Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Active Directory Authentication causing DNS Server HIGH CPU Usage

Lock007
Comes here often
‎Jun 9 2021 3:05 PM
‎Jun 9 2021 3:05 PM

Active Directory Authentication causing DNS Server HIGH CPU Usage

I have a MX100 deployed in my work environment. All features have been working smoothly until we decided to integrate the Active directory function using our DNS servers and group policies on the MX.

Ever since we enabled the Active Directory we have noted that the CPU usage would go up 100%.

I have tested this repeatedly and know that when i disable the Active Directory function on the MX the CPU level on my DNS server drops to 5%. I now know for a fact that it is the Active Directory authentication and whatever process is running on the DNS server that results in High CPU Usage. I would like to know why there is high cpu usage when i enable the Active Directory authentication. I have about 4 other remote sites that i want to enable Active Directory but this will make my CPU usage to up to 100%. The DNS server is running on a VM Ware virtual machine is using about 12 cores of CPU already. I will not keep increasing my CPU capacity as this is not practically suitable. Please help i need solutions.

0 Kudos
Subscribe
6 Replies 6
Bruce
Kind of a big deal
‎Jun 9 2021 4:02 PM
‎Jun 9 2021 4:02 PM

@Lock007 I'm assuming that your DNS server also runs your AD Domain Controller function, as its the DC function that the MX integrates with. The MX integration has two parts to it, it binds to the DC to gather group memberships via LDAP, and it scrapes the security logs for logon events using WMI to match users to IP addresses.

 

I'd check both the Windows server event logs and MX event logs for errors to see if there is something not working correctly. I'd also check the permissions of the user account you are using to connect to the AD DC - maybe temporarily use a domain admin account to see if there is a rights issue, and then switch is back to a more restricted account if it works with the domain admin account (the permissions that are needed are given in this document, https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc...)

 

Also, check the memory usage on the server too. If this gets high and results in a  lot of swap file activity this may be driving the CPU usage up.

0 Kudos
Subscribe
In response to Bruce
Lock007
Comes here often
‎Jun 9 2021 5:46 PM
‎Jun 9 2021 5:46 PM

Bruce,

 

I checked the CPU Usage. The is high CPU Usage on the event log service.

0 Kudos
Subscribe
In response to Bruce
Lock007
Comes here often
‎Jun 15 2021 4:02 PM
‎Jun 15 2021 4:02 PM

@Bruce I got Meraki Support to check out my Active Directory integration. They said there is nothing wrong with the current setup. Use of domain admin to connect to DC is fine. There is no rights issue. The memory usage on the server is pretty low at about 20%. I suspect where the MX scrapes the security logs for logon events and using WMI to match users to IP address is what is causing the high CPU Usage. Are you able to confirm this?

0 Kudos
Subscribe
In response to Lock007
Bruce
Kind of a big deal
‎Jun 15 2021 10:26 PM
‎Jun 15 2021 10:26 PM

You'll need to have a look through the Windows server and see if you can ascertain what is going on from the windows event log or performance monitors. What is the memory utilisation doing? Is it running out of memory (as well as the CPU peaking)? Do you see the WMI provider take CPU or Memory (the MX scrapes the Security Log every 5 seconds). Is the Security Log large, open it and see how many records are there (are there any logs there at all?).

0 Kudos
Subscribe
In response to Bruce
Lock007
Comes here often
‎Jun 24 2021 2:37 PM
‎Jun 24 2021 2:37 PM

@Bruce I have monitored the memory utilization and it does not peak over 50%.Most of the memory is consumed by the Domain Name System service and also the Netwrix Auditor service as well.  The CPU does peak every 5 seconds and this peak goes up to 100% and stays there for some time. The security log is 8GB and there are plenty of records there. There also records generated every second on the logs and i have to constantly hit refresh to see the new events. I will try to monitor using performance monitors but am not sure what i will achieve.

0 Kudos
Subscribe
PhillT
Comes here often
‎Jul 15 2021 6:52 AM
‎Jul 15 2021 6:52 AM

I had the same issue with two MX100's  with  active Directory enabled. Hitting the AD servers with WMI request and ponding the CPU's at a constant 98%.

Logged a call to Meraki TAC with the issue. Resolution was to request Meraki TAC to reduce the WMI polling time from the MX to AD server from 5 seconds to 30 seconds.

This has reduced AD server CPU's to 50 -58% utilization and the AD Meraki MX status now shows green OK and no yellow warning.

 

Hope this helps.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.