Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0304: Centrify cache corruption, page cache,or cache file size related issues

Centrify DirectControl ,  

12 April,16 at 11:07 AM

Applies to: Centrify DirectControl 3.0.2 and earlier on all platforms
Problem: Cache file corruption or unusually large cache file sizes when using DirectControl 3.0.1 may cause one of the following:
1) The adclient process may spike system CPU usage.
2) Adclient may fail to start with log file messages stating "lrpc connection refused".
3) Group or user information may not display correctly with the id command after a user or group is added or removed from Active Directory.

Cause: For symptoms 1 and 2, The problems may be related to corrupt or negative entries in Centrify cache files, found in /var/centrifydc (dc.cache, gc.cache and their respective .idx files).

For symptom 3, the issue is most likely related to a page cache problem in a large cache. When a search is done for the group or user information and it expires, the first page gets refreshed, but the others come from the cache.

Resolution: The page cache problem is a known issue and is fixed in DirectControl 3.0.3. The corrupt and unusually large cache problems were fixed in 3.0.1, but may exist on systems upgraded to 3.0.1 from 3.0.0.

Centrify recommends the following work-arounds:
* If you are upgrading a system from DirectControl 3.0.0 to 3.0.1, run the command adflush before upgrading.
* If the adclient process is running and does not successfully restart, then run adflush and update /etc/centrifydc/centrifydc.conf, adding the following lines:
adclient.cache.cleanup.interval: 1
adclient.cache.flush.interval: 4
adclient.cache.negative.lifetime: 15
adclient.watch.check.frequency: 10
adclient.watch.check.timeout: 10
Then restart adclient. This will clean up the cache once an hour, removing all negative responses that are older than 15 minutes and every 4 hours flush the cache.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.