The AD Processor Overload (lsass) Monitor in the Acticve Directory MP gives false alerts if the LSASS process consumes over 15% CPU. This is caused of a misconfiguration in the Ops Mgr 2007 monitor. The script running the monitor AD_CPU_Overload.vbs have 6 parameters as input. Parameter 4 and 5have been mixed so that the "MaxFrequency"=15 and "LSASSThreshold"=80 (Default values) replaces each other. So instead of alerting for LSASS process consuming more than 80% CPU the monitor alerts for over 15%.
To fix this before a update MP is available make a ovverride for the "AD Processor Overload (lsass) Monitor".
The override should look like this:
Min number of min between alerts:80 (15 Default)
Lsass Threshold(%): 15 (Default 80)
Monday, April 21, 2008
LSASS Monitor in Active Directory MP gives false alerts
