We have lately noticed that console sessions using Windows session authentication generate many logon/logoff (4624/4634) events – from a scant four to hundreds of events per console session, per minute. It was our logging admin who noticed that the BigFix server was generating upwards of 1GB/hour in Windows domain logon/logoff events. This seems excessive.
I’ve tried all manner of rebooting console endpoints, logging off console sessions, deleting console caches…to no avail. As a potential fly in the ointment, this last weekend we upgraded from 9.2.8 -> 9.5.4.
Does anyone know what the console does/requires that would account for such aggressive authentication behavior? Does 9.5.4 have new demands in this area?
Thanks for any thoughts,
Andrew