Remove From My Forums

svchost.exe is taking high CPU utilization on 10 to 15 DCs and some time lsass.exe in my domain

Question
0

Sign in to vote
svchost.exe and lsass.exe is taking high CPU utilization on 10 to 15 DCs in my domain ?

How can i troubleshoot this?

I have windows server 2008R2 domain controllers and all CPU high DCs are not rebooted more than 1 month.
- Edited by Mr. Raj Thursday, September 20, 2012 4:41 PM
Thursday, September 20, 2012 4:40 PM

Answers

0

Sign in to vote
Please follow the below articles.

http://blogs.technet.com/b/askds/archive/2007/08/20/troubleshooting-high-lsass-cpu-utilization-on-a-domain-controller-part-1-of-2.aspx

http://blogs.technet.com/b/askperf/archive/2012/01/20/troubleshooting-high-cpu-utilization-issues-using-tracelog-exe.aspx
Regards, Nidhin.CK
- Proposed as answer by Sandesh Dubey Friday, September 21, 2012 5:27 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 3:47 AM
0

Sign in to vote
In addition I would also recommend to disable Antivirus and security application if any installed on DC and reboot the server and check also ensure that latest hotfix and SP is installed on the server .

Getting Started with SVCHOST.EXE Troubleshooting
http://blogs.technet.com/b/askperf/archive/2008/01/11/getting-started-with-svchost-exe-troubleshooting.aspx

PRF: High CPU (SVCHOST.EXE)
http://blogs.technet.com/b/askperf/archive/2009/04/10/prf-high-cpu-svchost-exe.aspx

Process explore:http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Hope this helps

Best Regards,

Sandesh Dubey.

MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
- Proposed as answer by Arthur_LiMicrosoft contingent staff Monday, September 24, 2012 8:17 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 5:40 AM
0

Sign in to vote
svchost.exe and lsass.exe is taking high CPU utilization on 10 to 15 DCs in my domain ?

How can i troubleshoot this?

I have windows server 2008R2 domain controllers and all CPU high DCs are not rebooted more than 1 month.

There can be many reason for the high CPU utilization like memory leak, application incompatibility etc. Foremost, i would make sure serve ris running with latest service pack,patches, as well as hardware (BIOS,firmware,graphics as well as device)drivers. Make a list of the applications/services running. Start with disabling antivirus & 3rd part software on the DC & see there is any improvements. Rebooting the DC might resolve the issue, but temporarily not permanent. You need to ask your performance expert team to look into the issue, because its not a AD issue but more server performance issues.

What are the roles installed on the DC? Are DC's also running agents like SCCM,SCOM,backup agents etc? You can also use perfmon to monitor the performance of the DC & take the value for the troubleshooting. You can't rule out this can be due to virus/worm attack too.

How to Troubleshoot High LSASS.EXE CPU Utilization on an Active Directory Domain Controllers

http://support.microsoft.com/kb/2550044

Also, for this kind of question, i would post into the general forum to get better response.

http://social.technet.microsoft.com/Forums/en-US/winservergen/threads

Awinish Vishwakarma - MVP

My Blog: awinish.wordpress.com

Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Proposed as answer by Arthur_LiMicrosoft contingent staff Monday, September 24, 2012 8:17 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 9:42 AM
0

Sign in to vote
In addition I would also recommend to disable Antivirus and security application if any installed on DC and reboot the server and check also ensure that latest hotfix and SP is installed on the server .

Getting Started with SVCHOST.EXE Troubleshooting
http://blogs.technet.com/b/askperf/archive/2008/01/11/getting-started-with-svchost-exe-troubleshooting.aspx

PRF: High CPU (SVCHOST.EXE)
http://blogs.technet.com/b/askperf/archive/2009/04/10/prf-high-cpu-svchost-exe.aspx

Process explore:http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Hope this helps

Best Regards,

Sandesh Dubey.

MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Please don't start randomly rebooting DC's. Bad advice. This doesn't help resolve the issue nor is it a recommended practice by Microsoft.

I have included a couple of powershell scripts that will dump drivers and services. Use this to try and examine what you have on the box and check for updates and compatibility.

