Topic Last Modified: 2006-07-13
The Microsoft® Exchange Server Analyzer Tool examines the Exchange Function Call Log (FCL), the Store.fcl file, for events that indicate ongoing cross-component calls from the Exchange Information Store service (Store.exe) to the Local Security Authentication Server (Lsass.exe) process.
Ongoing calls are requests from the Microsoft Exchange Information Store service (Store.exe) to other components that have not received a response at the time the Exchange FCL data is written to the Store.fcl file.
The Local Security Authentication Server process (Lsass.exe) is a security subsystem invoked by other processes to verify account information and logon validation.
Every Exchange client logon causes the server that is running Exchange Server to send a request to look up the account security identifier (SID) for the client and creates a call within the Local Security Authentication Server (Lsass.exe) process.
If the Exchange Server Analyzer finds events in the Store.fcl logging file that reflect ongoing calls from the Microsoft Exchange Information Store service (Store.exe) to the Local Security Authentication Server (Lsass.exe) process, the Exchange Server Analyzer displays a warning.
This warning indicates that performance may become an issue for this server. Occasional ongoing calls do not necessarily indicate a problem, but repeated ongoing calls to the same area might.
When cross-component calls from the Microsoft Exchange Information Store service (Store.exe) wait for a response, remote procedure call (RPC) threads can back up behind these requests and lead to Exchange Server performance issues such as delays in server responses to clients.
Ongoing calls from the Exchange Information Store service to the LSASS process can be caused by the following conditions:
- Server resource issues related to the number of users who
authenticate at the same time.
- Network latency between the Exchange server and the Domain
Controller or global catalog server.
- Server resource bottleneck issues.
To address this warning, take the following steps:
- Consider implementing the NeverPing parameter as
described in NeverPing parameter
recommended
- Review the articles in the For More Information section of this
document.
For More Information
For more information about the Lsass.exe process and memory usage, see Microsoft Knowledge Base article 308356, "Memory usage by the Lsass.exe process on domain controllers that are running Windows Server 2003 or Windows 2000 Server" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=308356).
For more information about Exchange client logons and LSASS issues, see Microsoft Knowledge Base article 161938, "Slow Exchange Client Logons Due to Resource Deadlock" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=161938).
For more information about network latency between the Exchange server and the Domain Controller or global catalog server, see the following Exchange Server Team Blog article, "Exchange Does Not Always Use Local GCs" (http://go.microsoft.com/fwlink/?LinkId=69166).
Note: |
---|
The content of each blog and its URL are subject to change without notice. |
For more information about server resource bottleneck issues, see Processor Bottleneck.
For more information about Exchange Server performance, see the "Performance and Scalability Guide for Exchange Server 2003" (http://go.microsoft.com/fwlink/?LinkId=47576).
For more information about how to troubleshoot Exchange Server performance issues, see "Troubleshooting Microsoft Exchange Server Performance" (http://go.microsoft.com/fwlink/?LinkId=47588).
For more information about how to troubleshoot information store performance, see Microsoft Knowledge Base article 257725, "XADM: How to Collect Diagnostic Data for Information Store Troubleshooting" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=257725).