Chat now with support
Chat mit Support

Active Administrator 8.5 - User Guide

Active Administrator Overview Certificates Security & Delegation  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS CPU load DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

KDC service is not running

Indicates the Kerberos Key Distribution Center (KDC) service is not currently running on the domain controller.

Category: Windows Services
Name: Kerberos Key Distribution Center Service
Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally, only domain user privilege is required. When monitored remotely, domain administrator privilege is required.

The Directory Analyzer agent periodically checks to ensure that the KDC service is running.

Use the Services MCC snap-in or another SCP application to restart the KDC service.

LSASS CPU load

Indicates that the CPU for the Local Security Authority Service (LSASS) service on the domain controller is too busy, which can indicate a problem with directory service.

Category: Performance Counters
Name: LSASS % processor time
Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally and remotely, only domain user privilege is required and the user must be a part of the Performance Logs user group.

The Directory Analyzer agent monitors the Process(lsass)\% Processor Time performance counter on the domain controller for the LSASS service. If the value of the performance counter goes above the configured threshold for a period exceeding the configured duration, the agent will set this alert condition.

Please refer to the documents listed below for resolutions when Lsass.exe causes high CPU usage.

LSASS virtual memory

Indicates that the virtual memory used for Local Security Authority Service (LSASS) on the domain controller is above the preset threshold.

The amount of memory used for LSASS varies depending on the load of the computer. As the number of running threads increases, so does the number of memory stacks. Lsass.exe usually uses 100 MB to 300 MB of memory. Lsass.exe uses the same amount of memory no matter how much RAM is installed in the computer. However, when a larger amount of RAM is installed, Lsass.exe can use more RAM and less virtual memory.

Category: Performance Counters
Name: LSASS private bytes
Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally and remotely, only domain user privilege is required and the user must be a part of the Performance Logs user group.

The Directory Analyzer agent monitors the Process(lsass)\Virtual Memory performance counter on the domain controller for the lsass service. If the value in the performance counter goes above the configured threshold for a period exceeding the configured duration, the agent will set this alert condition.

This problem may occur when event tracing for Security Accounts Manager (SAM) events is enabled. When event tracing for SAM events is enabled, the remote procedure call (RPC) binding is not released. Therefore, a memory leak occurs in the Lsass.exe process.

Please refer to the Microsoft knowledge base articles listed below.

LSASS working set

Supported on: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019
Required permissions: When monitored locally and remotely, only domain user privilege is required and the user must be part of the Performance Logs user group.

The Directory Analyzer agent monitors the Process(lsass)\Working Set performance counter (corresponding to Mem Usage from Task Manager) on the domain controller for LSASS. If the value in the performance counter goes above the configured threshold for a period exceeding the configured duration, the agent will set this alert condition.

It is also possible that the number of bytes allocated to the working set has increased to some pathological condition in a particular application.

Please refer to the Microsoft knowledge base article listed below.

Verwandte Dokumente

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating