I'm running win2k AD in mixed mode sp4. My issue is, my GC's are running over the top with lsass.exe sometimes hitting 99%. I have a ton of logon failures in the security log. they are mostly coming from "THE LOGON TO ACCOUNT ADMINSITRATOR(SOMETIMES GUEST OR ASPNET) by Microsoft_Authenticaition_Package_v1_0 has failed." I also have some workstations running an svhost(not svchost) which when i kill, they can logon. Is this some virus or worm i'm unaware of? it seems like it. The only thing that comes close is a w32.spybot.worm(from Symantec) but that virus is over a year old and my defs have been current. i turned up logging on directory related events to 1 but no info that helps. my Exchange 2k server is logging rpc failures to my gc, however the gc is up and dns is fine.
any help would be great( i just got back from vacation and this si what i'm saddled with. go figure, life of a net admin). Thanks alot List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
