search cancel

How to disable Domain Cache in Control Compliance Suite


Article ID: 197180


Updated On:


Control Compliance Suite Standards Server Control Compliance Suite


Symantec Control Compliance Suite (CCS)

When running CCS scans, you do not need CCS to report on information about users or groups, or you use the predefined benchmarks released by Symantec.

NOTE: The predefined CIS benchmarks released by Symantec do not require domain cache when run, so domain cache can be disabled.


Domain Cache is enabled by default and needs to be collected by each manager for each domain. The Domain Cache is pushed down to each agent to use in scans that need information about users, groups, or some computer components.


Release : CCS 12.x 
SCU: 2018-1 (or newer SCU)

Component :  Needs to be manually configured on each CCS manager that you want to disable Domain Cache.


Full information about disabling domain cache in the CCS 12.x documentation:

12.x documentation to disable domain cache

How to disable domain cache:

On each CCS manager that you would like to disable domain cache, do the following:

  1. Make a backup of the ConfigurationSettings.xml file in the <CCS installation directory>\Symantec\CCS\Reporting and Analytics\DPS \control\Windows directory.

  2. Edit the ConfigurationSettings.xml file and add the following lines:
  3. To synchronize the configuration parameter changes with the agents, modify the <CCS installation directory>\Symantec\CCS\Reporting and Analytics\DPS\ManagerManifestFile.xml (still on the CCS manager) and increase the "wnt.Dictionary.ConfigurationSettings-xml" version number by 1.  As always, make a backup of the ManagerManifestFile.xml file before you make changes.
    <file id="wnt.Dictionary.ConfigurationSettings-xml" FileTypeKey="wnt.Configuration" version="16-06-2018 07:00:54"
    FilterValue="" ignore_if_absent_on_agent="false">
        <MFH library="" procedure="" />
        <depFiles />
    In this example, you would increase the version to "16-06-2020 07:00:55"
    (NOTE: the version may also just be a numeric value and not a date/time as shown in the example)

    Additional note:  In agentless data collection, you do not need any such version increment in the ManagerManifestFile.xml file.

  4. Stop and restart the 'Symantec CCS Manager' and 'Symantec Data Processing Service' services on the manager.

Note for Agent-based Collection: If you continue to see the error "Domain cache does not exists or not valid for domain [ Domain ]. Data collection will not proceed"
Then from Step 2 above add the same to the "<InstallDir>\ESM\bin\dcmodules\Control\Windows\ConfigurationSettings.xml" on the Agent.
Restart the Agent, Data Collection will now proceed without issue.

Additional Information

Enabling Domain Cache but exclude specific domains:

If you just want to disable collecting domain cache for specific domains, but not all domains, you can edit the ConfigurationSettings.xml file and enable domain cache (BuildDomainCache=True), but then specify which domains you want to disable domain cache for by listing the domain(s) in the DomainCacheExclusionList parameter.  Remember these settings will need to be added to each manager's ConfigurationSettings.xml file (make a backup of the file before editing), and restart the 'Symantec CCS Manager' and 'Symantec Data Processing Service' for the new configuration to take effect.

Example of the entries needed to have domain cache enabled, but DomainA, DomainB, or DomainC will be excluded and domain cache will not be collected on those 3 domains.


In the 'DomainCacheExclusionList' parameter, list the domain(s) for which you do not want cache to be created. If you want to list more than one domain, provide a comma-separated list of domains.