Use this Knowledge Script to check whether the Kerberos Key Distribution Center service (specifically, the LSASS process) is running or hung. This script also monitors the amount of CPU time the LSASS process is using. You specify the threshold for CPU usage and the number of consecutive times the threshold can be exceeded before raising an event.
This script raises an event if the LSASS process is not running or if the process is using a large amount of CPU over a consecutive number of intervals (known as looping).
Windows 2003 Server or later
The default interval for this script is Every 10 minutes.
Set the following parameters as needed:
|
Parameter |
How to Set It |
|---|---|
|
Event? |
Set to y to raise an event if CPU usage exceeds the threshold. The default is y. |
|
Collect data? |
Set to y to collect data for charts and reports. If enabled, data collection returns:
The default is n. |
|
High CPU usage |
Specify the maximum amount of CPU that the LSASS process can consume before an event is raised. The default is 90%. |
|
Consecutive times LSASS has high CPU usage |
Specify the consecutive number of intervals the CPU usage of the LSASS process can exceed the threshold before an event is raised. The default is 3 times. |
|
Event severity - Process appears to be hung |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which the LSASS process is hung, or looping. The default is 5 (yellow event indicator). |
|
Event severity - Process is not running |
Set the event severity level, from 1 to 40, to indicate the importance of an event in which the LSASS process is not running. The default is 15 (yellow event indicator). |