Domain Controllers in a trusted domain reboot or stop responding when Directory and Resource Adminis (NETIQKB38652)

  • 7738652
  • 02-Feb-2007
  • 19-Jun-2007


Directory and Resource Administrator 7.x

Domain Controllers in a trusted domain reboot or stop responding when Directory and Resource Administrator performs an Account Cache Refresh for that trusted domain

Accounts Cache Refresh causes the domain controller for that domain to reboot or stop responding.

Accounts Cache Refresh does not complete or fails because the domain controller that Directory and Resource Administrator binds to is hung.

This problem may occur after you install the hotfix that is described in Microsoft Knowledge Base article 828297 (;[LN];828297) to resolve LSASS memory leak issues on a Microsoft Windows 2000 domain controller.


In order to resolve this problem Microsoft has developed and released an updated version of this hotfix, which is designed to address the LSASS memory leak issue without causing the above issue.

For more information on this topic and to obtain the hotfix, please refer to the following Microsoft Knowledge Base article

828297 Memory Leak in Lsass.exe -;[LN];828297

You can also configure the Directory and Resource Administrator server to not perform an Accounts Cache Refresh for the trusted domain in question by performing the steps described in the article below:

    1. Launch the 'Delegation and configuration' console as a member of the DRA Admins Assistant Admin group.
    2. Expand the Configuration Management and Managed Domains nodes.
    3. Highlight the managed domain in the top pane.
    4. Select the trusted domains link in the bottom pane.
    5. Right-click the specific trusted domain in the bottom pane and select Properties.
    6. On the general tab select the Ignore this trusted domain check box and click OK.

Additional Information

Formerly known as NETIQKB38652