Alert LSASS process high monitor
Hi there, I'm receiving a lot of alerts about LSASS process with high processor load detected in all DCs servers. If I open "LSASS processor time" performance view in the MP "Microsoft Windows Active Directory", the graph show that the most high value is 24,99 in the last 10 days. So I don't understand where is the error, maybe is the graph wrong? Alert : Alert: LSASS process high processor load detected. Source: computer1 Path: computer1.domain.local Last modified by: System Last modified time: 24/02/2010 16:34:48 Alert description: The Domain Controller has high processor load on the LSASS process over several polling intervals. Alert Context: Time Sampled: 24/02/2010 16:34:18 Object Name: Process Counter Name: % Processor Time Instance Name: lsass Average Sample Value: 73.7697588602702 Number of Samples: 3 Monitor properties: - <Configuration> <Frequency>10</Frequency> <NumSamples>3</NumSamples> <Threshold>80</Threshold> </Configuration> Any assistance would be much appreciated. Thanks!
February 25th, 2010 8:29am

The graph and the alerts won't always be in sync. The monitor that is raising the alert takes a snapshot every 10 seconds and if the value is over 80 three times in a row, it will flag the alert.The rule that is doing the graph collection runs far less frequently, and it also takes a split second snapshot each sample. So there is always the possiblity that your alerts are showing short peaks in CPU and your trend at a longer interval is less spikey.Try increasing the samples count, or reducing the frequency via an override to tune your alert volume. If you aren't having to fix anything, you need to configure overrides that are suitable for your specific environment. Microsoft Corporation
February 25th, 2010 10:34am

I know this is a answered question, but I have a question regarding the troubleshooting that the user went through. Entelekia mentions: "If I open "LSASS processor time" performance view in the MP "Microsoft Windows Active Directory", the graph...". I am also having SCOM report that LSASS is using too much processor time and am currently investigating whether this is a false positive or not. I am not aware of the step that Entelekia mentions. How do you open the LSASS processor time performmance view? I also don't know what he is referring to when he says MP Microsoft Windows Active Directory. Is this a separate performance monitoring program? Any help would be appreciated. Thank you.
January 12th, 2012 12:52pm

Jaded, I know this is quite late, but I've been getting these recently. The view mentioned earlier can be found by opening your SCOM UI, going into Monitoring, expand the Microsoft Windows Active Directory folder, select DC Performance Data, and the graph that you are looking for is 'AD DC Performance Collection - Metric Process % Processor Time of LSASS'
June 15th, 2012 11:14am

