Hello everybody!
I write to tell you a problem that we had today.
After a week making test, and with good results, the server come into production yesterday.
During the tests, the proxy servs about 30 users. But in production, almost 150 users start to navigate throw the proxy. The result: fatal error, squid stops.
This is an authenticated proxy, against an AD (W2008). The proxy conf is passing to the browsers via GPO.
Reading the cache.log, we find this:
Sep 3 08:39:52 NethServer (squid-1): Too many queued negotiateauthenticator requests
Sep 3 08:39:52 NethServer squid[5310]: Squid Parent: (squid-1) process 18464 exited with status 1
Sep 3 08:39:55 NethServer squid[5310]: Squid Parent: (squid-1) process 3426 started
Sep 3 08:42:47 NethServer (squid-1): Too many queued negotiateauthenticator requests
Sep 3 08:42:47 NethServer squid[5310]: Squid Parent: (squid-1) process 3426 exited with status 1
Sep 3 08:42:50 NethServer squid[5310]: Squid Parent: (squid-1) process 3655 started
Sep 3 08:42:50 NethServer (squid-1): Too many queued negotiateauthenticator requests
Sep 3 08:42:50 NethServer squid[5310]: Squid Parent: (squid-1) process 3655 exited with status 1
Sep 3 08:42:53 NethServer squid[5310]: Squid Parent: (squid-1) process 3673 started
Sep 3 08:43:15 NethServer (squid-1): Too many queued negotiateauthenticator requests
Sep 3 08:43:15 NethServer squid[5310]: Squid Parent: (squid-1) process 3673 exited with status 1
Sep 3 08:43:18 NethServer squid[5310]: Squid Parent: (squid-1) process 3691 started
Sep 3 08:46:46 NethServer (squid-1): Too many queued negotiateauthenticator requests
Sep 3 08:46:46 NethServer squid[5310]: Squid Parent: (squid-1) process 3691 exited with status 1
Sep 3 08:46:49 NethServer squid[5310]: Squid Parent: (squid-1) process 4001 started
and so on…
Sep 3 10:17:56 NethServer squid[13225]: Exiting due to repeated, frequent failures…
2015/09/03 10:04:09 kid1| WARNING: All 10/10 negotiateauthenticator processes are busy.
2015/09/03 10:04:09 kid1| WARNING: Consider increasing the number of negotiateauthenticator processes in your config file
So we modified the squid.conf file, increasing the kerberos helpers to 25 and the ntml helpers to 40.
I will tell you the results.
If some one can share experiences, we will apreciate that.
For now, I post this in case someone else is having the same problem, so may be this will be helpful.
Cheers
(sorry for my english!)