Continual Windows session authentication events

atlauren · January 31, 2017, 7:27am

We have lately noticed that console sessions using Windows session authentication generate many logon/logoff (4624/4634) events – from a scant four to hundreds of events per console session, per minute. It was our logging admin who noticed that the BigFix server was generating upwards of 1GB/hour in Windows domain logon/logoff events. This seems excessive.

I’ve tried all manner of rebooting console endpoints, logging off console sessions, deleting console caches…to no avail. As a potential fly in the ointment, this last weekend we upgraded from 9.2.8 -> 9.5.4.

Does anyone know what the console does/requires that would account for such aggressive authentication behavior? Does 9.5.4 have new demands in this area?

Thanks for any thoughts,
Andrew

gpoliafico · February 7, 2017, 9:19am

Logging-in as an AD/LDAP user ( or using Windows Session Credentials ) after some time are generated an excessive number of ‘Information Event’ are visible in the Event Viewer.
An APAR has been requested to track and fix the problem in the next 9.5 patch.

atlauren · February 7, 2017, 5:33pm

I forgot to update the thread: My PMR is 40837,227,000, with bug RTC #136781 filed as a result.

gpoliafico · February 24, 2017, 2:11pm

Here is the link to the APAR for this issue ->
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IV93151