→ 🚀What's New? Explore Lansweeper's Fall 2024 Updates! Fall Launch Blog !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Chao
Engaged Sweeper

Lansweeper scanner is unusable.  It generated over 50GB of logs in couple hours.  I've to stop the service. otherwise, the hard drive is filled up in an hour and wipe out all other security logs.

list.PNG

event4648.PNG

5 REPLIES 5
jduke_halls
Engaged Sweeper III

Thanks to @jgauthier1986 who posted in the other thread that version 11.1.2.1 is out. Changelog hasn't been updated as of yet, but the update fixed the LSASS/Kerberos DOS issue in our environment.  

https://www.lansweeper.com/update-lansweeper/

KrisK
Lansweeper Tech Support
Lansweeper Tech Support

This issue should be addressed in the next version, which will be released very soon.

In some circumstances, the Active Directory cleanup procedures never finished and caused an excessive amount of ldap queries. We're sorry for the inconvenience this has caused.

In the meantime, if you would like to continue using version 11.1.1.3, we recommend the following:

  • disable all on-premises AD cleanup options from the "Server options" page
  • disable the on-premise AD refresh options from the "Scanning targets" page
  • restart the Lansweeper service to activate these changes

 

 

jduke_halls
Engaged Sweeper III

Yep. Seeing the same thing. I was seeing 130-150 Kerberos Authentication Tickets per second with the Lansweeper Server service running

I opened a ticket with support. I'd recommend doing the same.

Link to the thread I started about the issue: https://community.lansweeper.com/t5/general-discussions/scanner-behavior-after-upgrade-to-11-1-3/td-...

RolandB
Engaged Sweeper III

I see the same problem and the "Local Security Authority Process" is running with higher CPU

IanC
Engaged Sweeper

We are also seeing an overwhelming amount of security logs (kerberos service/authentication tickets) being created since upgrading to v11.1.1.3.

2 - 4 million logs (eventID:4768/4769) have been created every day for the past week! I had to stop the service as well.  I hope someone at LS realizes this is a huge issue.