############## Dump Drivers ###################
$computer = "LocalHost"
$namespace = "root\CIMV2"
$fileName = Read-Host "Enter the File Name for the CSV Output."
Get-WmiObject -class Win32_SystemDriver |
    sort-object DisplayName |
    select DisplayName, name, @{n="version";e={(get-item $_.pathname).VersionInfo.FileVersion}} |
    ConvertTo-CSV -Delimiter ";" -noTypeInformation |
    out-file $env:temp\$fileName.csv

Write-host "File is located at:" $env:temp\$fileName.csv
Write-host "The delimiter is the character ';'"

############## Dump Services ###################
$computer = "LocalHost"
$tempLoc="c:\temp"
$fileName = Read-Host "Enter the File Name for the CSV Output."

# $svcStatus = get-service | select name,displayname,status

$svcStatus = Get-WMIObject Win32_Service | select Name, StartMode, DisplayName, State

$tempFile=@()

$svcStatus | foreach-object{
    $tempLine ='' | Select name,displayname,startmode,state
    $tempLine.DisplayName=$_.DisplayName -replace ',',' '
    $tempLine.name=$_.name                -replace ',',' '
    $tempLine.startmode=$_.startmode      -replace ',',' '
    $tempLine.state=$_.state              -replace ',',' '
    $tempFile+=$tempLine
                        }

$tempFile | sort-object -property Name | export-csv "$tempLoc\$fileName.csv" -delimiter ";" -noTypeInformation

I also have a couple of other powershell scripts that if you run the drivers or services dump it will do a comparison on the two systems and let you know incomptatibilities. I can upload those as well if you are interested.

--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com    Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson

Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.
- Proposed as answer by Awinish Saturday, September 22, 2012 7:02 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 12:01 PM
0

Sign in to vote
Thanks Awinish for brief details.

This DC is PDC role Owner and having SCOM, Net backup agent installed with symentic Antivirus.

You need to consider one of the DC & you need to uninstall agents one by one to see what is causing server to go for freeze. There is no simple way out here, either contact Microsoft PSS to help you on this or install/configure another system in the windows 2008 R2 with all the services like now & then trial & error to reach the issue. The script provided Paul can surely be helpful.

Awinish Vishwakarma - MVP

My Blog: awinish.wordpress.com

Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Proposed as answer by Ace Fekay [MCT] Saturday, September 22, 2012 3:47 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 12:43 PM

All replies

0

Sign in to vote
Please follow the below articles.

http://blogs.technet.com/b/askds/archive/2007/08/20/troubleshooting-high-lsass-cpu-utilization-on-a-domain-controller-part-1-of-2.aspx

http://blogs.technet.com/b/askperf/archive/2012/01/20/troubleshooting-high-cpu-utilization-issues-using-tracelog-exe.aspx
Regards, Nidhin.CK
- Proposed as answer by Sandesh Dubey Friday, September 21, 2012 5:27 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 3:47 AM
0

Sign in to vote
In addition I would also recommend to disable Antivirus and security application if any installed on DC and reboot the server and check also ensure that latest hotfix and SP is installed on the server .

Getting Started with SVCHOST.EXE Troubleshooting
http://blogs.technet.com/b/askperf/archive/2008/01/11/getting-started-with-svchost-exe-troubleshooting.aspx

PRF: High CPU (SVCHOST.EXE)
http://blogs.technet.com/b/askperf/archive/2009/04/10/prf-high-cpu-svchost-exe.aspx

Process explore:http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Hope this helps

Best Regards,

Sandesh Dubey.

MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
- Proposed as answer by Arthur_LiMicrosoft contingent staff Monday, September 24, 2012 8:17 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 5:40 AM
0

Sign in to vote
svchost.exe and lsass.exe is taking high CPU utilization on 10 to 15 DCs in my domain ?

How can i troubleshoot this?

I have windows server 2008R2 domain controllers and all CPU high DCs are not rebooted more than 1 month.

There can be many reason for the high CPU utilization like memory leak, application incompatibility etc. Foremost, i would make sure serve ris running with latest service pack,patches, as well as hardware (BIOS,firmware,graphics as well as device)drivers. Make a list of the applications/services running. Start with disabling antivirus & 3rd part software on the DC & see there is any improvements. Rebooting the DC might resolve the issue, but temporarily not permanent. You need to ask your performance expert team to look into the issue, because its not a AD issue but more server performance issues.

What are the roles installed on the DC? Are DC's also running agents like SCCM,SCOM,backup agents etc? You can also use perfmon to monitor the performance of the DC & take the value for the troubleshooting. You can't rule out this can be due to virus/worm attack too.

