• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1237
  • Last Modified:

High page file usage - lsass.exe using 2.2GBs

Morning -

Exchange 2003 Enterprise configured in a two node active passive cluster.
4GBs of RAM installed and using 3GB switch.

Noticed that lsass.exe is using 2.2GBs.  Recrcmon.exe using 1.3GB.  Store using 672MB.
Server is a bit sluggish. When remoting to it  - receive out of resource errors.  Cannot run System Manager for same reason.

Do not think server is infected with sasser.

Any ideas?
0
javajo
Asked:
javajo
  • 2
  • 2
1 Solution
 
ashutosh_kumarCommented:
Are you noticing any account lockout issues?

lsass.exe using 2.2 GBs is strange...there is possibility of virus on the server.

Please scan your system with antivirus.
0
 
javajoAuthor Commented:
Am noticing instances where i need to authenticate to server....

0
 
ashutosh_kumarCommented:
lsass.exe is the process that is responsible for Authentication and runs the Security Account Manager...

so, if there is a random password attack on a system then the CPU and memory usage of this process increases drastically.

use process explorer from
http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx

check the publisher of each process running and also its description...shut down unwanted process....

for the services the process explorer shows an extra tab in the properties of the process...check which services each process its running...
0
 
javajoAuthor Commented:
Thanks ashutosh!

I failed over to secondary node and everything appears to be fine now.  other serevr is hardly using lsass.exe.  14MB of VM

lsass.exe is back to normal on the other server as well after a reboot...


if lsass.exe was indeed a virus - how would it appear in process explorer?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now