I have a Windows Server 2016 Datacenter virtual machine running on AWS. My server experienced a sudden increase in CPU usage from lsass.exe, rendering the server unusable. Note that this server is a workgroup machine and has no active-directory oriented functionality.
Things that fixed LSASS performance:
IISReset /stop (resolved the performance issue)
Blocking port 443/80 via security group, except for my own IP (resolved the performance issue)
Upping the CPU on the machine to a machine with 8X the CPUs (shouldn't be necessary; the server has happily handled 2-4X the current traffic without issue)
Things that did not fix LSASS performance:
Disabling IIS Windows Authentication via server management wizard wizard
Disabling every single application pool
Creating an entirely new machine, copying the site/config to the machine, and pointing traffic at the new machine
Disabling the netlogon service (lsass still ran)
I did not find anything helpful in event logs. IIS logs are similarly useless (given stopping every application pool had no effect, I'm not sure it's reaching that level).
Anyone able to offer any sort of insight as to what is causing lsass to burn CPU?