How to Troubleshoot High LSASS.EXE CPU Utilization on an Active Directory Domain Controllers

http://support.microsoft.com/kb/2550044

Also, for this kind of question, i would post into the general forum to get better response.

http://social.technet.microsoft.com/Forums/en-US/winservergen/threads

Awinish Vishwakarma - MVP

My Blog: awinish.wordpress.com

Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Proposed as answer by Arthur_LiMicrosoft contingent staff Monday, September 24, 2012 8:17 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 9:42 AM
0

Sign in to vote

Thanks Awinish for brief details.

This DC is PDC role Owner and having SCOM, Net backup agent installed with symentic Antivirus.

Friday, September 21, 2012 11:22 AM
0

Sign in to vote
In addition I would also recommend to disable Antivirus and security application if any installed on DC and reboot the server and check also ensure that latest hotfix and SP is installed on the server .

Getting Started with SVCHOST.EXE Troubleshooting
http://blogs.technet.com/b/askperf/archive/2008/01/11/getting-started-with-svchost-exe-troubleshooting.aspx

PRF: High CPU (SVCHOST.EXE)
http://blogs.technet.com/b/askperf/archive/2009/04/10/prf-high-cpu-svchost-exe.aspx

Process explore:http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Hope this helps

Best Regards,

Sandesh Dubey.

MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Please don't start randomly rebooting DC's. Bad advice. This doesn't help resolve the issue nor is it a recommended practice by Microsoft.

I have included a couple of powershell scripts that will dump drivers and services. Use this to try and examine what you have on the box and check for updates and compatibility.

############## Dump Drivers ###################
$computer = "LocalHost"
$namespace = "root\CIMV2"
$fileName = Read-Host "Enter the File Name for the CSV Output."
Get-WmiObject -class Win32_SystemDriver |
    sort-object DisplayName |
    select DisplayName, name, @{n="version";e={(get-item $_.pathname).VersionInfo.FileVersion}} |
    ConvertTo-CSV -Delimiter ";" -noTypeInformation |
    out-file $env:temp\$fileName.csv

Write-host "File is located at:" $env:temp\$fileName.csv
Write-host "The delimiter is the character ';'"

############## Dump Services ###################
$computer = "LocalHost"
$tempLoc="c:\temp"
$fileName = Read-Host "Enter the File Name for the CSV Output."

# $svcStatus = get-service | select name,displayname,status

$svcStatus = Get-WMIObject Win32_Service | select Name, StartMode, DisplayName, State

$tempFile=@()

$svcStatus | foreach-object{
    $tempLine ='' | Select name,displayname,startmode,state
    $tempLine.DisplayName=$_.DisplayName -replace ',',' '
    $tempLine.name=$_.name                -replace ',',' '
    $tempLine.startmode=$_.startmode      -replace ',',' '
    $tempLine.state=$_.state              -replace ',',' '
    $tempFile+=$tempLine
                        }

$tempFile | sort-object -property Name | export-csv "$tempLoc\$fileName.csv" -delimiter ";" -noTypeInformation

I also have a couple of other powershell scripts that if you run the drivers or services dump it will do a comparison on the two systems and let you know incomptatibilities. I can upload those as well if you are interested.

--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com    Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson

Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.
- Proposed as answer by Awinish Saturday, September 22, 2012 7:02 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 12:01 PM
0

Sign in to vote
Thanks Awinish for brief details.

This DC is PDC role Owner and having SCOM, Net backup agent installed with symentic Antivirus.

You need to consider one of the DC & you need to uninstall agents one by one to see what is causing server to go for freeze. There is no simple way out here, either contact Microsoft PSS to help you on this or install/configure another system in the windows 2008 R2 with all the services like now & then trial & error to reach the issue. The script provided Paul can surely be helpful.

Awinish Vishwakarma - MVP

My Blog: awinish.wordpress.com

Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Proposed as answer by Ace Fekay [MCT] Saturday, September 22, 2012 3:47 AM
- Marked as answer by Arthur_LiMicrosoft contingent staff Wednesday, October 3, 2012 2:38 AM
Friday, September 21, 2012 12:43 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

svchost.exe is taking high CPU utilization on 10 to 15 DCs and some time lsass.exe in my domain

Question

Answers

All replies