In the past month or so I noticed that lsass.exe has started to leak memory, getting to 500MB+ of ram in under a week after reboot. Before this I had never noticed it using any significant amount of memory compared to other processes on the system.
This is happening on 2 identical servers, neither of which has anything to do with Active Directory.
Maybe a recent Windows Update has caused this? Any thoughts on things to check?
As a side question is there some way to recycle the memory usage of lsass.exe without rebooting?
Edit:
Here is what I'm seeing in Process Monitor, there are thousands of registry open/query/close a minute from lsass.exe. How can I track down what is triggering these?
If you have iis on your server, this microsoft kb can help you : http://support.microsoft.com/kb/979730
Running 3rd-party software with integrated NTLM authentication? Could be that software requesting security info and never freeing it up again.
Also, are you using the "Built-In" groups for anything? Sometimes having a lot of heavily used accounts in the Built-In groups can do this.
A memory leak occurs in the Lsass.exe process on a Windows XP-based or a Windows Server 2003-based computer: http://support.microsoft.com/kb/902058
Also consider scanning for trojans
We have also noticed some weird lsass memory usage lately when using SSL. Eventually it will cause SSL connections to fail.
It looks like there was a patch release this week http://support.microsoft.com/kb/973917 that while not specifically mentioning the problem we have been seeing, seems to have fixed it for us.
Might want to check this out.