![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 94%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
20,213 questions
Hello
It seems there is memory leak issue. Is this server a domain controller or a normal server?
If this is a DC, the following link may be useful.
THIS JUST IN!!!! High LSASS Usage After Windows Update 3B March 2024 - Microsoft Community Hub
a. For lsass service, have we checked whether we have configured the audit policies to this machine. Open administratror command line and run "auditpol.exe /get /category:*" then check the result. If we have configured some audit policies to the machine, try to remove them temporarily then check the issue again.
b. Configure the following group policy to limit the logon cache.
Local Security Policy -> Local Policies -> Security Options -> Interactive Logon: Number of previous logons to cache
For advanced troubleshooting:
- Verify whether the memory is related to handle leak firstly. It could be related to pool usage (kernal mode). Here is a link for reference:
Another Troubleshooting Adventure: More Real Life Memory Pool Leaks - Microsoft Community Hub
- If it is not a pool leak. Try to use vmmap to verify the exact memory usage.
VMMap - Sysinternals | Microsoft Learn
3.. Refer to the following link to yse performance monitor to verify the frequency of the memory leak.
Use Performance Monitor to Find a User-Mode Memory Leak - Windows drivers | Microsoft Learn
- If it leak all the time, the WPR tool should be useful to analyze this issue. Based on 2,3 then capture the related wpr tag
Exercise 2 - Track User Mode Process Allocations | Microsoft Learn
- We may consider to enable heap tracing with dump file at last.
In short, analyzing a memory issue is very complicated. The forum resource is limited, we may consider to open a Microsoft ticket for more resources.
Open Support requests | Microsoft LearnHello
It seems there is memory leak issue. Is this server a domain controller or a normal server?
If this is a DC, the following link may be useful.
THIS JUST IN!!!! High LSASS Usage After Windows Update 3B March 2024 - Microsoft Community Hub
a. For lsass service, have we checked whether we have configured the audit policies to this machine. Open administratror command line and run "auditpol.exe /get /category:*" then check the result. If we have configured some audit policies to the machine, try to remove them temporarily then check the issue again.
b. Configure the following group policy to limit the logon cache.
Local Security Policy -> Local Policies -> Security Options -> Interactive Logon: Number of previous logons to cache
For advanced troubleshooting:
- Verify whether the memory is related to handle leak firstly. It could be related to pool usage (kernal mode). Here is a link for reference:
Another Troubleshooting Adventure: More Real Life Memory Pool Leaks - Microsoft Community Hub
- If it is not a pool leak. Try to use vmmap to verify the exact memory usage.
VMMap - Sysinternals | Microsoft Learn
3.. Refer to the following link to yse performance monitor to verify the frequency of the memory leak.
Use Performance Monitor to Find a User-Mode Memory Leak - Windows drivers | Microsoft Learn
- If it leak all the time, the WPR tool should be useful to analyze this issue. Based on 2,3 then capture the related wpr tag
Exercise 2 - Track User Mode Process Allocations | Microsoft Learn
- We may consider to enable heap tracing with dump file at last.
In short, analyzing a memory issue is very complicated. The forum resource is limited, we may consider to open a Microsoft ticket for more resources.