andyseals
asked on
Windows 2k domain controller has 100% CPU usage
This is a school district. We have 600 PCs, 1800 students, and 200 staff members. We usually have 350-400 PCs in use at a time. All users have redirected My documents... no roaming profiles.
I have a windows 2k server that is my primary domain controller. It has been doing the same thing all year. In the past 2 weeks I have noticed slow client login times and the CPU usage is always 95-100%. Even at night when the server should be idle, the CPU is 85-90%. I have 3 identical servers (hardware wise) and the other 2 are running 30%.
I have scanned for a virus. I have checked for malware
This server is my print server, pdc, stores redirected documents, has a sql database for a cafeteria POS system. I have not added any databases or other load to this server.
The biggest process is LSASS.EXE (usually around 25%). Services.exe is using 7-10%
The server has 2 2.0Ghz XEON processors, 6Gb of memory, W2k Advanced Server. Hard drives are half full. I check all of the processor and cooling fans and they are running.
Please help! I don't know what else to check.
I have a windows 2k server that is my primary domain controller. It has been doing the same thing all year. In the past 2 weeks I have noticed slow client login times and the CPU usage is always 95-100%. Even at night when the server should be idle, the CPU is 85-90%. I have 3 identical servers (hardware wise) and the other 2 are running 30%.
I have scanned for a virus. I have checked for malware
This server is my print server, pdc, stores redirected documents, has a sql database for a cafeteria POS system. I have not added any databases or other load to this server.
The biggest process is LSASS.EXE (usually around 25%). Services.exe is using 7-10%
The server has 2 2.0Ghz XEON processors, 6Gb of memory, W2k Advanced Server. Hard drives are half full. I check all of the processor and cooling fans and they are running.
Please help! I don't know what else to check.
http://support.microsoft.com/kb/842382
What antivirus are you using? This could also be attributed to your anti-virus or other software you recently installed on this server. Mcafee Viruscan 8.0i with patch 11 is known to do this and a patch (VSE80HF256301) is available from McAfee
ASKER
I use Sophos anti-virus. I have not installed any new software on this server for a couple of months. The only thing new are the Windows Updates. LSASS.EXE is not casuing any messages in the Event Log.
What services are running under the lsass.exe process? Download, extract and launch process explorer from:
http://download.sysinternals.com/Files/ProcessExplorer.zip
Locate and double-click the lsass.exe process and go to the services tab as shown in the attached image. What services are listed there?
http://download.sysinternals.com/Files/ProcessExplorer.zip
Locate and double-click the lsass.exe process and go to the services tab as shown in the attached image. What services are listed there?
ASKER
It shows:
kdc
Netlogon
NtLmSsp
PolicyAgent
SamSs
kdc
Netlogon
NtLmSsp
PolicyAgent
SamSs
ASKER
I uninstalled the last 5 windows updates installed on the server (they installed on 3/14 and that is when we noticed issues). The server was restarted and the CPU usage dropped. It was fine until yesterday. It went back to 100% (no, the windows updates didn't reinstall). Today it appears to be running better. So something is still wrong, but not all the time.
Ya know what's wierd, our primary win2k3 domain controller has started acting silly the past couple weeks. Today everything randomly got mega slow. Most of the shared network space is on this server and even user's PST files are stored on it (which I didn't do and I'm correcting that) so when this server gets slow then everybody's PC starts dragging bad. I was finally able to pull up taskmgr on it when this happened and saw 95% or so CPU usage pretty solid. Eventvwr showed nothing going on out of the ordinary. This went on for 10 min until I finally decided to reboot it. It came back up and worked fine the rest of the day. This is also the primary printer server, something else I'm in process of changing because 2 times last week the printers all suddenly vanished. I had to restart the server service which in turn restarts print spooler, netlogon, and some others to fix.
I really dunno what's going on but something is definitely amiss. I do keep up to date with Windows Updates almost weekly but the last batch I installed were just this past weekend after the printer troubles already happened so I don't believe it's because of Windows updates. This DC is running in a virtual machine hosted on VMWare ESX and has been running well overall for years, only recently it's been doing this random wierdness. I have a feeling that it may just be that it's being overloaded with stuff that's why I'm in process of moving the PST files being accessed to the users's local machines and I setup a separate printer server in a VM and gonna move everybody to using that and hopefully it will help.
The only thing I noticed on the CPU usage was the SYSTEM process was using sometimes up to 50% CPU while all this was happening, and random times throughout the day it was getting up there. Hope you get yours fixed and if you have any suggestions for mine please holler.
I really dunno what's going on but something is definitely amiss. I do keep up to date with Windows Updates almost weekly but the last batch I installed were just this past weekend after the printer troubles already happened so I don't believe it's because of Windows updates. This DC is running in a virtual machine hosted on VMWare ESX and has been running well overall for years, only recently it's been doing this random wierdness. I have a feeling that it may just be that it's being overloaded with stuff that's why I'm in process of moving the PST files being accessed to the users's local machines and I setup a separate printer server in a VM and gonna move everybody to using that and hopefully it will help.
The only thing I noticed on the CPU usage was the SYSTEM process was using sometimes up to 50% CPU while all this was happening, and random times throughout the day it was getting up there. Hope you get yours fixed and if you have any suggestions for mine please holler.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.