PAM 3.2.x and 3.3.0 servers with Windows Remote target connector configured to manage passwords on Windows servers.
There is a potential problem on the PAM server when the Windows Remote target connector runs into problems while communicating with a target device to verify or update account passwords. In rare cases this can leave behind a looping process that takes up all available time on one CPU. Even a cluster restart will not terminate these hung processes. With time there may be multiple of these processes running. E.g. 5 looping processes on a PAM server with 8 CPUs will results in a steady CPU usage of 60+ percent. If scheduled jobs are used to rotate passwords of Windows accounts on a regular basis, a single target account using the Windows Remote connector could be responsible for all looping processes.
A PAM server reboot will resolve the problem.
If this is a production node and you cannot restart the server any time soon, you can engage PAM support to kill the problem processes during a WebEx session with SSH access to the PAM server. This requires an SSH debug patch to be applied, a PAM admin has to enable SSH access, and firewall rules need to allow SSH access to PAM from a laptop/desktop that can run a PuTTY SSH client.