ("Process ID X" values do differ, it is not always 165).

Having troubleshooted this issue we believe the error is related to the
eduPersonTargetedID attribute which is obtained through a "StoredId data
connector". This connects to the database using a Container Managed
Connection. Changing the method to obtain the value to "ComputedId" has
allowed the IdPs to successfully manage the load as an interim solution,
i.e. no more deadlocks.

During this time PersistentNameIDGeneration remained enabled but only a
minimal amount of services are requesting this, thus the increased load is
not such a factor here.

Any advice from administrators that may have a similar deployment on fine
tuning configurations to both eliminate deadlocks and reinstating the
"StoredId data connector" would be very helpful.

Thanks,
Terry.
-- 

*Terry Smith* | Technical Engagement and Support Manager |  Australian
Access Federation Inc

*Mob: *0414 692 424 <0402%20918%20566> | *Email**: t.smith*@aaf.edu.au
<elleina.filippi at aaf.edu.au> | *Address*: Lvl 21, 179 Turbot St, Brisbane
QLD 4000
<https://maps.google.com/?q=Lvl+21,+179+Turbot+St,+Brisbane+QLD+4000&entry=gmail&source=g>
 |

*Web:* www.aaf.edu.au |* Support:* support.aaf.edu.au | *Twitter:*
twitter.com/ausaccessfed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180228/a8f97da6/attachment.html>