manivivek
asked on
High System Process Utilization on Windows 2000 Server
I have a Windows 2000 Server with all Service Packs and critical updates installed. My System (NOT System Idle Process) is consistently around 90-99% CPU utilization. I have done the following, unsuccessfuly, to resolve the issue
1. I have Symantec Anti-Virus Server. I have verified virus definitions, done a full system scan. No virus on the system. I have also disabled real-time scan for troubleshooting purposes
2. I have disconnected the server from the network.
3. Restarted server in safe mode
4. Run Ad-Aware and Spybot. Removed all detected spywares
5. Stopped all services that are not a part of the default windows services
No matter what I try to do, the System process is always consistently high. This causes me to restart the server every couple of days. HELP!
1. I have Symantec Anti-Virus Server. I have verified virus definitions, done a full system scan. No virus on the system. I have also disabled real-time scan for troubleshooting purposes
2. I have disconnected the server from the network.
3. Restarted server in safe mode
4. Run Ad-Aware and Spybot. Removed all detected spywares
5. Stopped all services that are not a part of the default windows services
No matter what I try to do, the System process is always consistently high. This causes me to restart the server every couple of days. HELP!
ASKER
I did start the server in safe mode. The system process remains at high CPU utilization.
ASKER
Process explorer from sysinternals shows
1. Interrupts CPU (approx) 17
2. DPC CPU (approx) 42
3. System CPU (approx) 38
1. Interrupts CPU (approx) 17
2. DPC CPU (approx) 42
3. System CPU (approx) 38
have you updated any drivers lately?
this could very well be a driver problem
is this a new build, or an existing server that recently started acting this way?
this could very well be a driver problem
is this a new build, or an existing server that recently started acting this way?
ASKER
Spareticus, This is an existing server that has started acting up. I thought starting the server in safe mode would isolate a driver issue?
What hardware is this server?
Have you recently added the latest MS04-011 Patch to this system?
Have you recently added the latest MS04-011 Patch to this system?
"all Service Packs and critical updates installed" is probably be the cause. There seem to be some issues concerning the KB 835732 Hotfix.
On W2k in certain configurations, it's high CPU usage of the system process, on Server 2k3, it disables IE's encryption, and it seems to mess up some NT4 installations as well.
Here's a description about how to best remove it:
http://groups.google.de/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=%23IOM%23EzIEHA.3476%40TK2MSFTNGP11.phx.gbl
or another possibility:
http://groups.google.de/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=1d1d201c42315%2448f9c3b0%24a501280a%40phx.gbl&rnum=2
If it doesn't work, google groups for "835732" and "CPU usage" or "835732" and "realtime".
Here are the important parts of the articles above, just in case:
====8<----[MICROSOFT IS LOOKING at the KB 835732 issue now]----
To unistall it, I did the following
(1) Boot into Safe mode.
(2) Run TaskManager - and noticed that the SYSTEM process
was using 99% of the CPU time.
(3) From TaskManager set the Priority of the EXPLORER
process to REALTIME, so that I can get to the control
panel.
(4) Run ADD/REMOVE PROGRAM from control panel.
(5) Go back to TaskManager and set the Priority of
MSHTA.exe to REALTIME, so that the ADD/REMOVE PROGRAM can
get some CPU time.
(6) Select and Remove "Windows 2000 Hotfix - KB835732".
(7) Go back to TaskManager and set the Priority
of "SPUNIST.exe" to REALTIME, for the uninstall program to
run.
(8) Wait a few minutes, and the uninstall program will
eventually ask you to click FINISH to reboot the machine.
It took a long time for the system to shutdown and I just
unplugged the power.
(9) The machine should become normal after reboot.
====8<----[MICROSOFT IS LOOKING at the KB 835732 issue now]----
====8<----[HELP...ME TOO! my machine is doing the exact same thing...]----
I found this solution below, and it worked great.
Boot into SAFE MODE (no networking or no command prompt).
