Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What is causing lsass.exe process to consume so much cpu?

Posted on 2009-04-02
7
Medium Priority
?
3,277 Views
Last Modified: 2012-05-06
We have a main office with 4 domain controllers.  DC1, DC2, DC3 and DC4.  Our SCOM monitoring system often reports the the LSASS process on DC1 is using a high amount of CPU.  The exact error as reported by SCOM:

The Domain Controller has high processor load on the LSASS process over several polling intervals.

DC1 is the PDC Emulator and RID Master.  

My question is - how can I pinpoint was is causing the LSASS process to use so much CPU?  The other 3 DCs in the site are not having the same problem.
0
Comment
Question by:dreadman2k
  • 4
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
meugen earned 1500 total points
ID: 24057111
0
 
LVL 2

Author Comment

by:dreadman2k
ID: 24094340
Thanks for the link, definitely could be related to the PDCE role.  We're actually going through a disaster recovery exercise this weekend, so I will let you know what happens when we move the PDCE role.  Thanks for your help.
0
 
LVL 2

Author Comment

by:dreadman2k
ID: 24134098
Moved the PDCE role to another DC over the weekend and the cpu load has followed.  I will start a network monitor and see if I can determine where the LDAP traffic is coming from. Anyone have any other troubleshooting advice?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 2

Author Comment

by:dreadman2k
ID: 24382044
Using Wireshark I was able to pinpoint the source of the traffic and it turned out to be a script that was querying AD for users in a certain group.  This script was running every 15 minutes and causing the lsass.exe load.
0
 
LVL 1

Expert Comment

by:pkjesus
ID: 24593326
Hey dreadman,

I have more or less the same problem.
Could you please give some details on what you did exactly?

What did you look for in Wireshark? Was your script connected in any way with Group Policies?

Your help will be highly appreciated.
0
 
LVL 2

Author Comment

by:dreadman2k
ID: 24600785
PKjesus,

I will gather some info & post it herre for you. It looks like we're in different time zones & I don't have access to work at the moment. But there will be at least 1 more post here from me. So keep checking or follow the the discusion
0
 
LVL 1

Expert Comment

by:pkjesus
ID: 24600893
dreadman;

Thanks very much. I appreciate your help.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question