Why would adding TLS to a database server cause the local security authority process to run really high

typetoit used Ask the Experts™
I have two servers behind a firewall on a local network.  I have a Windows 2008 database server that I added the TLS 1.0 Protocol under the Schannel registry key.  Then the local security authority process (lsass) on both the Windows 2012 web server and the Windows 2008 database server starts to run high.  Some times the lsass is running at 60% of the CPU.  The average can be 15-20% during the day when there is web activity.  I have added Client keys to TLS 1.0, TLS 1.1, and TLS 1.2 and added DisabledByDefault = 1, forcing the web server to connect to the database server through SSL 3.0.  I have enabled the same ciphers on the database server as the web server.  Nothing seems to work.  I am not sure where to go from here.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Is this a physical or a virtual machine?

If it's virtual, check that it's actually using a large amount of CPU by checking the performance counters on the host.

CPU measurements inside of a VM are often not accurate, because an accurate measurement depends on being able to see the idle CPU cycles.  Since a VM is only offered CPU cycles when there's a demand, there are fewer (or even zero) idle CPU cycles.
I have finally figured out the issue.  I needed to add the Enabled = ffffff to the Client key under SSL 3.0 and Enabled = 0 to the TLS 1.0.  This brought the lsass down to normal again.


I worked out the solution for myself.  I thought I would share the solution with the community.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial