on 10-02-2008 5:44 PM
I am getting about 25 logon/logoff messages (mostly event id 552) every second logged to the Windows 2003 security log. The user in the message is the service account we use for Active Directory integration. We only have about 25 users logged in. Why am I seeing so much activity? The 300 meg log is showing less than 24 hours of activity before it is being overwritten. We are on BOE XI R2 SP3 using WebSphere WAS.
Hi Kristof,
Thanks for your reply.
> - Is tracing enabled...
No, I verified that none of the service command lines include "-trace"
> ...Kerberos, check the config files...
"debug=true;" is NOT present in our bscLogin.conf file
> ...log Kerberos events...
We have had logging turned before. It is controlled by a Windows registry setting: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\LogLevel
We are not logging Kerberos events.
We did do some trouble shooting with Kerberos awhile ago. I'm thinking that maybe some debug setting somewhere didn't get reset, but I'm not finding anything.
Thanks again for your reply,
Nick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am seeing the CMS.exe service continually running at 10 - 15% of the CPU. Is anybody else seeing this?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Nick,
I haven't come in contact with a WebSphere deployment yet, but perhaps you could check the following:
- Is tracing enabled on the CMC (or any other) service? You should look for a "-trace" in the service's commandline
- If you're using kerberos, check the config files to see if debugging is not enabled
- The BO technical paper detailing the setup of Windows AD / SSO mentions the possibility to log Kerberos events to the eventlog. Are you sure this hasn't been enabled?
Hope this helps.
Kind regards,
Kristof
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.