-
Title
Domain controllers having 100% memory spike and large dump files generated -
Description
Large dump files were generated under %Program Files%\Quest\ChangeAuditor\Agent\Plug-in for Active Directory\Dumps on every Domain Controller and memory utilization usage went to 100%. -
Cause
This can be caused by the Change Auditor Agent erroneously trying to process the TTL expiry when an Active Directory dynamic object was already manually deleted.
Defect ID 208937 logged.
-
Resolution
WORKAROUND:
In Change Auditor version 7.1.1 and later of the agent, there is an option to disable the Dynamic Object Processing hook by creating the following registry key on the agent machines:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Quest\ChangeAuditor for Active Directory
Value Name: DisableHooks
Value Type: DWORD
Value: 3Note:
The dynamic object processing hook is responsible for recording delete events when Active Directory dynamic objects are automatically deleted because their TTL value expired. Disabling the hook will result in not auditing these dynamic object deletion events.In Change Auditor version 7.1.0 and earlier, there is no option to perform the workaround mentioned above.
STATUS:
Waiting to fix in the future release of Change Auditor.Windows Registry Disclaimer:
Quest does not provide support for problems that arise from improper modification of the registry. The Windows registry contains information critical to your computer and applications. Make sure you back up the registry before modifying it. For more information on the Windows Registry Editor and how to back up and restore it, refer to Microsoft Article ID 256986 “Description of the Microsoft Windows registry” at Microsoft Support. -
Additional Information
AD garbage collection and Dynamic object TTL expiration for objects in the Deleted Objects container are audited causing "Failed attempt to read attributes" error has been logged.