Windoes Server Core high CPU

-

hi all, have been running 2008 r2 server core last month part of pilot establish whether it's going suit our standard file server os.

over last couple of days have been getting high cpu usage (97-100%) in "system" process (no, not system idle process).  cannot identify causing , wondered if had ideas.

the machine single core virtual machine 2gb of ram running on vmware esx 4.  it's server 2008 r2 x64 server core, fsrm-infrastructure-core , powershell features installed.  manage remotely server 2008 machine, , backed overnight using commvault.  monitored using nagios, on basic probes of disk space, cpu , memory.  no av software limited pilot, client machines have own av software and firewall changes allow apps have mentioned work.

the storage provided through vmware host, combination of 3par , nexsan hardware.

on problem...

yesterday @ around 16:15 cpu went @ or near 100%, on system process.  had quick around , couldn't identify did usual windows thing of rebooting - @ around 17:00.  seemed trick.

again morning, @ around 09:15 did same.  time resolved wait out , see if calm down.  write (~12:42) has gone near normal.  around 0% when there no file activity, @ moment it's around 10%, presumably have computer manager open on monitoring machine.  interestingly, overnight steady 4%, although i'm sure had monitors closed down.  before yesterday's episode pegged @ 0% 4 or 5 days (as long ago installed nagios).

culprit 1:

i had been susicious of software protection service. started logging @ time cpu went up, application log events like:

event id 1003
software protection service has completed licensing status check.
application id=(big long hex string)
licensing status=1: (different big long hex string), 1, 0 [(0 [0xc004f014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]

these logs happening several times minute, , pretty logs same - refer same application id , different license statuses.  application id provided tracked in registry wucltux.dll in system32, not exist in file system.  appears else in registry either.  appears windows update client user experience, relevant on server core?

 

culprit 2:

looking through logs, notice when problem "fixed" there 2019 srv event reporting "the server unable allocate system nonpaged pool because pool empty." in connection \device\lanmanserver.  memory had been ramping , when hit 1gb event turned , problem stopped.  i'm thinking there connection :)

 

any hints useful.

 

thanks,

hi,

if problem occurs repetitious, suggest disable third party software test. remote desktop server core system, open task manager , switch performance tab monitor cpu usage.

or can configure performance monitor monitor cpu usage , send email don’t need observe server core time.

create , configure alerts
http://technet.microsoft.com/en-us/library/cc783602(ws.10).aspx

monitoring server performance , activity
http://technet.microsoft.com/en-us/library/bb726968.aspx

if problem doesn’t occur, problem caused 1 of disabled program.

if problem occurs, let’s run process explorer , analyze system process.
http://technet.microsoft.com/en-us/sysinternals/bb896653

run it, click options menu, choose configure symbols, type following line in symbols path. create c:\symbols folder later.

srv*c:\symbols*http://msdl.microsoft.com/download/symbols

run again, double-click system, switch threads tab, click cpu sort threads. let know name of start address.

for reference:
using process explorer tame svchost.exe - advanced topics
http://news.cnet.com/8301-13554_3-9867426-33.html

thanks.

posting provided "as is" no warranties, , confers no rights. please remember click "mark answer" on post helps you, , click "unmark answer" if marked post not answer question. can beneficial other community members reading thread.


Windows Server  >  Server Core



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more