Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7586: High CPU usage after 30 minutes after installing or upgrading to Suite 2016.1 (5.3.1)

Centrify DirectControl ,  

17 December,16 at 01:59 AM

Applies to:
Centrify DirectControl 5.3.1 on all platforms

Problem:
The Centrify DirectControl Agent causes a high amount of system CPU usage approximately 30 minutes from system or service start. Restarting the DirectControl Agent is needed to bring CPU usage back to normal.

Cause:
By default every 1800 seconds or 30 minutes the agent will update a list of alternate UPN suffixes at the given interval. The agent will search all available domains to search and build a list of alternative UPN suffixes. If there is an unreachable domain or configured blocked domain, the agent will become stuck in a loop repeatedly trying to contact the unreachable/blocked domain.

Output from logs will show the following four lines repeated:
adclient[4823]: DEBUG <bg:upnUpdate> network.state Domain blocked: acme.com (not in white list)
adclient[4823]: DEBUG <bg:upnUpdate> base.adagent.domaininfo rejecting domain acme.com. Blocked, not in DNS or our domain list
adclient[4823]: DEBUG <bg:upnUpdate> base.osutil Module=Kerberos : No such domain: acme.com (reference base/adagent.cpp:1349 rc: -1765328230)
adclient[4823]: DEBUG <bg:upnUpdate> util.runqueue unhandled exception No such domain: acme.com

Workaround:
Edit the /etc/centrifydc/centrifydc.conf file and change the following parameter:

adclient.altupn.update.interval: 90000000 (9 with 7 zeros)

Run adreload after saving for changes to take effect

This parameter can also be distributed to your systems using Group Policy and is located at:
Computer Configuration -> Policies -> Admin Templates -> Centrify settings -> DirectControl Settings -> Add centrifydc.conf properties.

Resolution:
This will be fixed in Centrify Server Suite 2017. 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-7301: Upgrading Access Manager 5.2.2 and below to 5.3.1 show effective user rights blank articleKB-9455: Fail to upgrade centrify-openssh from Suite2016.1 to Suite2017.2 via native command articleKB-7120: Suite 2016.1 Deployment Manager is reporting unsupported CentOS 6.8 articleKB-7457: Show effective user rights for computer shows empty articleKB-6011: Installing and using the Centrify Deployment Report articleKB-7094: Is Samba badlock have an affect with adsmb? articleKB-9624: Is OpenSSH 7.2 compatible with Centrify DirectControl 5.2.x?