Solved

Windows 2k domain controller has 100% CPU usage

Posted on 2009-04-02
8
294 Views
Last Modified: 2012-05-06
This is a school district.  We have 600 PCs, 1800 students, and 200 staff members.  We usually have 350-400 PCs in use at a time.  All users have redirected My documents... no roaming profiles.

I have a windows 2k server that is my primary domain controller.  It has been doing the same thing all year.  In the past 2 weeks I have noticed slow client login times and the CPU usage is always 95-100%.  Even at night when the server should be idle, the CPU is 85-90%.  I have 3 identical servers (hardware wise) and the other 2 are running 30%.

I have scanned for a virus.  I have checked for malware
This server is my print server, pdc, stores redirected documents, has a sql database for a cafeteria POS system.  I have not added any databases or other load to this server.

The biggest process is LSASS.EXE (usually around 25%). Services.exe is using 7-10%

The server has 2 2.0Ghz XEON processors, 6Gb of memory, W2k Advanced Server.  Hard drives are half full.  I check all of the processor and cooling fans and they are running.

Please help!  I don't know what else to check.
0
Comment
Question by:andyseals
  • 4
  • 3
8 Comments
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24049056
0
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24049092
What antivirus are you using? This could also be attributed to your anti-virus or other software you recently installed on this server. Mcafee Viruscan 8.0i with patch 11 is known to do this and a patch (VSE80HF256301) is available from McAfee
0
 

Author Comment

by:andyseals
ID: 24049424
I use Sophos anti-virus.  I have not installed any new software on this server for a couple of months.  The only thing new are the Windows Updates.  LSASS.EXE is not casuing any messages in the Event Log.
0
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24049520
What services are running under the lsass.exe process? Download, extract and launch process explorer from:

http://download.sysinternals.com/Files/ProcessExplorer.zip

Locate and double-click the lsass.exe process and go to the services tab as shown in the attached image. What services are listed there?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:andyseals
ID: 24051037
It shows:
kdc
Netlogon
NtLmSsp
PolicyAgent
SamSs
0
 

Author Comment

by:andyseals
ID: 24107366
I uninstalled the last 5 windows updates installed on the server (they installed on 3/14 and that is when we noticed issues).  The server was restarted and the CPU usage dropped.  It was fine until yesterday.  It went back to 100% (no, the windows updates didn't reinstall).  Today it appears to be running better.  So something is still wrong, but not all the time.
0
 

Expert Comment

by:darkonex
ID: 24200673
Ya know what's wierd, our primary win2k3 domain controller has started acting silly the past couple weeks.  Today everything randomly got mega slow.  Most of the shared network space is on this server and even user's PST files are stored on it (which I didn't do and I'm correcting that) so when this server gets slow then everybody's PC starts dragging bad.  I was finally able to pull up taskmgr on it when this happened and saw 95% or so CPU usage pretty solid.  Eventvwr showed nothing going on out of the ordinary.  This went on for 10 min until I finally decided to reboot it.  It came back up and worked fine the rest of the day.  This is also the primary printer server, something else I'm in process of changing because 2 times last week the printers all suddenly vanished.  I had to restart the server service which in turn restarts print spooler, netlogon, and some others to fix.  

I really dunno what's going on but something is definitely amiss.  I do keep up to date with Windows Updates almost weekly but the last batch I installed were just this past weekend after the printer troubles already happened so I don't believe it's because of Windows updates.  This DC is running in a virtual machine hosted on VMWare ESX and has been running well overall for years, only recently it's been doing this random wierdness.  I have a feeling that it may just be that it's being overloaded with stuff that's why I'm in process of moving the PST files being accessed to the users's local machines and I setup a separate printer server in a VM and gonna move everybody to using that and hopefully it will help.  

The only thing I noticed on the CPU usage was the SYSTEM process was using sometimes up to 50% CPU while all this was happening, and random times throughout the day it was getting up there.  Hope you get yours fixed and if you have any suggestions for mine please holler.
0
 

Accepted Solution

by:
andyseals earned 0 total points
ID: 24390700
I found out that the problem was caused by the Offline files in a computer lab.  When I turned offline files off on those machines, the CPU usage went back to normail.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now