FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dalon
Staff
Staff
Article Id 198008
Description
This article shows how to troubleshoot high CPU/Memory with authd daemon in specific FSSO context.    

Scope
All firmware levels.    

Solution
Diagnose

High CPU with Collector Agent is generally caused by authd daemon trying to connect in vain, overwhelming FortiGate with repetitive SSL session.
#diag sys top 5 40

PID   RSS ^CPU%    MEM% FDS TIME+    NAME
* 97 15M   79.6    0.8  47 30:20     authd

#diag debug crashlog read

16348: 2014-09-03 13:43:59 <02587> application authd
16349: 2014-09-03 13:43:59 <02587> *** signal 11 (Segmentation fault) received ***
16350: 2014-09-03 13:43:59 <02587> Register dump:

# diagnose debug authd memory ----> shows authd memory usage information

# diagnose debug application authd -1 ----> checking timeouts and possible errors

Troubleshoot

1) Disable NTLM (if used with FSSO) for testing.

NTLM is heavy and can create peaks of memory, especially with lots of users and/or with polling mode on Collector Agent ).

High CPU usage for authd can be caused by the high number of problematic authentication requests (i.e.: NTLM credentials are not provided or NTLM requests are started as system processes) flooding the system with repeating attempts to send logon.

2) Try to optimize the Collector Agent.

- Make sure that the cache is enabled.
- Raise the Worker Thread to 512 (Advanced settings > Worker thread count).
- Switch to DCAgent if polling mode is used.

3) Check eventual conflict between server Windows server and FSSO Agent (64-bits versus 32).

4) Try to kill authd:

# diag sys kill 11 <authd_PID_int>    

Contributors