Spoolsv.exe CPU Utilization
I'm basically looking for some baseline CPU Utilization information in order to compare my Print Server with others. I'm seeing high CPU utilization about every 5-7 minutes on the server where spoolsv.exe will spike at 100% for about a minute and then come back down to next to nothing. Is this normal? Anyone know what its doing? I can't find any documentation on its "processing".
My environment: VMWare 2.33 GHz with 2GB of RAM, Windows 2008 R2 (x32) Test Print Server with no users, no jobs. I've migrated my production printers over to this server and its having identical issues. I currently have 58 printers on this server.
I've been scouring the Internet for about a week now and know all about deleting stuck print jobs in C:\windows\system32\spool\
I also know about corrupted print drivers and am still working on deleting them (21 in all) one at a time and restarting the Print Spooler service after each one and watching the CPU utilization.
If you stumble across this question. Please watch your print server's CPU utilization for about 30 minutes and post your results here. If you can enlighten me, please do that too!
I guess all-in-all I'm trying to determine what "normal" behavior is for spoolsv.exe.
Thanks!
My environment: VMWare 2.33 GHz with 2GB of RAM, Windows 2008 R2 (x32) Test Print Server with no users, no jobs. I've migrated my production printers over to this server and its having identical issues. I currently have 58 printers on this server.
I've been scouring the Internet for about a week now and know all about deleting stuck print jobs in C:\windows\system32\spool\
I also know about corrupted print drivers and am still working on deleting them (21 in all) one at a time and restarting the Print Spooler service after each one and watching the CPU utilization.
If you stumble across this question. Please watch your print server's CPU utilization for about 30 minutes and post your results here. If you can enlighten me, please do that too!
I guess all-in-all I'm trying to determine what "normal" behavior is for spoolsv.exe.
Thanks!
ASKER
No drivers exist that I haven't placed on the server. The Microsoft drivers aren't there I previously removed them.
I've deleted all ports that aren't being used (except for LPT1, COM1, etc...)
Microsoft Image Writer doesn't exist.
Oh yeah... I saw this article about the spooler.xml file growing too. Thats not the problem either. Its currently 259KB
Have you guys watched your print server? I'm curious if you see it peak at 100% about every 7-10 minutes?
I've deleted all ports that aren't being used (except for LPT1, COM1, etc...)
Microsoft Image Writer doesn't exist.
Oh yeah... I saw this article about the spooler.xml file growing too. Thats not the problem either. Its currently 259KB
Have you guys watched your print server? I'm curious if you see it peak at 100% about every 7-10 minutes?
I had a server with a similar problem, however it was because another admin has performed a full driver install (including status monitor and other junk)...
I would recommend looking into using Perfmon to start a baseline of key stats to give you an idea to move forward with....
After a quick google, I came across this posting which may help :- http://www.techsupportforum.com/forums/f217/spoolsv-exe-and-svchost-exe-use-100-cpu-542117.html
To discern the exact cause, you can go two routes:
1. Grab Process Monitor http://technet.microsoft.com/en-us/sysinternals/bb896645 and have it running for a minute or two to collect data while you're suffering the issue. Then proceed to save it (make sure "all events" option is checked) and send it our way. Doesn't matter file type, default is fine.
2. Grab Process Explorer http://technet.microsoft.com/en-us/sysinternals/bb896653 and have it open while you are suffering the effects. It's essentially a very beefed up version of Task Manager (in fact there's an option to replace Task Manager with it). What you'll want to do is sort them based on CPU column, then dbl-click the ones that are showing up using the most cpu (svchost and spoolsv.exe) to get their list of threads. Sort those by CPU or Cycles Delta, and see large spikes or consistently high usage. Double click the thread(s) that are high. Then hold shift and use the down arrow key to select all the frames in the stack that are displayed. Once all are selected click copy then paste em here for us to look at.
I would recommend looking into using Perfmon to start a baseline of key stats to give you an idea to move forward with....
After a quick google, I came across this posting which may help :- http://www.techsupportforum.com/forums/f217/spoolsv-exe-and-svchost-exe-use-100-cpu-542117.html
To discern the exact cause, you can go two routes:
1. Grab Process Monitor http://technet.microsoft.com/en-us/sysinternals/bb896645 and have it running for a minute or two to collect data while you're suffering the issue. Then proceed to save it (make sure "all events" option is checked) and send it our way. Doesn't matter file type, default is fine.
2. Grab Process Explorer http://technet.microsoft.com/en-us/sysinternals/bb896653 and have it open while you are suffering the effects. It's essentially a very beefed up version of Task Manager (in fact there's an option to replace Task Manager with it). What you'll want to do is sort them based on CPU column, then dbl-click the ones that are showing up using the most cpu (svchost and spoolsv.exe) to get their list of threads. Sort those by CPU or Cycles Delta, and see large spikes or consistently high usage. Double click the thread(s) that are high. Then hold shift and use the down arrow key to select all the frames in the stack that are displayed. Once all are selected click copy then paste em here for us to look at.
ASKER
Well... I went the Process Explorer route. I captured the following threads when it was doing its "thing". I don't know what to make of it, but maybe someone else does?
