?
Solved

High CPU load on Domain Controller

Posted on 2007-10-09
15
Medium Priority
?
1,559 Views
Last Modified: 2012-06-27
We are experiencing high sustained CPU load on three of our domain controllers.  Here is the basic functions of the domain controllers.  They are all 2003 Server, 1 GB RAM, 3.2GHz Xeon processor.

They all are running DNS, printer queues for network printers and IAS for wireless RADIUS authentication.  

Under the task manager, the processes that are showing ANY CPU usage are System and System Idle process.  

We have rebooted and it solves the problem for a day and then the CPU starts to climb.  It will go to 20% sustained, then 50%, then by the end of the week it will be above 75% and sometimes at 90% sustained.  Any ideas on where to look?
0
Comment
Question by:lkingpinl
  • 5
  • 4
  • 2
  • +3
14 Comments
 
LVL 3

Expert Comment

by:cgbent
ID: 20043504
Familiar with "Process Explorer?"

Get this tool and lookinto the system process properties and see what thread it is that is taking up all the CPU time and see if it is something like a corrupt dll you could replace or something like that.

If anything, you should be able to gather some more information about what is actually causing the problem. Please post your findings.
0
 
LVL 3

Expert Comment

by:cgbent
ID: 20043513
www.sysinternals.com - many great tools including the Process Explorer
0
 
LVL 2

Author Comment

by:lkingpinl
ID: 20043884
I've used Process Explorer and tried that but the only things showing CPU activity is SYSTEM and SYSTEM IDLE PROCESS.  Under the process tree there are no other services showing heightened CPU activity.  There is a lot of network activity though....
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Expert Comment

by:cgbent
ID: 20046469
sorry for delay in response.

I was refering to "right clicking / properties" on the system process and checking the threads tab.  Anything sucking a bunch in there?

The network activity could have a play but I am leaning towards loopbacks. From your description of the slow increase in CPU utilization you might a corrupt system object causes threads to hang or something of the sort.
0
 
LVL 2

Author Comment

by:lkingpinl
ID: 20048151
Can you give me a hint to what I should be looking for in there?  The only threads showing CPU activity have a start address of srv.sys+0x16602.  And I cannot kill them.  The CPU right now is just bouncing continuously from 45-65%.....on other DC's and servers normal CPU stays around 1-2% with peak activity of about 10%.  
0
 
LVL 3

Expert Comment

by:cgbent
ID: 20053768
again apologies for delay in response.

That is weird if you are not able to browse through areas and see recorded CPU usage. There is nothing in ProcEx that is showing using CPU other than the system and idle processes however. System is the whole of all those processes, there must be something showing constant usage that you can see.

You mentioned heighten network activity, do you have the ability to cut that network activity and see if the cpu keeps going? Obviously network activity can be related to cpu utilization!!! I don't think this is the case.

History of the 3 problematic DC's over the last month? Any common components on these three that,  print drivers, patches, tweaks etc. etc?
0
 
LVL 2

Author Comment

by:lkingpinl
ID: 20053798
We found the problem.  It was DNS traffic.  For some reason DNS service was not updating so all DNS hosts that were not listed in the DNS zone locally were being forwarded to Germany.  We analyzed network traffic and found that 35% of network traffic was DNS.  We fixed this issue and CPU went down to 1%...
0
 
LVL 3

Expert Comment

by:cgbent
ID: 20053925
great, glad to hear that. Might I ask one thing, how many users do you have in your network? That is a LOT of DNS traffic.
0
 
LVL 2

Author Comment

by:lkingpinl
ID: 20232989
We have roughly 3,000 users, but in our JIT plants we have services running that rely on machines in other locations so they resolve on DNS resolution for certain tasks.  With constant processing, this accumulated to alot of traffic
0
 

Expert Comment

by:optivity1
ID: 20493258
We have the same thing here : srv.sys 0x16602
How did you fix this ?  What was wrong with the DNS ?
Thanks.
0
 

Expert Comment

by:EFX_Helpdesk
ID: 20500032
We are having the exact same issue as well for the past month or so.  A reboot resolves the issue for a few days, and then CPU and Memory utilization by the system process grows.  It seems that the same srv.sys+0x16602 is where the issue is.  We do a lot with this machine.  It is main file server/DC/DNS/DHCP, main DFS hub for backups, etc.  It was fine before, but something has gone on.  We do not have Trend Micro, we use Symantec, so it is not related to that microsoft documented issue.  Any help guys?

Thanks.
0
 

Expert Comment

by:optivity1
ID: 20532959
Still no solution...
0
 

Expert Comment

by:DorisOnline
ID: 21332219
Hey,

This has cropped up for us as well. 3 Domain controllers, all three acting as DNS servers and the system service is bouncing around the 60-80% range. Its not caused any problems yet but.....

Any help would be highly appreciated, as I am really not sure what is going on here.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22601173
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Integration Management Part 2
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question