One possible cause of the subject condition is the setting of CrashOnAuditFail to 1
AND
having the Security log set to Do Not Overwrite Events (Clear Log Manually).
With the above two settings, all auditable processes are shut down when the Security log becomes full.
To workaround this condition, either set CrashOnAuditFail to 0 or increase the size of the security log (or allow event log Wrapping).
NOTE: The C2 Configuration Manager will cause these restrictive settings to happen.
0 comments
Hide comments