Applies to: Centrify DirectControl 5.1.2 on all platforms
High CPU consumption is noticed when a system is joined to a classic zone. Extracts in centrifydc.log will show the following messages repeatedly:
adclient.session Background cache population of Group starting...
Nov 19 09:29:04 server adclient: [ID 702911 auth.debug] DEBUG <bg:run-queue> adclient.session Background cache population of Group finished
The background refresh of users and group list is introduced in CentrifyDirect Control version 5.x. This is so that on an enumeration query request, adclient will just return what it has in cache, and then schedule a refresh in background if necessary.
With classic zones, this does not do any cache population for groups. When session data iterate from cache, it will not update the search marker after enumeration ended. Since the group enumeration search marker was never updated, the iteration refresh will be queued every time the background task do the refresh. The symptom is it will continuously repeat in a very short time span.
Also domain controllers will experience heavy traffic from Centrify servers.
In /etc/centrifydc/centrifydc.conf, please modify or append the following parameter. Centrifydc should be restarted and adflush -f should be run to clear cache after making this change:
Also the following parameter should be changed to 3600 (or higher) from the default value of 600.
Customers running into this issue should upgrade to Centrify DirectControl version 5.1.3 (Suite 2014) or higher to obtain an agent build which fixes this issue.
The "adclient.cache.expires" parameter will also default to 3600 starting in the Suite 2014 release so it will no longer be necessary to manually set this parameter after upgrade.