Applies to: Centrify DirectControl 3.0.2 and earlier on all platforms Problem: Cache file corruption or unusually large cache file sizes when using DirectControl 3.0.1 may cause one of the following: 1) The adclient process may spike system CPU usage. 2) Adclient may fail to start with log file messages stating "lrpc connection refused". 3) Group or user information may not display correctly with the id command after a user or group is added or removed from Active Directory.
Cause: For symptoms 1 and 2, The problems may be related to corrupt or negative entries in Centrify cache files, found in /var/centrifydc (dc.cache, gc.cache and their respective .idx files).
For symptom 3, the issue is most likely related to a page cache problem in a large cache. When a search is done for the group or user information and it expires, the first page gets refreshed, but the others come from the cache.
Resolution: The page cache problem is a known issue and is fixed in DirectControl 3.0.3. The corrupt and unusually large cache problems were fixed in 3.0.1, but may exist on systems upgraded to 3.0.1 from 3.0.0.
Centrify recommends the following work-arounds: * If you are upgrading a system from DirectControl 3.0.0 to 3.0.1, run the command adflush before upgrading. * If the adclient process is running and does not successfully restart, then run adflush and update /etc/centrifydc/centrifydc.conf, adding the following lines: adclient.cache.cleanup.interval: 1 adclient.cache.flush.interval: 4 adclient.cache.negative.lifetime: 15 adclient.watch.check.frequency: 10 adclient.watch.check.timeout: 10 Then restart adclient. This will clean up the cache once an hour, removing all negative responses that are older than 15 minutes and every 4 hours flush the cache.