0

SBS Server 2008 with everything running on it (AD/PDC, SQL 2012, FileServer, RDP Gateway, WSUS, No Exchange though).

Every 30 minutes on the hour and half hour, lsass.exe uses 25% of the CPU (1 core at 100%). At this time it's reading/writing from ntds.dit, edb.log, edb.chk. This lasts for approx 2 minutes during which it affects the performance of the server (obviously).

Has anyone got any idea what is causing this?

I've already gone through Task Scheduler looking for a culprit and it's not there. Next step will be checking Group Policy running schedule, it's possible it's set to every 30 minutes, but lsass is not involved when I run gpupdate manually and gpupdate completes in 5 secs or so with no CPU use.

Any other ideas what to look for?

Dom
  • 731
  • 1
  • 8
  • 19
  • As an aside, SQL Server (Express) jumps to 25% CPU use for 2 seconds, twice during this lsass problem. This happens whether or not it's under significant load from users. – Dom Sep 06 '13 at 07:41

1 Answers1

0

OK I figured it out.

lsass.exe is clearing the Locked Accounts and failed login history. For some reason this takes 1 entire CPU at 100% for almost a minute.

This is controlled by Group Policy in the Windows Security Settings under Account Lockout. I had it set to 30/30 and when I changed it to 45/45 it started happening on 45 mins past the hour. I now have it run once daily only.

Dom
  • 731
  • 1
  • 8
  • 19