Exsesive Windows Security logging - secWinAD

security CMC
1

I am getting 25 logon/logoff events per second (mostly event id 552) for our Active Directory service account even though I’ve only got about 20 users logged in. I know the service account has to check group memberships but 25 times a second seems excessive. The message fill up the 300 meg Windows security audit log so that we have less than 24 hours of data. The CMS.exe service constantly runs at 10 - 15% of the CPU. Is anybody else experiencing this? Is there a way to reduce the frequency of CMS re-quering Active Directory?

We are on BOE XI R2 SP3 on Windows 2003 and we use WebSphere.

Thanks for any help you can provide,
Nick

narmen (BOB member since 2007-06-07)

2

Hi,

How many AD groups you have within your AD? I mean one BO group or all your groups are AD?

3

We have about 20 AD groups mapped and we have about 30 other BO groups that are not mapped.

narmen (BOB member since 2007-06-07)

4

BO PROS!

Even we have exactly the same scenario :hb: Still not sure why these Logon/Logoff entries are generated!

Please do share with us in case anybody has found the reason / solution to these logs.

LS

luckysoul30 (BOB member since 2006-07-13)