Article ID: 2550044 - View products that this article applies to.
This issues symptoms may be seen in the following ways when this issue is occuring:
High LSASS.exe CPU utilization can be caused by many different single or combined issues. Nearly each cause and resolution for these issues are unique. However, included in Windows Server 2008 and later is the tool which assists in determining what the problem cause is. That tool is the Performance Monitor's Active Directory Data Collector Set.
To begin resolving this issue, run the Performance Monitor's Active Directory Data Collector Set on that domain controller while the problem is occurring. This tool uses performance counters and tracing to monitor the issue and then compiles a report which will show details of potential problems which need to be investigated as possible causes.
To run the Active Directory Data Collector follow these steps:
The report contains eight broad categories under Diagnostic Results which will contain information and conclusions in the report. These will not always tell the exact cause of the problem but can be used to determine where to investigate in order to find the exact cause.
Items to look at when facing high CPU utilization by Lsass.exe are the Diagnostic Results portion of the report, which will show general performance concerns. In addition, examining the Active Directory category will detail what actions-such as what LDAP queries are effecting performance-the domain controller is busy doing at that time.
Domain controllers are often most effected by remote queries from computers in the environment asking "expensive" queries, or subjecting them to a higher volume of queries. The Network portion of the report can be useful in determining the remote clients which are communicating most with the domain controller while the diagnostic was gathering data.
Lsass.exe (Local Security Authority Subsystem Service) is the process which, on an Active Directory domain controller, is responsible for providing Active Directory database lookups, authentication, and replication.
Additional information on how to troubleshoot the Lsass.exe process using a great deal of CPU utilization on an Active Directory domain controller is available at the AskDS Team Blog Post:
"Son of SPA: AD Data Collector Sets in Win2008 and beyond"
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.
Article ID: 2550044 - Last Review: May 16, 2011 - Revision: 1.0