API - causes high CPU load on lsass.exe

I see hugh cpu usage on process lsass.exe every time i perform an api call. I have this small sample API that can reproduce the issue, even on my laptop with Core i7-8550U CPU

New-PSUEndpoint -Url "/Test" -Endpoint { 

    function New-APIReturnObject {
        $ReturnData = New-Object System.Object
        $ReturnData | Add-Member -Type NoteProperty -Name "Status" -value -1
        $ReturnData | Add-Member -Type NoteProperty -Name "StatusText" -value ""
        $ReturnData | Add-Member -Type NoteProperty -Name "TimeStamp" -value ([DateTime]::UtcNow)
        $ReturnData | Add-Member -Type NoteProperty -Name "Data" -value $null
        return $ReturnData
    $StartTime = [DateTime]::UtcNow
    $ReturnData = New-APIReturnObject
    $ReturnData.Data = "Testing test"

    $ReturnData.TimeStamp = ([DateTime]::UtcNow)
    $EndTime = [DateTime]::UtcNow
    $Time = $EndTime - $StartTime
    $ReturnData.Status = 0
    $ReturnData.StatusText = "The command completed successfully in $($Time.TotalMilliseconds)mS"
    $ReturnData | ConvertTo-Json -Depth 99

When i call the API like this on my laptop, i see lsass steady on about 14% usage

while ($true) {Invoke-RestMethod -Uri "http://localhost:7850/Test" }

I run Powershell Universal 1.4.5 and Universal Dashboard 3.1.3, without any kind of authentication.

Additional test shows that this simple page also generates high load on lsass

New-UDPage -Name "LSASS sucks" -Url "/lsass" -Content {

    New-UDHtml -Markup "<B>I am hard on lsass</B>."

If loaded with

while ($true) {$a=Invoke-RestMethod -Uri "http://localhost:7850/lsass" }

I had exactly the same problem! after I switched to PowerShell version 7, the problem disappeared

I am on Powershell 7.0.3 :slight_smile:

I’m seeing this too. I’ve found that this is an issue with ASP.NET Core for other folks: https://stackoverflow.com/questions/58410207/local-security-authority-process-lsass-heavy-cpu-load-through-https

On my machine, it has something to do with CNG encryption being used by the web server. PSU isn’t using this directly but something in the web server stack is using it heavily. I’ve eliminated the use of everything except the web server (not calling PowerShell or over our gRPC channel) and the issue remains.

You’re the second person to report this so it’s happening for others as well.

Good to know that others see this as well.

As you can see in my samples, this is also happening when i use http, so the article does not match exactly.

Same here. I do not have HTTPS configured. There is this open GitHub issue as well: https://github.com/dotnet/aspnetcore/issues/18488

Trying to track down if this is even the same thing as that. I’ll continue to investigate.