[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

High page file usage - lsass.exe using 2.2GBs

Posted on 2007-11-28
4
Medium Priority
?
1,232 Views
Last Modified: 2008-03-04
Morning -

Exchange 2003 Enterprise configured in a two node active passive cluster.
4GBs of RAM installed and using 3GB switch.

Noticed that lsass.exe is using 2.2GBs.  Recrcmon.exe using 1.3GB.  Store using 672MB.
Server is a bit sluggish. When remoting to it  - receive out of resource errors.  Cannot run System Manager for same reason.

Do not think server is infected with sasser.

Any ideas?
0
Comment
Question by:javajo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ashutosh_kumar
ID: 20365900
Are you noticing any account lockout issues?

lsass.exe using 2.2 GBs is strange...there is possibility of virus on the server.

Please scan your system with antivirus.
0
 

Author Comment

by:javajo
ID: 20366000
Am noticing instances where i need to authenticate to server....

0
 
LVL 6

Accepted Solution

by:
ashutosh_kumar earned 2000 total points
ID: 20366040
lsass.exe is the process that is responsible for Authentication and runs the Security Account Manager...

so, if there is a random password attack on a system then the CPU and memory usage of this process increases drastically.

use process explorer from
http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx

check the publisher of each process running and also its description...shut down unwanted process....

for the services the process explorer shows an extra tab in the properties of the process...check which services each process its running...
0
 

Author Comment

by:javajo
ID: 20366071
Thanks ashutosh!

I failed over to secondary node and everything appears to be fine now.  other serevr is hardly using lsass.exe.  14MB of VM

lsass.exe is back to normal on the other server as well after a reboot...


if lsass.exe was indeed a virus - how would it appear in process explorer?
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question