Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

What is causing lsass.exe process to consume so much cpu?

Posted on 2009-04-02
7
Medium Priority
?
3,253 Views
Last Modified: 2012-05-06
We have a main office with 4 domain controllers.  DC1, DC2, DC3 and DC4.  Our SCOM monitoring system often reports the the LSASS process on DC1 is using a high amount of CPU.  The exact error as reported by SCOM:

The Domain Controller has high processor load on the LSASS process over several polling intervals.

DC1 is the PDC Emulator and RID Master.  

My question is - how can I pinpoint was is causing the LSASS process to use so much CPU?  The other 3 DCs in the site are not having the same problem.
0
Comment
Question by:dreadman2k
  • 4
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
meugen earned 1500 total points
ID: 24057111
0
 
LVL 2

Author Comment

by:dreadman2k
ID: 24094340
Thanks for the link, definitely could be related to the PDCE role.  We're actually going through a disaster recovery exercise this weekend, so I will let you know what happens when we move the PDCE role.  Thanks for your help.
0
 
LVL 2

Author Comment

by:dreadman2k
ID: 24134098
Moved the PDCE role to another DC over the weekend and the cpu load has followed.  I will start a network monitor and see if I can determine where the LDAP traffic is coming from. Anyone have any other troubleshooting advice?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 2

Author Comment

by:dreadman2k
ID: 24382044
Using Wireshark I was able to pinpoint the source of the traffic and it turned out to be a script that was querying AD for users in a certain group.  This script was running every 15 minutes and causing the lsass.exe load.
0
 
LVL 1

Expert Comment

by:pkjesus
ID: 24593326
Hey dreadman,

I have more or less the same problem.
Could you please give some details on what you did exactly?

What did you look for in Wireshark? Was your script connected in any way with Group Policies?

Your help will be highly appreciated.
0
 
LVL 2

Author Comment

by:dreadman2k
ID: 24600785
PKjesus,

I will gather some info & post it herre for you. It looks like we're in different time zones & I don't have access to work at the moment. But there will be at least 1 more post here from me. So keep checking or follow the the discusion
0
 
LVL 1

Expert Comment

by:pkjesus
ID: 24600893
dreadman;

Thanks very much. I appreciate your help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question