Conficker causes LSASS to consume CPU Time on Domain Controllers

Hi Gautam here, I wanted to blog about a high-impact problem we have been seeing recently. The problem has to do with LSASS consuming a lot of CPU time on your Domain Controllers (DC’s). The cause of this high CPU turns out to be Conficker infected computers throwing bad passwords against the DC’s. The rate… Read more

Understanding “Read Only Domain Controller” authentication

Hello there. Bob Drake here to discuss how Windows Server 2008 “Read Only Domain Controllers” (RODC’s) authenticate users differently from the way Windows Server 2003 and Windows Server 2008 standard domain controllers do. The “Read Only Domain Controller” is new to Windows Server 2008 and allows for the installation of a domain controller to accommodate… Read more

Troubleshooting High LSASS CPU Utilization on a Domain Controller (Part 2 of 2)-

Last time I discussed troubleshooting the most common high CPU scenario within LSASS, which is the server being beaten up by a remote machine. Let’s talk now about the much less common but still possible: You find that the problem is coming from the DC itself. As I said in the previous post, this is… Read more

Troubleshooting High LSASS CPU Utilization on a Domain Controller (Part 1 of 2)

Hi, Ned here. Today I’m going to talk about troubleshooting Domain Controllers that are responding poorly due to high LSASS CPU utilization. I’ve split this article into two parts because there are actually two major forks that happen in this scenario: · You find that the problem is coming from the network and affecting the… Read more