LSASS process going crazy...

["Dan Tesch" <dan.tesch () comcast net>]

I am working with a client that has MS load balanced W2003 servers.
One of the servers is newer with dual Opterons / 2Gb RAM and the other
is slightly older single 2.7Ghz Xeon and 1.5Gb RAM but 15K drives
so functionally they are 'somewhat' similar.

The server with the single Xeon keeps having the LSASS process consuming
almost all of the resources - booting the server temporarily solves the
problem, the admin. has opened up an issue with Microsoft and they took
some dumps and gave him a hotfix but the problem continues.

The box is fully patched at least according to the Windows Update Site
and MBSA and has current AV and the other load balanced server does not
experience the issue and the Event Logs are not showing anything useful.

Can anyone give me some clues as to a good place to hunt? not sure this
is even a security issue but it seems like there are a bunch of references
on the net about security problems related to this process.

Thanks