Go to: Control Panel --> Add / Remove Programs
UNINSTALL Windows Hotfix KB 835732
Reboot...
There's some additional tricks to this that you can use:
1) Instead of using add\remove programs, run CMD and type
in:
%systemroot%\$Ntuninstallk
or
2) if you can get to the desktop, go to task manager.
Give the explorer process Realtime priority. Then go to
the command prompt and follow step #1. Once you start up
the spuninst.exe program, go into task manager and give
it Realtime priority as well.
====8<----[HELP...ME TOO! my machine is doing the exact same thing...]----
On W2k in certain configurations, it's high CPU usage of the system process, on Server 2k3, it disables IE's encryption, and it seems to mess up some NT4 installations as well.
Here's a description about how to best remove it:
http://groups.google.de/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=%23IOM%23EzIEHA.3476%40TK2MSFTNGP11.phx.gbl
or another possibility:
http://groups.google.de/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=1d1d201c42315%2448f9c3b0%24a501280a%40phx.gbl&rnum=2
If it doesn't work, google groups for "835732" and "CPU usage" or "835732" and "realtime".
Here are the important parts of the articles above, just in case:
====8<----[MICROSOFT IS LOOKING at the KB 835732 issue now]----
To unistall it, I did the following
(1) Boot into Safe mode.
(2) Run TaskManager - and noticed that the SYSTEM process
was using 99% of the CPU time.
(3) From TaskManager set the Priority of the EXPLORER
process to REALTIME, so that I can get to the control
panel.
(4) Run ADD/REMOVE PROGRAM from control panel.
(5) Go back to TaskManager and set the Priority of
MSHTA.exe to REALTIME, so that the ADD/REMOVE PROGRAM can
get some CPU time.
(6) Select and Remove "Windows 2000 Hotfix - KB835732".
(7) Go back to TaskManager and set the Priority
of "SPUNIST.exe" to REALTIME, for the uninstall program to
run.
(8) Wait a few minutes, and the uninstall program will
eventually ask you to click FINISH to reboot the machine.
It took a long time for the system to shutdown and I just
unplugged the power.
(9) The machine should become normal after reboot.
====8<----[MICROSOFT IS LOOKING at the KB 835732 issue now]----
====8<----[HELP...ME TOO! my machine is doing the exact same thing...]----
I found this solution below, and it worked great.
Boot into SAFE MODE (no networking or no command prompt).
Go to: Control Panel --> Add / Remove Programs
UNINSTALL Windows Hotfix KB 835732
Reboot...
There's some additional tricks to this that you can use:
1) Instead of using add\remove programs, run CMD and type
in:
%systemroot%\$Ntuninstallk
or
2) if you can get to the desktop, go to task manager.
Give the explorer process Realtime priority. Then go to
the command prompt and follow step #1. Once you start up
the spuninst.exe program, go into task manager and give
it Realtime priority as well.
====8<----[HELP...ME TOO! my machine is doing the exact same thing...]----
While I believe SpyBot is a great product, if you come to the point where your running it on a DC, it is time for a rebuild. I avoid surfing the web at all costs on servers with the exception of neccessary visits to vendor sites. I just love it when I launch IE on a server to find one of my fellow engineers has been checking their Yahoo mail on the server.. MSGeek
ASKER
Uninstalling KB 835732 did not resolve the issue.
what service components are running and not running?
Here's another interesting thread concerning the patch:
Subject: After Ms patches last Wed ...
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=2e2c32c95b9c0662&seekm=c5pbhq%24tt5%241%40FreeBSD.csie.NCTU.edu.tw#link1
Subject: After Ms patches last Wed ...
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=2e2c32c95b9c0662&seekm=c5pbhq%24tt5%241%40FreeBSD.csie.NCTU.edu.tw#link1
ASKER
Problem turned out to be hardware related. Specifically, the serial cable from the UPS to the server.
Thanks for all your time and input
Thanks for all your time and input
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
have you tried safe mode to see if the utilization goes down?