Solved

High page file usage - lsass.exe using 2.2GBs

Posted on 2007-11-28
4
1,215 Views
Last Modified: 2008-03-04
Morning -

Exchange 2003 Enterprise configured in a two node active passive cluster.
4GBs of RAM installed and using 3GB switch.

Noticed that lsass.exe is using 2.2GBs.  Recrcmon.exe using 1.3GB.  Store using 672MB.
Server is a bit sluggish. When remoting to it  - receive out of resource errors.  Cannot run System Manager for same reason.

Do not think server is infected with sasser.

Any ideas?
0
Comment
Question by:javajo
  • 2
  • 2
4 Comments
 
LVL 6

Expert Comment

by:ashutosh_kumar
ID: 20365900
Are you noticing any account lockout issues?

lsass.exe using 2.2 GBs is strange...there is possibility of virus on the server.

Please scan your system with antivirus.
0
 

Author Comment

by:javajo
ID: 20366000
Am noticing instances where i need to authenticate to server....

0
 
LVL 6

Accepted Solution

by:
ashutosh_kumar earned 500 total points
ID: 20366040
lsass.exe is the process that is responsible for Authentication and runs the Security Account Manager...

so, if there is a random password attack on a system then the CPU and memory usage of this process increases drastically.

use process explorer from
http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx

check the publisher of each process running and also its description...shut down unwanted process....

for the services the process explorer shows an extra tab in the properties of the process...check which services each process its running...
0
 

Author Comment

by:javajo
ID: 20366071
Thanks ashutosh!

I failed over to secondary node and everything appears to be fine now.  other serevr is hardly using lsass.exe.  14MB of VM

lsass.exe is back to normal on the other server as well after a reboot...


if lsass.exe was indeed a virus - how would it appear in process explorer?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now