CSA 6.0 - Trying to diagnose RULE_RESUBMIT_LIMIT_EXCEEDED message

5tscire · ‎12-02-2008

We are running CSA 6.0 and received a "The rule request has been submitted to the Rule Engine the maximum number of times. This request is no longer blockable, and the default action will be taken" message in the log. I am having trouble making sense of the details of the event and wonder if anyone could help?

ApiOperation: GuiCheck

Credentials: os=win32,T=CORPTST\09047018,t=010500000000000515000000CAC4521CCDB02C67A2200F11C1D40500, G=CORPTST\Domain Users,g=010500000000000515000000CAC4521CCDB02C67A2200F1101020000

CallStack:

okclient+0x43313

okclient+0x42ba5

okclient+0x9e26

okclient+0x9762

kernel32!DeviceIoControl+0x4c

ntdll!NtDeviceIoControlFile+0xc

ntdll!KiFastSystemCallRet

Flattened Form:

(t-1228170993 n-346584400 z--21600 sm-127 sc-9 dm-1 dc-7 cd-234 p*(i-501 i-5 r*(type-17 time-4369 pnd-83886106 rid-83887353 rapi*(pid-3972 tid-3864 op-32 cr-Owin32%00TCORPTST\09047018%00t010500000000000515000000CAC4521CCDB02C67A2200F11C1D40500% 00GCORPTST\Domain%20Users%00g010500000000000515000000CAC4521CCDB02C67A2200F1101020000%00 cs-okclient=48e61f76,2,snfrtLo-akMzolXs3YtD25GrlMoiaaaaVT2ySLwzUrNlWrMyaa\kernel32= 462353be,2,snfrtHV-L5mOwkMrC6jYVj2yebJaaaaaRvMCUvgBZiJlWrMyaa\ntdll=41107f17,2,snfrtv7xrzZqqtErrAVC67ck4bSaaaaaUrhzSXMlWrMyaa\ \okclient+0x43313\okclient+0x42ba5\okclient+0x9e26\okclient+0x9762\kernel32!DeviceIoControl+ 0x4c\ntdll!NtDeviceIoControlFile+0xc\ntdll!KiFastSystemCall+0x9 ) ) ) )

Thanks in advance!

tsteger1 · ‎12-05-2008

Was there more info on the details page and do you have symbol resolution enabled?

Tom

5tscire · ‎12-05-2008

Unfortunately there was no more detail on the details page. We had symbol resolution enabled on it. We opened a ticket with TAC and are reviewing with them. Thanks for your input!

tsteger1 · ‎12-08-2008

You're welcome. Let us know what you find out.

Tom