Domain Controllers in a trusted domain reboot or stop responding when Directory and Resource Adminis (NETIQKB38652)

fact
Directory and Resource Administrator 7.x

symptom
Domain Controllers in a trusted domain reboot or stop responding when Directory and Resource Administrator performs an Account Cache Refresh for that trusted domain

symptom
Accounts Cache Refresh causes the domain controller for that domain to reboot or stop responding.

symptom
Accounts Cache Refresh does not complete or fails because the domain controller that Directory and Resource Administrator binds to is hung.

cause
This problem may occur after you install the hotfix that is described in Microsoft Knowledge Base article 828297 (http://support.microsoft.com/default.aspx?scid=kb;[LN];828297) to resolve LSASS memory leak issues on a Microsoft Windows 2000 domain controller.

fix

In order to resolve this problem Microsoft has developed and released an updated version of this hotfix, which is designed to address the LSASS memory leak issue without causing the above issue.

For more information on this topic and to obtain the hotfix, please refer to the following Microsoft Knowledge Base article

828297 Memory Leak in Lsass.exe - http://support.microsoft.com/default.aspx?scid=kb;[LN];828297

You can also configure the Directory and Resource Administrator server to not perform an Accounts Cache Refresh for the trusted domain in question by performing the steps described in the article below:

1. Launch the 'Delegation and configuration' console as a member of the DRA Admins Assistant Admin group.
   
2. Expand the Configuration Management and Managed Domains nodes.
   
3. Highlight the managed domain in the top pane.
   
4. Select the trusted domains link in the bottom pane.
   
5. Right-click the specific trusted domain in the bottom pane and select Properties.
   
6. On the general tab select the Ignore this trusted domain check box and click OK.

Formerly known as NETIQKB38652