0 votes

Since upgrading to 2018.2 we are experiencing an issue where the Softerra.Adaxes.Service will consume all of the OS's available memory causing it to become unresponsive. If I try to restart the service, it will fail and stop. I will start the service and it will work for a little while normally, but then the issue will reoccur. The below message keeps repeating in the log every 5 to 10 minutes or so:

Internal event: The LDAP server has exceeded the limit of the LDAP Maximum Result Set Size. A stored Result Set will be discarded. This will result in a client being unable to continue a paged LDAP search.

I'm attempting to disable scheduled tasks one by one to see if any one is potentially causing the issue, but is there any way to increase the logging level for the service or figure out what might be causing the high memory utilization?

by (540 points)
0

Hello,

Since upgrading to 2018.2 we are experiencing an issue where the Softerra.Adaxes.Service will consume all of the OS's available memory causing it to become unresponsive. If I try to restart the service, it will fail and stop. I will start the service and it will work for a little while normally, but then the issue will reoccur.

Could you post here or send us (support[at]adaxes.com) the following details:

  • The length of Adaxes Command Queue. To check it:

    1. Get the backend port number of your Adaxes service. To do this:
      • In Adaxes Administration Console, right-click your service node.
      • Click Properties in the context menu.
      • The backend port will be displayed below the Check for updates button.
    2. Log on to the computer where Adaxes is installed.
    3. Stop Softerra Adaxes Service.
    4. Launch the LDP tool. To do this:
      • Press Win+R.
      • Type ldp.exe.
      • Press Enter.
    5. In the LDP tool window, click Connection and then click Connect.
    6. In the Server field specify the fully qualified domain name of Adaxes server.
    7. In the Port field, specify the service port you noted on step 1 and click OK.
    8. Click Connection and then click Bind.
    9. Specify the username, password and domain of the Adaxes service account (the account used to run Adaxes Service).
    10. Make sure that the Bind with credentials and Encrypt traffic after bind options are enabled and click OK.
    11. In the View menu, select Tree.
    12. In the Base DN drop-down list, select CN=Local Partition,CN={GUID}.
    13. Click OK.
    14. Navigate to CN=Local Partition,CN={GUID} \ CN=Adaxes ... \ CN=Pipeline Processor ... .
    15. Right-click CN=Command Queue ... and click Search.
    16. In the Filter field of the Search dialog, enter (objectClass=*).
    17. Select One level and click Run.
    18. In the Result Pane located to the right, check how many entries were fetched.
  • The actual size of the AdaxesLog.db3 file. By default, the file is located in folder C:\Program Files\Softerra\Adaxes 3\Service\LogDB\ on the computer where Adaxes service is installed.

is there any way to increase the logging level for the service or figure out what might be causing the high memory utilization?

There is no such possibility.

0

Below is the information you have requested:

0

Hello,

Could you check General log for operations executed when the memory gets low? For information on how to view General log, have a look at the following help article: https://www.adaxes.com/help/?Logging.Vi ... eLogl.html. Just refresh the log via F5 during the memory consumption period and note the operations displayed in the log. Then disable the objects that perform the operations and check the memory.

0

The memory consumption appears to correlate directly with the following scheduled task (the 1 hour difference is due to DST). Below is the script, do you see any issues with this? I've disabled it for now to see if the issue returns.

$o365Credential = $Context.GetOffice365Credential()
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $o365Credential -Authentication Basic -AllowRedirection
Import-PSSession $session

Add-MailboxPermission "%displayName%" -User "company administrator" -AccessRights 'FullAccess'

Remove-PSsession $session   

0

Hello,

We recommend you to use the following script instead of the one you currently have:

try
{
    # Get the object ID in Office 365
    $objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
}
catch
{
    return # The user doesn't have an Office 365 account
}

try
{
    # Connect to Exchange Online
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" `
        -Credential $Context.GetOffice365Credential() -Authentication Basic -AllowRedirection
    Import-PSSession $session -AllowClobber -DisableNameChecking -CommandName "Add-MailboxPermission"

    # Change mailbox type
    Add-MailboxPermission $objectId.ToString() -User "company administrator" -AccessRights 'FullAccess'
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}

It is a common practice to use try/finally when establishing sessions. If you have other scripts with the same approach, we recommend you to modify them to use try/finally too.

