The following is a list of issues known to exist at the time of Quest release:InTrust 9.0 Real-Time Monitoring.
It may take the InTrust Real-Time Monitoring Server service a long time to stop if the Alert Database is overloaded with alerts and slow to respond.
The 'Registry Permissions Changed' rule doesn't work on Windows Server 2003 computers.
Do not use wildcards in rule parameter values that define authorized/administrative/target/etc. groups in rules that require group membership resolution for user accounts. Most of these are rules with words 'by unauthorized personnel', 'administrative account', 'administrative rights' in their names.
Make sure to always have at least one account listed in either Alert Managers or Alert Readers pane for every Alerting Profile (InTrust Monitoring Console, Administration page, Roles tab). Any user will receive the Access denied error at an attempt to view alerts using the Alerting Profile with no account listed on the Roles tab of the Administration page. Access to the Database properties and the Users tab on the Administration page of the Monitoring Console will also result in errors.
InTrust scripts related to Active Directory object management cannot be executed on Windows NT 4.0 computers.
When a 'Successful <logon, 'su' command, etc.> after failed attempts' rule is matched, the number of failed attempts reported includes the successful attempt that triggers the rule.
Community names with non-Latin characters are sent incorrectly when you select sending an SNMP trap as a response action for a real-time monitoring rule.
After the Quest InTrust Real-Time Monitoring Server service is restarted, real-time monitoring may temporarily stop working for a computer that is included in multiple InTrust sites under different names if those InTrust sites are configured for real-time monitoring with the same monitoring policy. Monitoring will be resumed for each affected InTrust site when it is enumerated the next time, as defined in the site properties.
The RemoveGroup script does not remove Distribution groups from Active Directory.
When a new Alerting Profile associated to a different InTrust Server is created in any installation of Monitoring Console in the InTrust Organization, clickable links in alert notification emails stop working for any alerts in the old Alerting Profiles.
After an upgrade of one server in a multi-server InTrust Organization from an earlier version to version 9.0, new Data Sources introduced InTrust 9.0 become available to InTrust users who create real-time monitoring rules on InTrust Servers of earlier versions in the same Organizations with instances of InTrust Manger connected to InTrust Servers that are not upgraded yet. Do not use Data Sources introduced in InTrust 9.0 in any policies you create on InTrust Servers that are not upgraded. On the upgraded Server(s), don't assign any jobs that use those Data Sources to InTrust Servers that are not upgraded, and neither apply monitoring policies based on those Data Sources to InTrust Sites processed by InTrust Servers that are not upgraded.
If you experience a degrade in the Alert Database performance, try increasing values of the two InTrust configuration parameters that control the buffer and queue sizes for the connection InTrust makes to the Alert Database. Running the following SQL query on the InTrust configuration database will increase both sizes from the default value of 800KB (819200 bytes) to 10MB (10485760 bytes):
SET [Value] = '10485760'
WHERE (Name = 'ITRT_CommMaxSizePerConnection') OR (Name = 'ITRT_CommQueueSize')
Only the first one of multiple response actions of the 'Execute task' type in one rule will actually be executed if the Synchronous execution option is enabled for this rule.
After disabling a real-time monitoring policy configured to monitor an MS IIS Server and removing the InTrust Agent from a monitored IIS computer you will have to restart IIS on that computer in order to restore its Web connectivity.
CR0151859 If a script-based real-time monitoring rule fails on some of the monitored computers, the agent installed on that computer does not inform InTrust Server about the failure and no error entry is reported in the InTrust Server log.
When real-time monitoring rules are matched, event field names that consist only of digits are treated as integers. This causes errors, because string values are expected.