Jump to content


Photo

ALE Quota Violation


  • Please log in to reply
3 replies to this topic

#1 realiks

realiks

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 31 December 2013 - 08:25 AM

Hi all, in our corporation we are experiencing some random user lockouts. I want to use ALE to resolve these problems. Since a couple of days we see an error in the interface which I can not resolve. I have search the installation documents and the support forum, but cannot find anything useful. Can somebody tell me why this error occurs?

At random moments the interface shows "Quota Violation" for one DC. After a minute or 10 it changes back to reading log file.

http://s24.postimg.o...5x/aleerror.png

All help is appreciated.

#2 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 384 posts
  • Gender:Male

Posted 31 December 2013 - 01:01 PM

Hello,

You can turn off read log with the following KB article. Read log is not necessary unless Account Lockout Examiner has been turned off and it is just catching up from when it was off or when it was first installed. If the lockout keeps happening there is no reason to have read log on as it will re-produce itself. A service restart may also work.

https://www.netwrix.com/kb/1240

-Jeff

#3 realiks

realiks

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 02 January 2014 - 10:23 AM

Jeff, Thanks for your reply. I would want to turn off "Read Log" but as you mentioned ALE is still catching up since a reboot of our server a few days ago. I have tried to stop and start the service but still the error occurs (Of course I also tried a reboot of our server). Are there any log files of ALE which I can send you to help troubleshoot this issue?

#4 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 384 posts
  • Gender:Male

Posted 03 January 2014 - 01:20 PM

Realiks,

Why not turn off read log? If the account continues to get locked out then there is no reason for it to catch up. Just turn off read log and leave the last few days invalid login data as missed. Quota violation error is an error of WMI queries, that are used by Account Lockout Examiner. Large WMI notification query may cause a quota violation.

Please refer to the following MS KB article:
http://support.microsoft.com/kb/828653

The only known workaround at this time for this issue is as follows:

(1) Run regedit,
(2) Go to HKLM\Software\[Wow6432Node]\NetWrix\Account Lockout Examiner (Wow6432Node only for x64 OS)
(3) Set Readlog to 0,
(4) Create DWORD UseWatcher with value of 1
(5) Restart Netwrix Account Lockout Examiner Service

-Jeff




0 user(s) are reading this topic

0 members, guests, anonymous users