Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-47187

Add startup warning when SeIncreaseWorkingSetPrivilege not present

    • Type: Icon: Improvement Improvement
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.0.19, 4.2.8, 4.4.0-rc5, 4.7.0
    • Affects Version/s: 4.2.5, 4.0.17
    • Component/s: None
    • Labels:
    • Fully Compatible
    • v4.4, v4.2, v4.0
    • Security 2020-04-20

      SERVER-23705 added code to enable the SeIncreaseWorkingSetPrivilege privilege for the mongod process on Windows.

      If the server is running a locked down configuration, mongod is denied the privilege grant and the following warning is logged to stdout only during startup:

      2020-03-26T16:03:35.664+1100 W -        [main] Failed to adjust token privilege for privilege 'SeIncreaseWorkingSetPrivilege'

      The log message can be easily missed, and if encryption at rest is in use the following fassert() can be easily hit after 10's of databases are loaded:

      2020-03-18T07:32:00.387+0800 F -        [conn301] Failed to SetProcessWorkingSetSizeEx: A required privilege is not held by the client.
      2020-03-18T07:32:00.387+0800 F -        [conn301] Fatal Assertion 40286 at src\mongo\base\secure_allocator.cpp 154

      It would be good to log a startup warning that the required privilege is not available for use, so that the Windows system configuration can be corrected.

            mark.benvenuto@mongodb.com Mark Benvenuto
            john.murphy@mongodb.com John Murphy
            0 Vote for this issue
            3 Start watching this issue