We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

Log message 'Size limit exceeded' reported in the phibs.log

  • Type: Knowledgebase
  • Date changed: 8 years ago
Solution 00005270 

 
Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x

 
Symptoms:

This message is reported in the "Log" > "Box" > "Control" > "phibs.log":

MSAD-Offline-Groups Search for groups on x.x.x.x failed (Size limit exceeded) (bad Active-Directory-configuration?). MSAD-group sync failed

What does it mean?


 

Solution:

This messages occurs if the size for the synced authentication group is too big. Microsoft Active Directories limitate the size of its answer of a request to avoid DOS-attacks. The groups will be synced from the BaseDN downward, the answer of your configured BaseDN contains too much data. So the Active Directory only answers with "Size limit exceeded", which is logged in your phibs-log.


You have to set a more specific BaseDN in order to decrease the size.


Examples:

Bigger request size of groups:BaseDN = OU=de,DC=mydomain,DC=com

Smaller request size of grous:BaseDN = OU=groups,OU=users,OU=de,DC=mydomain,DC=comOn the other side you also can increase on Active Directory side the maximum allowed request size. View this Microsoft-KB-Article how to do this - the concerning parameter ist MaxPageSize. This parameter is per default 1000, so a LDAP-request must not have more than 1000 results. Use NTDSUTIL as described in the article to increase this value.



Link to This Page:
https://campus.barracuda.com/solution/50160000000IKb1AAG