Solved

What is causing lsass.exe process to consume so much cpu?

Posted on 2009-04-02
7
3,136 Views
Last Modified: 2012-05-06
We have a main office with 4 domain controllers.  DC1, DC2, DC3 and DC4.  Our SCOM monitoring system often reports the the LSASS process on DC1 is using a high amount of CPU.  The exact error as reported by SCOM:

The Domain Controller has high processor load on the LSASS process over several polling intervals.

DC1 is the PDC Emulator and RID Master.  

My question is - how can I pinpoint was is causing the LSASS process to use so much CPU?  The other 3 DCs in the site are not having the same problem.
0
Comment
Question by:dreadman2k
  • 4
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
meugen earned 500 total points
ID: 24057111
0
 
LVL 2

Author Comment

by:dreadman2k
ID: 24094340
Thanks for the link, definitely could be related to the PDCE role.  We're actually going through a disaster recovery exercise this weekend, so I will let you know what happens when we move the PDCE role.  Thanks for your help.
0
 
LVL 2

Author Comment

by:dreadman2k
ID: 24134098
Moved the PDCE role to another DC over the weekend and the cpu load has followed.  I will start a network monitor and see if I can determine where the LDAP traffic is coming from. Anyone have any other troubleshooting advice?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 2

Author Comment

by:dreadman2k
ID: 24382044
Using Wireshark I was able to pinpoint the source of the traffic and it turned out to be a script that was querying AD for users in a certain group.  This script was running every 15 minutes and causing the lsass.exe load.
0
 
LVL 1

Expert Comment

by:pkjesus
ID: 24593326
Hey dreadman,

I have more or less the same problem.
Could you please give some details on what you did exactly?

What did you look for in Wireshark? Was your script connected in any way with Group Policies?

Your help will be highly appreciated.
0
 
LVL 2

Author Comment

by:dreadman2k
ID: 24600785
PKjesus,

I will gather some info & post it herre for you. It looks like we're in different time zones & I don't have access to work at the moment. But there will be at least 1 more post here from me. So keep checking or follow the the discusion
0
 
LVL 1

Expert Comment

by:pkjesus
ID: 24600893
dreadman;

Thanks very much. I appreciate your help.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers how to install the Microsoft Windows Operating System (OS). What is covered in this article:  > Different Versions and Editions of the Windows OS  > Upgrading versus Fresh Installation of the OS           - Steps to take pr…
The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now