Solved

High page file usage - lsass.exe using 2.2GBs

Posted on 2007-11-28
4
1,217 Views
Last Modified: 2008-03-04
Morning -

Exchange 2003 Enterprise configured in a two node active passive cluster.
4GBs of RAM installed and using 3GB switch.

Noticed that lsass.exe is using 2.2GBs.  Recrcmon.exe using 1.3GB.  Store using 672MB.
Server is a bit sluggish. When remoting to it  - receive out of resource errors.  Cannot run System Manager for same reason.

Do not think server is infected with sasser.

Any ideas?
0
Comment
Question by:javajo
  • 2
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ashutosh_kumar
ID: 20365900
Are you noticing any account lockout issues?

lsass.exe using 2.2 GBs is strange...there is possibility of virus on the server.

Please scan your system with antivirus.
0
 

Author Comment

by:javajo
ID: 20366000
Am noticing instances where i need to authenticate to server....

0
 
LVL 6

Accepted Solution

by:
ashutosh_kumar earned 500 total points
ID: 20366040
lsass.exe is the process that is responsible for Authentication and runs the Security Account Manager...

so, if there is a random password attack on a system then the CPU and memory usage of this process increases drastically.

use process explorer from
http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx

check the publisher of each process running and also its description...shut down unwanted process....

for the services the process explorer shows an extra tab in the properties of the process...check which services each process its running...
0
 

Author Comment

by:javajo
ID: 20366071
Thanks ashutosh!

I failed over to secondary node and everything appears to be fine now.  other serevr is hardly using lsass.exe.  14MB of VM

lsass.exe is back to normal on the other server as well after a reboot...


if lsass.exe was indeed a virus - how would it appear in process explorer?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now