Sunday, February 10, 2008

Does the LSASS.EXE have enough memory, on your Domain Controller?

The Key performance of the DC (Domain Controller) is the how much of the database can be cached into the memory. The process is responsible from this task is the LSAAA.EXE caching mechanism, releases cache to free memory when OS requires it. The Domain controller who are not strong enough (low memory) will not be able cache as much and this will be noticeable performance issue on the Domain controller. Therefore it is a good idea to make sure the DC's have enough memory installed on them and the other processes are not eating up from DC memory.

The core Process LSASS.EXE is also responsible from replication, authentication, Net logon, and KCC. If the LSASS is not happy this is going to cause Busy and tired DC (Domain Controller). Any other process other than LSASS MUST be investigated on the domain controllers if they are utilizing most of the CPU resources on a Domain Controller.

The similar behavior in Exchange is the Store.exe if you remember.

What is LSASS.EXE, The LSAS management of local security authority domain authentication and Active Directory Management?

The Lsass.exe process is responsible for management of local security authority domain authentication and Active Directory management. This process handles authentication for both the client and the server, and it also governs the Active Directory engine. The Lsass.exe process is responsible for the following components:

  • Local Security Authority
  • Net Logon service
  • Security Accounts Manager service
  • LSA Server service
  • Secure Sockets Layer (SSL)
  • Kerberos v5 authentication protocol
  • NTLM authentication protocol

Lsass.exe usually uses 100 MB to 300 MB of memory. Lsass.exe uses the same amount of memory no matter how much RAM is installed in the computer. However, when a larger amount of RAM is installed, Lsass can use more RAM and less virtual memory

Have you ever used Server Performance Advisor V1.0 this is FREE Utility from Microsoft. Service Performance Advisor is a server performance diagnostic tool developed to diagnose root causes of performance problems in a Windows Server™ 2003 operating system.


Oz Ozugurlu
Systems Engineer
Security Project+ Server+ (Blog)

1 comment:

Sarah Hall said...

Thanks for the personalized updates! With your assistance, my Operating System works in sooth speedy:) I have to write my resume, but still can't leave your interesting blog... Wish me luck!