Excessive SSSD logging: cache_req_common_process_dp_reply: Domain not found

Solution Verified - Updated -

Issue

After installing or upgrading to RHEL 8.9, a host with a direct integration to a multi-domain AD forest will generate numerous SSSD messages relating to unknown domains and domains not being found.

The sssd_nss.log contains "cache_req_common_process_dp_reply: Domain not found" messages.
The sssd_$domain.log contains "Unknown domain: ad3.corp.example.com" messages.

The messages can be produced at a rate of several hundred per second.

Using the ad_enabled_domains to filter out or exclude the domains does not reduce or eliminate the generation of the log messages.

Environment

  • Red Hat Enterprise Linux 9.x, 8.10 and 8.9
RHEL-8.10
  redhat-release-8.10-0.3.el8.x86_64
  sssd-2.9.4-4.el8_10.x86_64
RHEL-8.9
  redhat-release-8.9-0.1.el8.x86_64
  sssd-2.9.1-4.el8_9.x86_64
  • Direct Active Directory integration
  • Multi-domain Active Directory Forest

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content