This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
I have encountered a new issue.
There's a file called lsass.log located at C:\Windows\System32\lsass.log. This file's size increases daily, reaching up to 50 GB within few days. When I reboot the server, the log file size resets to 0 KB, but it starts growing again.
Do you have any solutions for this issue?
Log file screenshot https://i.postimg.cc/YCS22Y1w/Isass.jpg
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
#skr-Problem solved,
Found solution my self by modifying the 3 registry setting on this path and then deleted the log file thats it. reboot the server. it will not generate lsass.log file
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
and
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Hello
Thank you for posting in Microsoft Community forum.
The Isass.log file growing rapidly is not a common problem, but it could be related to the Local Security Authority Subsystem Service (LSASS), which handles authentication and Active Directory management.
Here are a few steps you can take to troubleshoot and potentially resolve this issue:
Check for Errors in Event Viewer: Look for any related errors or warnings in the Event Viewer under the System and Application logs. This might give you more insight into what’s causing the log file to grow.
Monitor LSASS Activity: Use tools like Performance Monitor to track LSASS activity. This can help identify if there’s a specific process or request causing the log file to grow.
Memory usage considerations in AD DS performance tuning | Microsoft Learn
Update and Patch: Ensure your server is fully updated with the latest patches and updates from Microsoft. Sometimes, these issues can be resolved with a software update.
Check for Malware: Although less likely, it’s worth running a thorough malware scan to rule out any malicious activity that might be affecting the LSASS process.
Review Active Directory Usage: High usage or specific queries to Active Directory can increase LSASS activity. Review any recent changes or applications that might be interacting heavily with AD.
Sorry, we cannot see your screenshots. We still recommend that you follow the above steps to troubleshoot.
Best Regards,
Wesley Li
Thanks for reply,
Let me try these steps.
Screenshot you can see here in the link: https://i.postimg.cc/YCS22Y1w/Isass.jpg
@Wei Li_1123
No luck. My dc is on windows server 2012
we have tried everything but still logs size growing every second.
it grow like 5 to 8 mb per second.
I tried this one but no luck :
Set two LSA registry key to 0 to avoid the lsaas logs creation
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LspDbgTraceOptions Value: 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LspDbgInfoLevel Value: 0
Microsoft document for reference https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/windows-updates-add-new-ntlm-pass-through-authentication-protections#enable-and-disable-lsa-logging-lsplog-by-using-powershell
We are sorry, but support for Windows Server 2012 and Windows Server 2012 R2 has ended and we can no longer provide you with any further support. We recommend that you upgrade to a later version of Windows Server to get full support.
Windows Server 2012 and 2012 R2 reaching end of support - Microsoft Lifecycle | Microsoft Learn
