Solved

Windows 2k domain controller has 100% CPU usage

Posted on 2009-04-02
8
300 Views
Last Modified: 2012-05-06
This is a school district.  We have 600 PCs, 1800 students, and 200 staff members.  We usually have 350-400 PCs in use at a time.  All users have redirected My documents... no roaming profiles.

I have a windows 2k server that is my primary domain controller.  It has been doing the same thing all year.  In the past 2 weeks I have noticed slow client login times and the CPU usage is always 95-100%.  Even at night when the server should be idle, the CPU is 85-90%.  I have 3 identical servers (hardware wise) and the other 2 are running 30%.

I have scanned for a virus.  I have checked for malware
This server is my print server, pdc, stores redirected documents, has a sql database for a cafeteria POS system.  I have not added any databases or other load to this server.

The biggest process is LSASS.EXE (usually around 25%). Services.exe is using 7-10%

The server has 2 2.0Ghz XEON processors, 6Gb of memory, W2k Advanced Server.  Hard drives are half full.  I check all of the processor and cooling fans and they are running.

Please help!  I don't know what else to check.
0
Comment
Question by:andyseals
  • 4
  • 3
8 Comments
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24049056
0
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24049092
What antivirus are you using? This could also be attributed to your anti-virus or other software you recently installed on this server. Mcafee Viruscan 8.0i with patch 11 is known to do this and a patch (VSE80HF256301) is available from McAfee
0
 

Author Comment

by:andyseals
ID: 24049424
I use Sophos anti-virus.  I have not installed any new software on this server for a couple of months.  The only thing new are the Windows Updates.  LSASS.EXE is not casuing any messages in the Event Log.
0
 
LVL 11

Expert Comment

by:bmatumbura
ID: 24049520
What services are running under the lsass.exe process? Download, extract and launch process explorer from:

http://download.sysinternals.com/Files/ProcessExplorer.zip

Locate and double-click the lsass.exe process and go to the services tab as shown in the attached image. What services are listed there?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:andyseals
ID: 24051037
It shows:
kdc
Netlogon
NtLmSsp
PolicyAgent
SamSs
0
 

Author Comment

by:andyseals
ID: 24107366
I uninstalled the last 5 windows updates installed on the server (they installed on 3/14 and that is when we noticed issues).  The server was restarted and the CPU usage dropped.  It was fine until yesterday.  It went back to 100% (no, the windows updates didn't reinstall).  Today it appears to be running better.  So something is still wrong, but not all the time.
0
 

Expert Comment

by:darkonex
ID: 24200673
Ya know what's wierd, our primary win2k3 domain controller has started acting silly the past couple weeks.  Today everything randomly got mega slow.  Most of the shared network space is on this server and even user's PST files are stored on it (which I didn't do and I'm correcting that) so when this server gets slow then everybody's PC starts dragging bad.  I was finally able to pull up taskmgr on it when this happened and saw 95% or so CPU usage pretty solid.  Eventvwr showed nothing going on out of the ordinary.  This went on for 10 min until I finally decided to reboot it.  It came back up and worked fine the rest of the day.  This is also the primary printer server, something else I'm in process of changing because 2 times last week the printers all suddenly vanished.  I had to restart the server service which in turn restarts print spooler, netlogon, and some others to fix.  

I really dunno what's going on but something is definitely amiss.  I do keep up to date with Windows Updates almost weekly but the last batch I installed were just this past weekend after the printer troubles already happened so I don't believe it's because of Windows updates.  This DC is running in a virtual machine hosted on VMWare ESX and has been running well overall for years, only recently it's been doing this random wierdness.  I have a feeling that it may just be that it's being overloaded with stuff that's why I'm in process of moving the PST files being accessed to the users's local machines and I setup a separate printer server in a VM and gonna move everybody to using that and hopefully it will help.  

The only thing I noticed on the CPU usage was the SYSTEM process was using sometimes up to 50% CPU while all this was happening, and random times throughout the day it was getting up there.  Hope you get yours fixed and if you have any suggestions for mine please holler.
0
 

Accepted Solution

by:
andyseals earned 0 total points
ID: 24390700
I found out that the problem was caused by the Offline files in a computer lab.  When I turned offline files off on those machines, the CPU usage went back to normail.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
Experts-Exchange users below are the steps you can follow to upgrade your Lync server to latest CU's or cumulative updates. Note: Perform it during non-production hours.   Step 1: Backup your lync and SQL server database. Follow below article: h…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now