How To
Archived

How do I configure IIS Policy Agents 3.x for improved stability?

Last updated Jan 5, 2021

The purpose of this article is to provide information on the recommended configurations for IIS Web Policy Agents 3.x to improve stability. This advice applies to IIS7 and IIS8 web servers.


1 reader recommends this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

Configuring IIS policy agents 3.x

You should ensure the following are true to optimize stability:

  • You only have one worker process per application pool.
  • You are not sharing application pools with other sites.
  • The IIS worker process recycling setting is switched off as recycling is not supported by IIS policy agents. You should also set the idle timeout setting to 0 as otherwise IIS will recycle if no connections have occurred during the idle timeout period.
  • The following OpenAM IIS policy agent configuration parameter is set to off (in web policy agents 3.3.4 only): com.forgerock.agents.nss.shutdown = off

One worker process per application pool

You can set the number of worker processes per worker pool as follows:

  1. Launch the IIS Manager.
  2. Expand the required Server node in the Connections pane and select Application Pools.
  3. Select an application pool from the list and select Advanced Settings from the Actions pane.
  4. Scroll down to the Process Model section and set the Maximum Worker Processes setting to 1.
  5. Repeat steps 3 and 4 for all application pools in the list, even if they are not related to the IIS policy agent.

IIS worker process recycling and idle timeout settings

You can switch off recycling and set the idle timeout to 0 as follows:

  1. Launch the IIS Manager.
  2. Expand the required Server node in the Connections pane and select Application Pools.
  3. Select an application pool from the list and select Advanced Settings from the Actions pane.
  4. Scroll to the Recycling section and set the Regular Time Interval (minutes) setting to 0.
  5. Scroll to the Process Model section and set the Idle Time-out (minutes) setting to 0.
  6. Repeat steps 3 to 5 for all application pools in the list, even if they are not related to the IIS policy agent.
Note

If you cannot switch recycling off for some reason, then it is recommended to use IIS Policy Agent 4 or later instead. 

OpenAM IIS policy agent configuration parameter

This setting is only available in web policy agents 3.3.4. You can set the IIS policy agent configuration parameter as follows:

  1. Add the following property to the IIS policy agent's bootstrap file (OpenSSOAgentBootstrap.properties, located in the /config directory where the policy agent is installed): com.forgerock.agents.nss.shutdown
  2.  Restart the IIS server.

See Also

Best practice for installing IIS Web Agents (All versions)

NSPR Failure while sending to authservice occurs when IIS Policy Agent 3.3.4 fails to connect

OpenAM Web Policy Agent Installation Guide › Installing the Microsoft IIS 6 Policy Agent

OpenAM Web Policy Agent Installation Guide › Installing the Microsoft IIS 7 Policy Agent

Related Training

N/A

Related Issue Tracker IDs

OPENAM-3794 (RFE: Allow IIS WebAgents to support multi-site installation )

OPENAM-6005 (IIS v7 Agent fails intermittently when connecting to authservice over SSL)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.