Tag Archives: Usage

Microsoft, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Small Business Server 2011, Windows, Windows Server 2008 R2

Ntdsai.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

02/04/2012 Stuart Davey Leave a comment

Ntdsai.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

02-Apr-2014 – 6.1.7601.22645 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2862304 – AD DS or AD LDS responds slowly to complex LDAP query that has a deeply nested filter on Windows server

26-Mar-2014 – 6.1.7601.22640 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2955074 – Retrieval of paged results is interrupted when an LDAP server receives queries that generate many results

05-Mar-2014 – 6.1.7601.22617 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2886087 – Lsass.exe process crashes on a computer that’s running Windows 7 or Windows Server 2008 R2 SP1

27-Jan-2014 – 6.1.7601.22582 – Ntdsai.dll – x86/x64 – http://support2.microsoft.com/kb/2922852 – Update resolves a problem in which LDAP, Kerberos and DC locator responses are slow or time out with Windows

05-Jul-2013 – 6.1.7601.22377 – Ntdsai.dll – x64 – http://support.microsoft.com/kb/2868765 – 1783 RPC_X_BAD_STUB_DATA error message when a Windows Server 2008 R2-based DC tries to replicate an RPC packet

07-Jun-2013 – 6.1.7601.22351 – Ntdsai.dll – x64 – http://support.microsoft.com/kb/2682997 – Active Directory replication fails with event 1084 and status 8206: “The directory service is busy”

06-Jun-2013 – 6.1.7601.22350 – Ntdsai.dll – x64 – http://support.microsoft.com/kb/2847777 – Performance of Active Directory operations decreases when a deletion event occurs during an SDprop operation on a Windows Server 2008 R2-based domain

06-Jun-2013 – 6.1.7601.22350 – Ntdsai.dll – x64 – http://support.microsoft.com/kb/2846725 – High CPU usage in domain controllers after you perform a schema update in a Windows Server 2008 R2-based Active Directory forest

10-Apr-2013 – 6.1.7601.22296 – Ntdsai.dll – x64 – http://support.microsoft.com/kb/2781048 – Restart for domain controllers in Windows Server 2008 R2 SP1 take longer than expected

10-Apr-2013 – 6.1.7601.22296 – Ntdsai.dll – x64 – http://support.microsoft.com/kb/2671874 – Heavy WAN usage after you restart centralized Windows Server 2008 R2-based domain controllers

08-Feb-2012 – 6.1.7601.21918 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2665616 – You cannot install a new domain controller on a computer that is running Windows Server 2008 R2 because of an RPC error

05-Nov-2011 – 6.1.7601.21855 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2641962 – The msDS-HasInstantiatedNCs and msDS-hasMasterNCs attributes do not replicate if an authoritative restore is performed in Windows Server 2008 R2

04-Nov-2011 – 6.1.7601.21854 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2458125 – The Value field under the Attribute item for event ID 5136 is empty in Windows Server 2008 and in Windows Server 2008 R2

18-Oct-2011 – 6.1.7601.21841 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2621146 – MS11-095: Description of the security update for Active Directory: December 13, 2011

01-Oct-2011 – 6.1.7601.21830 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2618669 – An update is available to detect and prevent too much consumption of the global RID pool on a domain controller that is running Windows Server 2008 R2

28-Sep-2011 – 6.1.7601.21827 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2616886 – Group membership is emptied on a Windows Server 2008 R2-based RODC after the group is converted from a universal group into a global domain group or a local domain group

27-Aug-2011 – 6.1.7601.21802 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2601626 – MS11-086: Description of the security update for Active Directory: November 8, 2011

14-Jul-2011 – 6.1.7601.21770 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2580503 – The DirSync control returns more search results than expected in a Windows Server 2008 R2-based domain

11-May-2011 – 6.1.7601.21725 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2526455 – You cannot open the properties of any object by using ADSI Edit after you mount a restored Active Directory database file by using the Active Directory database mounting tool in a Windows Server 2008 R2 Active Directory domain environment

26-Jan-2011 – 6.1.7601.21649 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2500682 – NSPI query for address book information is slow and high CPU usage on domain controllers in a Windows Server 2008 R2 domain

18-Dec-2010 – 6.1.7601.21624 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2468316 – A paged LDAP query fails on the second page and the pages that follow in Windows Server 2008 R2

18-Dec-2010 – 6.1.7601.21624 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2413670 – Events 1659, 1481, and 1173 are recorded in the Directory Service event log on Windows Server 2008 R2-based domain controllers after you remove Active Directory Domain Services from the last domain controller in a tree root domain

Microsoft, SBS 2008, Service Pack 2, Service Pack 2, Service Pack 2, Small Business Server 2008, Windows, Windows Server 2008

Ntdsai.dll – Pre Service Pack 3 Revision History for Windows Server 2008 SP2 and Windows Small Business Server 2008 (SBS 2008)

02/04/2012 Stuart Davey Leave a comment

Ntdsai.dll – Pre Service Pack 3 Revision History for Windows Server 2008 SP2 and Windows Small Business Server 2008 (SBS 2008)

24-Oct-2011 – 6.0.6002.22731 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2621146 – MS11-095: Description of the security update for Active Directory: December 13, 2011

25-Aug-2011 – 6.0.6002.22705 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2601626 – MS11-086: Description of the security update for Active Directory: November 8, 2011

08-Dec-2010 – 6.0.6002.22543 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2386717 – The “Enforce password history” and “Minimum password age” Group Policy settings do not work when you reset the password for a Windows Server 2008 R2-based or a Windows Server 2008-based computer

19-Nov-2010 – 6.0.6002.22528 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2456603 – A query takes a long time to complete and increases CPU usage to a high level on a Windows Server 2008-based domain controller when you use NSPI API functions to query address book information

12-Nov-2010 – 6.0.6002.22524 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/2458125 – The Value field under the Attribute item for event ID 5136 is empty in Windows Server 2008 and in Windows Server 2008 R2

16-Apr-2010 – 6.0.6002.22384 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/981550 – MS10-068: Description of the security update for Active Directory: September 2010

17-Mar-2010 – 6.0.6002.22366 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/981717 – The PrincipalContext.ValidateCredentials method returns a false value even when you use valid credentials on a Windows Server 2008 SP2-based server that has AD LDS installed

09-Mar-2010 – 6.0.6002.22358 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/981465 – “MAPI_E_NOT_ENOUGH_RESOURCES” error code when you run an application that calls the NspiQueryRows method in Windows Server 2008

20-Feb-2010 – 6.0.6002.22343 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/980596 – An LDAP bind to a Windows Server 2008-based server fails when the client enables only the “confidentiality protection” bit”

27-Oct-2009 – 6.0.6002.22252 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/976449 – RODCs unnecessarily open many RPC connections to RWDCs on a computer that is running Windows Server 2008 or Windows Server 2008 R2

14-Oct-2009 – 6.0.6002.22245 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/975697 – An LDAP client authentication request fails when the Digest-MD5 SASL subsequent authentication mechanism is used

05-Oct-2009 – 6.0.6002.22238 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/975696 – The Account Name, Account Domain, and Security ID fields are not populated in event ID 5136 for “Directory Service Changes” on a computer that is running Windows Server 2008 or Windows Server 2008 R2

02-Jul-2009 – 6.0.6002.22162 – Ntdsai.dll – x86/x64 – http://support.microsoft.com/kb/973037 – MS09-066: Description of the security update for Active Directory: November 2009

11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 21, 22, 23, 25, 26, 33, 330, 505, 510, 520, 530, 810, 820, 830, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, FireBox, System Manager, Watchguard, WSM, XTM

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.2 – CSP1 Build # 338385

22/03/2012 Stuart Davey

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.2 – CSP1 Build # 338385

11.5.2 – CSP1 Build # 338385 resolves the following issues:

BUG65256: Iked periodically stack traces eip=0x080648e6

BUG65047: Eicar attachment with password encrypted through GAV

BUG64897: support.tgz fails to write to USB when usb diagnostics enable is used from CLI

BUG64883: UTF8 encoded X-WatchGuard-AntiVirus header breaks attachments with long filenames

