Lsass Hogs CPU

Learn how to fix a PDC that’s leaking memory.


August 30, 2004

1 Min Read
ITPro Today logo

My company recently experienced a problem in which administrators and Help desk technicians had trouble opening User Manager and Server Manager. The tools typically wouldn't open and generated a timeout error; if the tools did open, the process took 30­60 seconds.

We checked our Windows NT PDC and noticed that lsass.exe was using 90 percent to 99 percent of the CPU. Lsass authenticates logon credentials that the Winlogon process passes against the SAM or other authentication packages. We rebooted the PDC, and the problem appeared to be resolved. However, the problem resurfaced a few days later.

We then used a previously created Performance Monitor baseline to check the Process object. We used the Working Set, Page File Bytes, Pool Nonpaged Bytes, Pool Paged Bytes, and Thread Count counters to check Lsass's usage. Comparing our baseline with real-time performance showed that we had a memory leak.

We found the Microsoft article "Windows NT Primary Domain Controller May Leak Memory in Lsass.exe" (, which discusses this problem and the related hotfix. We installed the hotfix and rebooted the PDC, and we've since had no problems with Lsass on the PDC.

About the Author(s)

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like