I found one of our Windows Server(2008 R2) use 98% memory(16GB in all). In Task manager, lsass.exe was found using about 15GB memory. After restart the server, lsass.exe occupy about 10MB memory, and then every 1min~3min increase about 348KB. The Windows server is running WinCC and OPC ua server.
We have tried some ways to resolve this but no one works :(
- Restart Server and not start wincc or opcua server. Memory of lsass.exe still increase after restart.
- Use antivirus software to scan the server, no virus found.
- Install some system patches (kb3156417, kb976932) after reading some related lsass.exe memory leak posts. it doesn't work. Memory of lsass.exe still increase after restart.
- We installed Process Monitor and found some "useful" information. **lsass.exe do some repeated "CreateFile" operation and result is NAME NOT FOUND while memory of lsass.exe increase every time. ** By install more patch or ddl, we make all the NAME NOT FOUND to SUCCESS, but the memory leak seems not resolved. Here are the before and after screenshots. Some dll missed and lsass.exe cant find them All NAME NOT FOUND turn to SUCCESS
We check another health/normal Windows Server. The memory of lsass only take 10MB memory and doesn't increase. Process Monitor shows no repeated operations like CreateFile. The only different between these two server is the unhealthy one installed opcua server and the healthy one ont. Only one operation by lsass.exe in 15 mins
Not we get a conclusion: some unknown process is calling lsass.exe repeatedly since the server is on. Before we found the process and fix it, we can only choose to restart the server regularly =,=
Anybody know which process will call lsass.exe repeatedly or how to fix the lsass.exe memory increase?