919 - 926 - 9847

Google brought down my house of cards

For almost three years now we've been running ColdFusion (well, really JRun) session based replication and failover on all of our hosted ColdFusion environs. Things were great! And then, we let google in the door to index our content. Things went from "great", to "why is this always down??". I spent far too much time looking at JVM settings, JRun settings, etc., but never really came up with a concrete answer as to what was happening. Ultimately, we'd see a deluge of errors about the failure of session replication in the log files and a complete breaking of failover and sometimes even the JRun -> IIS connector.

Whilst searching for the session replication errors, I came across Sean Corfields postings across various blogs that replication just does not scale well, and that it remains a broken feature. Up until a few months ago, I'd argue this to be untrue. However, it appears that replication works... if you can manage to keep the amount of crap you throw into shared memory scopes down to a minimum.

It's been 4 days since I've disabled session replication, and my servers have remained standing for an equal amount of time. We've been getting indexed by google (and others), and things are sailing along with nary a blip. Next stop, creating a guide for users that want/need session based failover that can be accomplished in code. Otherwise known as, "Help me Sean Corfield, you're my only hope!" ;).

Using IIS 6 and SSL host headers

Just because I wanted to have this documented for myself, let's setup SSL on IIS 6 so that it uses * Certs. This is only required if using host headers.

To obtain a wildcard server certificate

  1. In IIS Manager, expand the local computer, and then expand the Web Sites folder.
  2. Right-click the Web site for which you want to obtain a wildcard server certificate, and then click Properties.
  3. On the Directory Security tab, under Secure communications, click Server Certificate.
  4. In the Web Server Certificate Wizard, click Create a new certificate.
  5. Follow the Web Server Certificate Wizard, which will guide you through the process of requesting a new server certificate. On the Your Site's Common Name page, type a name in the Common name box, using the following format:
    for example, *.somesite.com.
    By default, the certificate request file is saved as C:\Certreq.txt, but the wizard allows you to specify a different location.
  6. Click Finish to complete the wizard.
  7. Submit the cert to your signing authority (read == Money).

To create the metabase bindings

  1. Click Start, click Run, type cmd in the Open box, and then click OK.
  2. Type the following command at the command prompt (the .vbs is in inetpub\adminscritps):
    cscript.exe adsutil.vbs set /w3svc//SecureBindings ":443:" where host header is the host header for the Web site, for example, test.somesite.com and site identifier corresponds to the number shown in the IIS admin.
  3. You can set up as many bindings as required, if recollection serves, it's delimited by colons. So, it would be ":443:{host header1}:443:{host header n}"