I had a customer recently who's Domain Controller was pegged at 100% CPU utilization from the process lsass.exe. We determined the problem was from their spam appliance constantly performing LDAP lookups.
After digging around a little bit I found the option to use Global Catalog lookups for the LDAP Query instead of Straight LDAP lookups. The big secret was to change the appliance from doing its lookups using port 389 to port 3268, of course this means you also need to make sure the Domain Controller you do the lookup against is a Global Catalog.
After doing thise CPU utilization went from 100% to 1%-2% with no repercusions found.
Here's a link describing the differences between port 389 and 3268 lookups
Lucas
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment