ALE Quota Violation
Posted 31 December 2013 - 08:25 AM
At random moments the interface shows "Quota Violation" for one DC. After a minute or 10 it changes back to reading log file.
All help is appreciated.
Posted 31 December 2013 - 01:01 PM
You can turn off read log with the following KB article. Read log is not necessary unless Account Lockout Examiner has been turned off and it is just catching up from when it was off or when it was first installed. If the lockout keeps happening there is no reason to have read log on as it will re-produce itself. A service restart may also work.
Posted 02 January 2014 - 10:23 AM
Posted 03 January 2014 - 01:20 PM
Why not turn off read log? If the account continues to get locked out then there is no reason for it to catch up. Just turn off read log and leave the last few days invalid login data as missed. Quota violation error is an error of WMI queries, that are used by Account Lockout Examiner. Large WMI notification query may cause a quota violation.
Please refer to the following MS KB article:
The only known workaround at this time for this issue is as follows:
(1) Run regedit,
(2) Go to HKLM\Software\[Wow6432Node]\NetWrix\Account Lockout Examiner (Wow6432Node only for x64 OS)
(3) Set Readlog to 0,
(4) Create DWORD UseWatcher with value of 1
(5) Restart Netwrix Account Lockout Examiner Service