We have a ton of lookups occurring every 15 minutes from one particular LIF. I did a packet capture on the ifgrp that the lif uses to troubleshoot why a specific SID lookup failure is logged every 15 minutes and discovered this. The SID in question is an orphaned SID. We have a lot of them.
Also noteworthy...there are a lot packets going to/from our unified manager server mixed in these lsa lookupsids 2 calls. I shut down our OCUM instance prior to one of these 15 minute intervals and the SID lookup failure did not happen.
Questions:
What is happening from OCUM that triggers a bunch of LDAP lookups to occur? Some lookup related to user quotas on volumes? We leverage AD in our ldap client setup on the filer.