typetoit
asked on
Why would adding TLS to a database server cause the local security authority process to run really high
I have two servers behind a firewall on a local network. I have a Windows 2008 database server that I added the TLS 1.0 Protocol under the Schannel registry key. Then the local security authority process (lsass) on both the Windows 2012 web server and the Windows 2008 database server starts to run high. Some times the lsass is running at 60% of the CPU. The average can be 15-20% during the day when there is web activity. I have added Client keys to TLS 1.0, TLS 1.1, and TLS 1.2 and added DisabledByDefault = 1, forcing the web server to connect to the database server through SSL 3.0. I have enabled the same ciphers on the database server as the web server. Nothing seems to work. I am not sure where to go from here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I worked out the solution for myself. I thought I would share the solution with the community.
If it's virtual, check that it's actually using a large amount of CPU by checking the performance counters on the host.
CPU measurements inside of a VM are often not accurate, because an accurate measurement depends on being able to see the idle CPU cycles. Since a VM is only offered CPU cycles when there's a demand, there are fewer (or even zero) idle CPU cycles.