0

The issue has not returned so I think that confirms this task was the root cause. I've tried the updated version of the script that you posted, but I'm running into throttling issues on the O365 side, any techniques to avoid this?

0

Hello,

This happens because there is a new connection being established for each user for which the Scheduled Task is executed. Could you provide us with all the possible details regarding what exactly you need the script to do? It might be possible to set the permissions using the built-in Modify Exchange properties action without using a script.

0

Basically the script's sole purpose is to add full access for the company administrator to all mailboxes. Ideally you would only execute the script on mailboxes that do not already have the permission, but in my experience, doing a get-mailbox and then add-mailbox only exacerbates the throttling issue. To your point though, it seems we would be better off running this over DomainDNS instead of User so it can utilize the same session for all users?

0

Hello,

This might be not a good solution as the script will probably take a lot of time to run. For us to suggest a solution that will meet your needs, could you clarify whether the company administrator user exists in your on-premise Active Directory?

0

No it doesn't, this is a built-in group in exchange online/O365 that contains all O365 global admins.

1 Answer

0 votes
by (270k points)
selected by
Best answer

Hello,

Thank you for clarifying. We recommend the following solution:

  1. Update permissions for all existing mailboxes in Windows PowerShell using the below script. When prompted, enter the credentials of the account that was used to register your Office 365 tenant in Adaxes.
try
{
    # Connect to Exchange Online
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" `
        -Credential (Get-Credential) -Authentication Basic -AllowRedirection
    Import-PSSession $session -AllowClobber -DisableNameChecking -CommandName "Add-MailboxPermission", "Get-Mailbox"

    # Change mailbox type
    Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User "company administrator" -AccessRights 'FullAccess'
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}
  1. Use the Scheduled Task to update the permissions only for new users. You will need to mark the users by setting a specific property value. For example, you can set an Adaxes custom Boolean attribute (e.g. CustomAttributeBoolean1) to True after assigning Office 365 licenses in a Business Rule triggering After Creating a User. The Scheduled Task will run the script only for users that have the attribute set to true and have a mailbox. Also, the Scheduled Task will clear the attribute.
    The Business Rule will look like the following:

    The Scheduled Task in its turn will look like the following and use the below script:
try
{
    # Get the object ID in Office 365
    $objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
}
catch
{
    return # The user doesn't have an Office 365 account
}

try
{
    # Connect to Exchange Online
    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" `
        -Credential $Context.GetOffice365Credential() -Authentication Basic -AllowRedirection
    Import-PSSession $session -AllowClobber -DisableNameChecking -CommandName "Add-MailboxPermission"

    # Change mailbox type
    Add-MailboxPermission $objectId.ToString() -User "company administrator" -AccessRights 'FullAccess'
}
finally
{
    # Close the remote session and release resources
    if ($session) { Remove-PSSession $session }
}

Related questions

0 votes
1 answer

Dear Adaxes support, can you please advise if there an option to release memory, used by Adaxes service? I'm facing an issue with 2019.1 that after ... ) $computer.SetInfo() } } } Remove-Module $ConfigMgrModulePath -ErrorAction SilentlyContinue Thanks, Dmytro

asked Jun 25, 2019 by Dmytro.Rudyi (920 points)
0 votes
1 answer

Hello, I have a scheduled task running daily at 1am. After that the Softerra.Adaxes.Service.exe process is using most of the available memory and brings the server to ... the remote session and release resources if ($session) { Remove-PSSession $session } }

asked Jun 14, 2019 by ryan_breneman (920 points)
0 votes
1 answer

In past I am able to enable Auto Logon (Windows Integrated Auth) in our Internal Adaxes Server (full server) and in same time Form based auth for DMZ Based web server ... login when internal network but when outside, they should get the auth form for login.

asked Feb 20, 2019 by Brajesh (460 points)
0 votes
1 answer

We are in the process of upgrading from Adaxes 2014.1 to Adaxes 2018.2. In our current architecture we have the web interfaces deployed to their own websites in IIS. ... like to set distinct URLs for each web interface. Thanks in advance for any assistance.

asked Feb 11, 2019 by lgibbens (320 points)
0 votes
1 answer

Are charts supposed to be "clickable"? They are a nice overview but provide little value unless a user is able to drill-down into the charted information. Example ... we've upgraded from 2016. Just getting clarification on the functionality here. Thanks, Dave

asked Nov 8, 2018 by VTPatsFan (610 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users