How do I force DRA to perform an Incremental Cache Refresh (IACR) after a scheduled IACR fails? (NETIQKB50748)

  • Document ID:7750748
  • Creation Date:02-Feb-2007
  • Modified Date:27-Jan-2015
    • Micro Focus Products:
      Directory and Resource Administrator

Environment

Directory and Resource Administrator 8.1.x
Directory and Resource Administrator 8.5.x
Directory and Resource Administrator 8.6.x

Situation

How do I force DRA server to perform an Incremental Accounts Cache Refresh (IACR) after a scheduled IACR fails with an Event 14091?

How do I force DRA to perform an Incremental Cache Refresh (IACR) after a scheduled IACR fails?

How do I force DRA to perform an IACR after a scheduled IACR fails?

How do I force DRA server to perform an Full Accounts Cache Refresh (FACR) after a scheduled IACR fails with an Event 14091?

How do I force DRA to perform a Full Cache Refresh (FACR) after a scheduled IACR fails?

How do I force DRA to perform a FACR after a scheduled IACR fails?

How do I set the polling interval used by the Incremental Accounts Cache Refresh to be longer than 60 seconds?
The Application Log on a DRA server logs the following event: 'Error: Event ID: 14091: Because of the number of changes in the Active Directory, DRA will perform a full accounts cache refresh instead of the scheduled incremental accounts cache refresh.'

Resolution

You cannot force an Incremental Accounts Cache Refresh (IACR) after an Event 14091. When an IACR cannot complete within its allowed time due to a large number of recent Active Directory changes, a Full Accounts Cache Refresh (FACR) is necessary.  

An IACR updates the DRA cache with any changes made to Active Directory since the last successful cache refresh. During the first part of an IACR, the Accounts Provider periodically checks the elapsed time. If the elapsed time exceeds the allowed time, the IACR stops with an error, and an FACR is scheduled for 3:00 AM the next morning.  Before starting the second part of the IACR, the Accounts Provider estimates the time required to process the IACR record set and update the cache. If the estimated time exceeds the time remaining (maximum allowed time minus the time used by part one), the IACR stops with an error and an FACR is scheduled for 3:00 AM the next morning. The default maximum allowed time is 60 seconds and is stored in IncDomRefr.MaxAllowedTime (DWORD value) under the following registry key:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint\Administration\Modules\Accounts\Domains.Dns\YourDomain

This IncDomRefr.MaxAllowedTime registry value can be changed to allow for a longer maximum time to estimate the number of changes.  Keep in mind that doing so also increases the time that Assistant Admins will be "locked out" of DRA for making write changes.

To change the value in DRA 8.0 and later versions:
  1. Launch the Delegation and Configuration console logged on with an account that is a member of DRA Admins.
  2. Select Configuration Management and Managed Domains.
  3. Right-click the domain in which the IACRs are failing and select Properties.
  4. Change the value in the area below "Maximum number of minutes to attempt an incremental cache refresh before scheduling a full accounts cache refresh" to a higher value.
  5. Click OK.

When an IACR fails and schedules an FACR for 3:00 AM the next morning, all subsequent cache refreshes for that domain are suspended. You can manually launch an FACR at any time to resolve the situation or wait for the automatically scheduled FACR to run at 3:00 AM or the next normally scheduled FACR if it would run prior to the 3:00 AM scheduled FACR. Additionally, you can create a registry key that will force a FACR to kick off after an IACR fails.  To do so:

  1. Launch regedit and browse to the following key:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint\Administration\Modules\Accounts\Domains.Dns
  2. Select the domain in which the IACRs are failing.
  3. Add a string valued named IncDomRefr.RescheduleFullFreq.
  4. Change the value data to "Interval 00:15" and click OK.
  5. Restart the NetIQ Administration Service.
  6. Perform steps 1-5 on all DRA servers where the IACR is failing.

This will force a FACR to kick off in 15 minutes after an IACR fails.  Note that you can NOT set the interval less than 15 minutes.

Cause

Event 14091 is generated when an IACR cannot complete within its allowed time, due to a large number of recent Active Directory changes. 

Additional Information

As of DRA 8.7 and newer, this key is no longer needed.

Formerly known as NETIQKB50748

Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. NetIQ Technical Support cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be resolved. Make sure that you back up your Registry prior to making any changes.