I ran into an issue with my API generating a huge CPU load of lsass.exe. The environment :
Windows Server 2016
.NET Core 2.2 (aslo tested with .NET Core 3.0)
In order to investigate it, I created a new ASP.NET Core website using the default template (`dotnet new web`). I updated Kestrel configuration to look like this :
High LSASS.exe CPU utilization can be caused by many different single or combined issues.You could use the Active Directory Data Collector tool which assists in determining what the problem cause is in Windows Server 2008 and late.
Unfortunately, our server is standalone wihtout any connection to an AD. Only local accounts are used when launching the app using kestrel in a console or IIS using the default app pool identity
Here is the list of roles and features enabled on the server :
As lsass.exe works on several part of HTTPS sessions, it is not trivial to tell what exactly happens without things like dump analysis. Possible causes can be related to the certificate you use (some certificates require more processing than others), but
that's only one of the many possibilities.
Lex Li
https://lextudio.com
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
None
0 Points
2 Posts
Local Security Authority Process (lsass) heavy CPU load through HTTPS
Oct 16, 2019 12:14 PM|mathieu.lutun|LINK
I ran into an issue with my API generating a huge CPU load of lsass.exe. The environment :
In order to investigate it, I created a new ASP.NET Core website using the default template (`dotnet new web`). I updated Kestrel configuration to look like this :
public static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args) .ConfigureWebHostDefaults(webBuilder => { webBuilder.ConfigureKestrel((context, options) => { options.AddServerHeader = false; options.Listen(IPAddress.Any, 5001, listenOptions => { listenOptions.UseHttps(StoreName.My, "*.mycertificate.domain", false, StoreLocation.LocalMachine); }); }) .UseStartup<Startup>(); });Alongisde this website, i created a load test using JMeter in order to hit the website with this load :
When running the test browsing the homepage of the website, the result is having the lsass.exe process to heavily use the CPU close the 100%.
I ran others tests using those configurations and the result is still the same
- Kestrel using different ways to load the certificate
- IIS using InProcess website with a https binding on the certificate
- HTTP.sys
Any ideas on how to configure properly https on aspnet-core to create a heavy load API ?
Thanks for your help
Member
170 Points
88 Posts
Re: Local Security Authority Process (lsass) heavy CPU load through HTTPS
Oct 17, 2019 03:21 AM|Lewis Lu|LINK
Hi mathieu.lutun,
High LSASS.exe CPU utilization can be caused by many different single or combined issues.You could use the Active Directory Data Collector tool which assists in determining what the problem cause is in Windows Server 2008 and late.
https://support.microsoft.com/en-us/help/2550044/how-to-troubleshoot-high-lsass-exe-cpu-utilization-on-an-active-direct
Best Regards,
Lewis
None
0 Points
2 Posts
Re: Local Security Authority Process (lsass) heavy CPU load through HTTPS
Oct 17, 2019 08:11 AM|mathieu.lutun|LINK
Hi Lewis,
Unfortunately, our server is standalone wihtout any connection to an AD. Only local accounts are used when launching the app using kestrel in a console or IIS using the default app pool identity
Here is the list of roles and features enabled on the server :
Participant
950 Points
389 Posts
Re: Local Security Authority Process (lsass) heavy CPU load through HTTPS
Oct 18, 2019 01:41 AM|lextm|LINK
As lsass.exe works on several part of HTTPS sessions, it is not trivial to tell what exactly happens without things like dump analysis. Possible causes can be related to the certificate you use (some certificates require more processing than others), but that's only one of the many possibilities.
https://lextudio.com
---------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.