dmcmorris Posted October 18, 2024 Posted October 18, 2024 Hi, I have a build of Windows Server 2022 Standard - fully patched October 2024. 4GB RAM - 4vCPU. SQL Server is installed on another VM. I have LDAP sync to AD and SAML auth to Entra ID for login. I have less than 5 users. Mobile device access is also configured with the application server. other than that an out of the box setup. The issue is, the process LSASS.exe slowly increases in RAM usage until the server is unusable. It takes around 3-4 days for this to occur. At the moment, we are performing nightly reboots of the VM as a workaround. This is the only Windows Server 2022 in the environment which has this issue. Has anyone else seen this behaviour? Thanks, David
support Posted October 20, 2024 Posted October 20, 2024 Hello David, The LSASS.exe executable (Local Security Authority Subsystem Service) is a process in the Windows operating systems that is responsible for enforcing the security policy on the system, and is not used specifically by our software. We'd suggest doing some googling to see if you can find any other instances of this type of issue. Regards Click Studios
dmcmorris Posted October 29, 2024 Author Posted October 29, 2024 Hi, Thank you for the reply, i have found that if i stop the PasswordState App Server service, the LSASS.exe service then the RAM usage goes down to normal levels. Please see screenshot. Are we sure there is no involvement with LSASS.exe in regards to the app server module? Thanks, David
support Posted October 31, 2024 Posted October 31, 2024 Hello, We do not believe this is related, as we do not integrate with the Windows Service at all. We also have not had any other reports of this issue. Below are some screenshots from one of our environments, which shows the memory usage does not change when stopping our App Service. When we were Googling this issue, there were some online recommendations for scanning for Malware. Regards Click Studios
dmcmorris Posted November 6, 2024 Author Posted November 6, 2024 Hi, What Windows Server Edition are you using within your example? Thanks, David
support Posted November 6, 2024 Posted November 6, 2024 Hi David, We have a range of Server 2019 to 2022, as do most of our customers. Regards Click Studios
dmcmorris Posted November 8, 2024 Author Posted November 8, 2024 Hi, Thanks for your help. I have been unable to resolve this. No malware was detected from a scan on the server using malware bytes. The issue is resolved by setting the App server service to Startup mode disable and then rebooting however this disables the mobile access functionality. When the time comes and when it is supported by Passwordstate, I will upgrade the server to Windows Server 2025 and see if this resolves it. For now I am performing nightly reboots out of hours using a scheduled task. Thanks, David
support Posted November 10, 2024 Posted November 10, 2024 Hi David, Thanks for the information, but we do not believe Server 2025 will resolve your issue - as mentioned, we do not experience this on any version of Windows Server, and have had no other reports from customers. Regards Click Studios.
support Posted December 11, 2024 Posted December 11, 2024 Hi dmcmorris, Just letting you know that we've now had a second report of this issue, and are trying to work with the customer to narrow down what might be causing it. Can you tell us the following: 1. On the screen Administration -> Backups, do you have this configured with a backup account? 2. With your database connectivity for Passwordstate, do you use the standard SQL account we create during install, or have you changed to an MSA account for database connectivity? If you are not sure, have a look in the Web.config file, in the database connection string near the top. Thanks very much. Regards Click Studios
dmcmorris Posted December 12, 2024 Author Posted December 12, 2024 Hi, Yes I am using a msa service account for the passwordstate service. Is this not supported? It is for the DB connectivity. Thanks, David
support Posted December 12, 2024 Posted December 12, 2024 Hello David, Yes it is supported, and we assume you are also using our backup functionality - as per question 1 above? If so, this has helped us identify a bug under those specific conditions, when checking/writing images to disk. We have a fix for this for the next release, and the work around options in the interim are: 1. Create a Scheduled Task that restarts the Passwordstate Server and Passwordstate App Server Service periodically – ideally daily 2. Or, for our Backup functionality, remove the backup account from here and disable backups, and perform your own backups – only the web.config file and database needs to be backed up daily 3. Or revert to using a SQL Account for database connectivity in the web.config files We’d recommend option 1, as it’s less work for you. We'll post back here when the new build is available. Regards Click Studios
support Posted January 14 Posted January 14 Hi David, We have release build 9938 today which fixes this issue, and you can follow these instructions to upgrade - you will need to upgrade the core product, as well as the App Server - https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf Also, for your Managed Service Account, this needs NTFS Modify permissions to the entire Passwordstate folder (for the core product), and also to the folder C:\inetpub\PasswordstateAppServer\images for the App Server. Thanks again for reporting it. Regards Click Studios
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now