we have a very strange thing happening in TN on our Production environment:
At some moment 11 old EDI-documents are being resubmitted to TN (and processed after that). This happens on irregular dates and times, but always is about the same set of documents.
There is no trace of any service which can be responsible for this, nor in the server-log or in activity-log in TN. The resubmits have been performed with username ‘Administrator’, which account is locked.
Has anybody seen something like this before?
Does anybody know what happens if I do a right-mouse click - resubmit in TN-console? It looks like this is what is happening.
Doing a right-click and resubmit would definitely account for this behavior, but as the user that is logged in to TN Console (which might be Administrator but you mentioned that that account is locked down).
This is the behavior of a manual re-submit from within TN console. Does anybody else belong to the Administrator group which would be logging in and performing this manual resubmit…??
It sounds like somewhere in your code there is a buggy BRANCH statement with an active restorePipelineFromFile (since the same documents are being resubmitted).
Here are a couple of suggestions:
Under the IS /pipeline, ‘grep’ for some strings in the resubmitted documents. If a pipeline file matches, grep for that pipeline filename under the /packages directory
Turn on systemwide audit logging - there is some setting that generates audit log entries to the filesystem or DB. Once you can identify the next ghost resubmit, see which services are being invoked when it occured. In the unlikely case that it’s a user doing the resubmit, the audit log’s session ID field can be correlated with the session log’s IP address and this will identify him.