Resolving denial of access errors due to driver timeouts

book

Article ID: 18558

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Description:

In situations where ControlMinder is running under heavy load, seosd may not be able to handle all events it should process. In these situations, access denied events are recorded in the logs

12 Dec 2013 11:39:00 W FILE <dir>\<file> Read 202 4 <prog_name>\ C:\WINDOWS\system32\inetsrv\inetinfo.exe <domain>\<username>(OS user)

and the Windows event log contains hang errors for driver seosdrv like the following

21/10/2013 10:00:35 seosdrv Warning none 2 N/A PGP2 Hang at inetinfo.exe(1912), FileDes

Solution:

This is caused by the seosdrv driver, responding with a 0 value for timeout when the system is running under heavy load. The situation may be resolved by setting QueueTimeout = 4 with QueueTimeoutAnswer = 1 in the FsiDrv Registry configuration, under HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\FsiDrv.

It is also possible to alleviate the problem by reducing the amount of events being sent so seosd. For instance, by defining a SPECIALPGM resource for the programs accessing files in a certain directory if no individual rule for each file has been set, or by defining specific access rules as opposed to generic ones (e.g. define FILE /mypath/myfile access rules instead of FILE /mypath/* ones)

Environment

Release:
Component: SEOSWG