![]() I can't see the end of the loop because procmon timed out after a few hours of logging but for those few hours it ends the last user, then reads the services NTDS and then restart the SAM user loop again. Looking at the procmon logs for the 2019 server more carefully I noticed that it's not that LSASS is taking a long time to parse the 50K users from SAM, it appears to be stuck in a loop!! LSASS keep reading all the SAM entries over and over again in a loop for 12 hours! Here's an excerpt from the logs showing when it ends one loop and then starts another loop. Where as in 2019 LSASS has to complete enumerating the SAM users before the login takes place, this takes 12 hours to complete.ĭoes anyone know how to get 2019 to behave like 2012R2 and have LSASS complete it's SAM validation in parallel with other tasks so it doesn't take 9 hours to boot? Very frustrating the MS broke something that worked great. ![]() After analyzing the boot up logs using procmon I noticed that with 2012R2 LSASS is enumerating the SAM users in parallel with other tasks including running LoginUI and once logged in LSASS stop. However once the 50K local users are recreated it takes about 12 hours for the server to boot up and login. I need need to upgrade to Server 2019 or Server 2022. ![]() It's currently running on Windows Server 2012R2 and it takes about 3-4 minutes to boot up - it's been working perfectly for almost a decade now. I have a system with 50K local users (it's create via a script for IIS authentication, this cannot be changed at this time as it's being done by a legacy app).
0 Comments
Leave a Reply. |