BUG65505: possible issue in chunking handling of the http proxy

BUG61091: Firebox cluster A/P, complete lockup

BUG59953: Kernel panic

BUG65252: External I/F link status shows down on Bridge mode

BUG60037: Traffic disrupted during config save with a large # of 1 to 1 Nat entries

BUG64920: Shrew client cannot connect with static IPs on 11.5.1

BUG65333: BOVPN latency is too high in 11.5.1

BUG65430: kernel reporting hung sm task after bootup

Bug65591: XTM830 the throughout will go down when traffic goes though many secondary IPs on external and Vlans on Trusted

RFE63940, BUG62222,BUG56839,BUG64511 : reduce the memory spike during signature update. Reduced memory during signature update will help resolve occurrence of GAV Job Open Failed errors and Proxy failures due to reaching low memory threshold.
BUG64546, BUG64857: changes to resolve file system writing error introduced in v11.5.1 on XTM 21-23 models. The file system error caused several problems such as; management access stops, wireless stops working, new connections through the Firebox may fail.

You can request 11.5.2 – CSP1 Build # 338385 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials. Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 21, 22, 23, 330, 505, 510, 520, 530, 810, 820, 830, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, FireBox, Internet Explorer, Internet Explorer 8, Internet Explorer 9, Microsoft, SBS 2003, SBS 2008, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 3, Service Pack 3, Small Business Server 2003, Small Business Server 2008, Small Business Server 2011, System Manager, Watchguard, Windows, Windows 2000, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP, WSM, XP Mode, XTM

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in the GAV (gateway anti-virus) scand process causes lag and typing delay in Remote Desktop Sessions (RDP) and SIP or VoIP latency issues

21/03/2012 Stuart Davey

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in scand process causes lag and typing delay in Remote Desktop Sessions (RDP). You may find that remote users report a lag with Remote Desktop Sessions, freezing sessions, black screen and random disconnections. At around the same time users report these issues you may find that the CPU usage of the scand process on your Watchguard has increased to 100% and the majority of the activity is attributed to the scand process. You may be able to recreate this issue by browsing websites that utilise lots of Adobe Flash or Media Content as GAV will need to scan all these elements of the web page. Login to the Watchguard System Manager and then open Firebox System Manager click on Status Report and scroll down the report until you find the Process List (Screenshot Below). This information will automatically update every 30 seconds so you can see the %CPU column will change and update every 30 seconds. The top value system shows the overall CPU utilisation and if you look further down you can see which sub processes are actually occupying the CPU time and making up the overall system usage. In the screenshot below we can see that system is showing 100 % CPU Usage and then further down we can see that the scand process is accounting for 90.99% of this. When the CPU Usage reaches 100% on the Watchguard unit it may stop forwarding other traffic and this accounts for the lag and jitter we see within the Remote Desktop Session. Other time sensitive traffic such as VoIP or SIP traffic may also be affected by this issue as the packets are delayed whilst the Firewall recovers from the resource exhaustion. Users may also report that web pages are slow to load at the time these issues occur where the GAV process is still dealing with the other requests.

Resolution/Workaround:

You can try disabling the GAV (gateway antivirus) for the HTTP and FTP Proxy to ensure that this is the actual cause of your issues, if the problem subsides then you may need to consider updating the XTM OS to the latest release i.e. 11.5.2 and/or adjusting the GAV policy so that it does not scan some content i.e. Images/Text within websites. You may also need to consider opening a support case with Watchguard to make them aware of this issue, if you have a large number of users then you may even need to consider upgrading your XTM appliance to a larger unit i.e. XTM 23 to XTM 505 or XTM 22 to XTM330 to provide additional processing power (CPU) and system resources to cope with the additional anti-virus scanning requirements.

Aid In IT

Tag Archives: Usage

Ntdsai.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

Ntdsai.dll – Pre Service Pack 3 Revision History for Windows Server 2008 SP2 and Windows Small Business Server 2008 (SBS 2008)

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in the GAV (gateway anti-virus) scand process causes lag and typing delay in Remote Desktop Sessions (RDP) and SIP or VoIP latency issues

IT – Software and Hardware Support Resources