Return
-
Title
Active Directory servers showing high CPU usage due to an LDAP query being repeatedly going to the servers. -
Description
Active Directory Domain Controllers servers seeing high loads on CPU. We found high volume of LDAP query from large number of client machines caused the high CPU usage. All the non-windows clients were doing the same LDAP query repeatedly. -
Cause
There was an allow file that was configured incorrectly. They went to fix it and created a backup file of it in the access.d directory. QAS detected a file in the directory /etc/opt/quest/vas/access.d that had an unknown extension which caused reprocessing of allow groups. The AD groups in the allow file had over 40k members so there was a lot of processing happening. This change was going out to 4k machines.
Product Defect: 801076 - backup file in access.d triggers AD flood
-
Resolution
WORKAROUND:
touch /var/opt/quest/vas/vasd/.disable_ac_group_updating
What does .disable_ac_group_updating do?
STATUS:
This was resolved in version 4.2.2
-
Change Request
801076