winlogon.exe hangs causing 100% CPU

Posted on 2006-03-29
Last Modified: 2013-12-23
On a corporate network we support was have 26+ Terminal Servers, running on NT4 server & metaframe 1.8 They have all been working fine for over 5 years+. Recently a few servers have started to experience a problem where by the WINLOGON.EXE process takes up to 100% CPU and the server performance degrades to an unusable level. The only way to resolve this problem is to reboot the server - not easy when anywhere up to 30 users are using it (might not seem like many but it is to the client).

All servers are service packed to up to SP6.

We have tried both of these numerous times: but they haven't helped.

We have already gone down a few routes namely:
Printer drivers problems - hasn't help
LMREPL.exe & Directory Replication. Some (at my company & client (all Techies)) believe this may be the problem - hasn't helped.
Profile rebuilds. We have rebuilt one sites profiles but the problem is still occurring.
Spy ware etc. All servers are clean as a whistle after running spybot and AdAware.

This is causing the client more and more problems as well as a lot of work for me & my team. There is an upgrade for the client to Win2k3 (software and hardware) coming but the client is talking about postponing until the above problems are resolved. As much as I want to say to the client just upgrade we all need to understand (and try to fix) the problem before the upgrade.

Any help would be great!
Question by:Mark Galvin
    1 Comment
    LVL 37

    Accepted Solution

    please download Process Explorer from the following site and use it to determine which process is calling winlogon.exe by analysing the process tree given by the utility.

    Process Explorer

    hope it helps,

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
    Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now