dreadman2k
asked on
What is causing lsass.exe process to consume so much cpu?
We have a main office with 4 domain controllers. DC1, DC2, DC3 and DC4. Our SCOM monitoring system often reports the the LSASS process on DC1 is using a high amount of CPU. The exact error as reported by SCOM:
The Domain Controller has high processor load on the LSASS process over several polling intervals.
DC1 is the PDC Emulator and RID Master.
My question is - how can I pinpoint was is causing the LSASS process to use so much CPU? The other 3 DCs in the site are not having the same problem.
The Domain Controller has high processor load on the LSASS process over several polling intervals.
DC1 is the PDC Emulator and RID Master.
My question is - how can I pinpoint was is causing the LSASS process to use so much CPU? The other 3 DCs in the site are not having the same problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Moved the PDCE role to another DC over the weekend and the cpu load has followed. I will start a network monitor and see if I can determine where the LDAP traffic is coming from. Anyone have any other troubleshooting advice?
ASKER
Using Wireshark I was able to pinpoint the source of the traffic and it turned out to be a script that was querying AD for users in a certain group. This script was running every 15 minutes and causing the lsass.exe load.
Hey dreadman,
I have more or less the same problem.
Could you please give some details on what you did exactly?
What did you look for in Wireshark? Was your script connected in any way with Group Policies?
Your help will be highly appreciated.
I have more or less the same problem.
Could you please give some details on what you did exactly?
What did you look for in Wireshark? Was your script connected in any way with Group Policies?
Your help will be highly appreciated.
ASKER
PKjesus,
I will gather some info & post it herre for you. It looks like we're in different time zones & I don't have access to work at the moment. But there will be at least 1 more post here from me. So keep checking or follow the the discusion
I will gather some info & post it herre for you. It looks like we're in different time zones & I don't have access to work at the moment. But there will be at least 1 more post here from me. So keep checking or follow the the discusion
dreadman;
Thanks very much. I appreciate your help.
Thanks very much. I appreciate your help.
ASKER