There was an allow file that was configured incorrectly. They went to fix it and created a backup file of it in the access.d directory. QAS detected a file in the directory /etc/opt/quest/vas/access.d that had an unknown extension which caused reprocessing of allow groups. The AD groups in the allow file had over 40k members so there was a lot of processing happening. This change was going out to 4k machines.
Product Defect: 801076 - backup file in access.d triggers AD flood
WORKAROUND:
touch /var/opt/quest/vas/vasd/.disable_ac_group_updating
What does .disable_ac_group_updating do?
STATUS:
This was resolved in version 4.2.2
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Términos de uso Privacidad Cookie Preference Center