We are seeing IDM fail tasks and lose connection to the user store.
The server log captures the following message:
ERROR [ims.llsdk.directory.jndi] (http-0.0.0.0-8080-6) Failed to connect to LDAP directory ldap://XXXXXXXX:8094 ldap://XXXXXXX.xxxx.com:8094
Reason: Address already in use: connect
We can connect to the user store using an ldap browser and get to records so there does not appear to be an issue with the CA Directory service
CA Identity Manager 14.x
Windows has 2 types of ports, Static(locked and no other software can use) and Ephemeral(a pool of ports that all software can use, first come first serve).
IM speaks to Directory using an Ephemeral port, and then gives it back and gets another when it needs to communicate.
The problem is if too many software are using these ports they can all be used up.
There are 2 primary solutions:
1. Create a bigger pool of ports
2. Decrease the length of time Windows waits to give back the port
There are a few other secondary options:
- MaxUserPort - https://technet.microsoft.com/en-us/library/cc938196.aspx
- TCPWindowSize - https://technet.microsoft.com/en-us/library/cc938219.aspx
- MaxFreeTcbs - https://technet.microsoft.com/en-us/library/cc938178.aspx
- MaxHashTableSize - https://technet.microsoft.com/en-us/library/cc938176.aspx
You also need to be careful that none of your software that needs a Specific(Static) Port, that port is in the Ephemeral Port Range.
Here are a few link for Ephmeral Ports for Different Windows OS versions: