Jump to content

Recommended Posts

Posted

Hi,

 

I have a build of Windows Server 2022 Standard - fully patched October 2024. 4GB RAM - 4vCPU.

SQL Server is installed on another VM. 

I have LDAP sync to AD and SAML auth to Entra ID for login. I have less than 5 users.

Mobile device access is also configured with the application server. other than that an out of the box setup.

 

The issue is, the process LSASS.exe slowly increases in RAM usage until the server is unusable. It takes around 3-4 days for this to occur. At the moment, we are performing nightly reboots of the VM as a workaround.

 

This is the only Windows Server 2022 in the environment which has this issue.

 

Has anyone else seen this behaviour?

 

Thanks,

 

David

Posted

Hello David,

 

The LSASS.exe executable (Local Security Authority Subsystem Service) is a process in the Windows operating systems that is responsible for enforcing the security policy on the system, and is not used specifically by our software.

We'd suggest doing some googling to see if you can find any other instances of this type of issue.

 

Regards

Click Studios

 

 

 

  • 2 weeks later...
Posted

Hi,

 

Thank you for the reply, i have found that if i stop the PasswordState App Server service, the LSASS.exe service then the RAM usage goes down to normal levels.

 

Please see screenshot. Are we sure there is no involvement with LSASS.exe in regards to the app server module?

 

Thanks,

 

David

Screenshot 2024-10-29 072054.png

Posted

Hello,

 

We do not believe this is related, as we do not integrate with the Windows Service at all. We also have not had any other reports of this issue.

 

Below are some screenshots from one of our environments, which shows the memory usage does not change when stopping our App Service.

 

When we were Googling this issue, there were some online recommendations for scanning for Malware.

 

Regards

Click Studios

lsass1.png

lsass2.png

Posted

Hi,

 

Thanks for your help. I have been unable to resolve this. No malware was detected from a scan on the server using malware bytes. The issue is resolved by setting the App server service to Startup mode disable and then rebooting however this disables the mobile access functionality. 

 

When the time comes and when it is supported by Passwordstate, I will upgrade the server to Windows Server 2025 and see if this resolves it. For now I am performing nightly reboots out of hours using a scheduled task.

 

Thanks,

 

David

Posted

Hi David,

 

Thanks for the information, but we do not believe Server 2025 will resolve your issue - as mentioned, we do not experience this on any version of Windows Server, and have had no other reports from customers.

Regards

Click Studios.

  • 1 month later...
Posted

Hi dmcmorris,

 

Just letting you know that we've now had a second report of this issue, and are trying to work with the customer to narrow down what might be causing it. Can you tell us the following:

 

1. On the screen Administration -> Backups, do you have this configured with a backup account?

2. With your database connectivity for Passwordstate, do you use the standard SQL account we create during install, or have you changed to an MSA account for database connectivity? If you are not sure, have a look in the Web.config file, in the database connection string near the top.

 

Thanks very much.

Regards

Click Studios

Posted

Hi,

 

Yes I am using a msa service account for the passwordstate service. Is this not supported? It is for the DB connectivity.

 

Thanks, 

 

David 

Posted

Hello David,

 

Yes it is supported, and we assume you are also using our backup functionality - as per question 1 above?

If so, this has helped us identify a bug under those specific conditions, when checking/writing images to disk.

 

We have a fix for this for the next release, and the work around options in the interim are:

 

1.    Create a Scheduled Task that restarts the Passwordstate Server and Passwordstate App Server Service periodically – ideally daily
2.    Or, for our Backup functionality, remove the backup account from here and disable backups, and perform your own backups – only the web.config file and database needs to be backed up daily
3.    Or revert to using a SQL Account for database connectivity in the web.config files

 

We’d recommend option 1, as it’s less work for you.

 

We'll post back here when the new build is available.

Regards

Click Studios
 

  • 1 month later...
Posted

Hi David,

 

We have release build 9938 today which fixes this issue, and you can follow these instructions to upgrade - you will need to upgrade the core product, as well as the App Server - https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf 

 

Also, for your Managed Service Account, this needs NTFS Modify permissions to the entire Passwordstate folder (for the core product), and also to the folder C:\inetpub\PasswordstateAppServer\images for the App Server.

Thanks again for reporting it.

Regards

Click Studios

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...