Hello everyone,
I am having a really annoying/critical issue with the domain controllers in my company's forest. Many domain controllers (most of which are virtual) have got a very high memory consumption caused bylsass.exe process.
I started troubleshooting the issue, I was suspicious about the VMWare at the beginning, but then I saw this paragraph in a Microsoft article:
If the domain controller cannot shut down in an orderly fashion (which usually means a power failure), the database is left out-of-date, because the most recent pages in memory were not written to the disk. Transaction logs are used to recover the database. Any change made to the database is also appended to the current log file, and its disk image is always kept up-to-date. The database change process is as follows: 1- Lsass.exe writes the change to a database page in the memory buffer. 2- Lsass.exe writes the change to the log file. 3- Lsass.exe waits for the log file to be flushed to disk. 4- Lsass.exe confirms the transaction.
Now I am starting to think that since Lsass.exe actually interacts with NTDS, the whole memory consumption issue might be caused by the size of the AD file itself, because theNTDS.DIT file I have is 19 GB in size.
The memory issue exists on many DCs with various OS (2003 & 2008) and various specs, but the same symptoms occur whether the DC has got 4 GB, 8 GB or 12 GB of RAM. It all gets eaten up.
Thought I should post about the issue and see opinions other than mine.
Thanks in advance.