I've also attached a screenshot.
ntoskrnl.exe!KeWaitForMult
ntoskrnl.exe!PsGetCurrentT
ntoskrnl.exe!NtOpenProcess
ntoskrnl.exe!KiDeliverApc+
ntoskrnl.exe!KeInsertQueue
ntoskrnl.exe!KeWaitForMult
ntoskrnl.exe!ProbeForWrite
ntoskrnl.exe!ProbeForWrite
ntoskrnl.exe!ZwQueryLicens
ntdll.dll!KiFastSystemCall
kernel32.dll!WaitForMultip
tcpmon.dll!CPortABC::CPort
tcpmon.dll!CPortABC::CPort
ntdll.dll!RtlIdnToAscii+0x
ntdll.dll!RtlSizeHeap+0x8d
kernel32.dll!BaseThreadIni
ntdll.dll!RtlInitializeExc
ntdll.dll!RtlInitializeExc
Screen-shot-2011-02-04-at-1.28.2.png
I've also attached a screenshot.
ntoskrnl.exe!KeWaitForMult
ntoskrnl.exe!PsGetCurrentT
ntoskrnl.exe!NtOpenProcess
ntoskrnl.exe!KiDeliverApc+
ntoskrnl.exe!KeInsertQueue
ntoskrnl.exe!KeWaitForMult
ntoskrnl.exe!ProbeForWrite
ntoskrnl.exe!ProbeForWrite
ntoskrnl.exe!ZwQueryLicens
ntdll.dll!KiFastSystemCall
kernel32.dll!WaitForMultip
tcpmon.dll!CPortABC::CPort
tcpmon.dll!CPortABC::CPort
ntdll.dll!RtlIdnToAscii+0x
ntdll.dll!RtlSizeHeap+0x8d
kernel32.dll!BaseThreadIni
ntdll.dll!RtlInitializeExc
ntdll.dll!RtlInitializeExc
Screen-shot-2011-02-04-at-1.28.2.png
Hi,
Unfortunately I'm unable to offer any assistance on the above... However, maybe another approach..
1. Pause all of your printers.
2. Ask the users (or do it yourself) to print a NORMAL document to each printer, size,etc as normal
3. Unpause the queues in order while running task manager.
See which queue appears to cause the spike..
This may at least point to which driver/ queue is the problem..
Unfortunately I'm unable to offer any assistance on the above... However, maybe another approach..
1. Pause all of your printers.
2. Ask the users (or do it yourself) to print a NORMAL document to each printer, size,etc as normal
3. Unpause the queues in order while running task manager.
See which queue appears to cause the spike..
This may at least point to which driver/ queue is the problem..
I would guess this is heap memory allocation and wonder is there a memory leak? Does memory use suggest it leaks over time?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is a test server, so there no users attached to any of the printers or server. There are no jobs going through the server. Any utilization spikes are coming directly from the server itself.
I think at this point I'll revisit uninstalling printers by model type and then remove their associated driver along with it.
Again I ask though... What is "normal" utilization and CPU spikes?
I think at this point I'll revisit uninstalling printers by model type and then remove their associated driver along with it.
Again I ask though... What is "normal" utilization and CPU spikes?
I think anything could use 100% CPU in short bursts. Time slicing on a single processor gives each processor some time. It can use as much of the CPU as it likes. I don't see that being a big thing unless it hangs at 100% for a long time.
Some drivers are not written as well as others.
Some drivers are not written as well as others.
Right...
Hmmm. Okay.
- Make sure you have excluded your spool directory from your AV scanner's rules.
Check out these links for troubleshooting high CPU.
http://technet.microsoft.com/en-us/library/bb742546.aspx
http://social.technet.microsoft.com/Forums/en/winserverprint/thread/ee4450e9-c9e5-4e4f-99f6-d3a01f73b674
as for whats norm, you would really need to use perfmon to setup a baseline so you know what is norm for your server (every server is different). You can get more information on how to do that from here :-
http://technet.microsoft.com/en-us/library/cc781394(WS.10).aspx
With the server onlly being a test server, load should be minimal.
Hmmm. Okay.
- Make sure you have excluded your spool directory from your AV scanner's rules.
Check out these links for troubleshooting high CPU.
http://technet.microsoft.com/en-us/library/bb742546.aspx
http://social.technet.microsoft.com/Forums/en/winserverprint/thread/ee4450e9-c9e5-4e4f-99f6-d3a01f73b674
as for whats norm, you would really need to use perfmon to setup a baseline so you know what is norm for your server (every server is different). You can get more information on how to do that from here :-
http://technet.microsoft.com/en-us/library/cc781394(WS.10).aspx
With the server onlly being a test server, load should be minimal.
I'm just saying that a poorly written printer driver _MIGHT_ peg the CPU during its piece of the pie.
Hi SStory,
I did not mean to doubt you with my comment of "hmmm, okay.." that was more in referrence to janisumer saying it was a test server...
Defo, I have seen instances of that in the past.. Sometimes even just changing the driver from PCL to PS can have an impact..
I did not mean to doubt you with my comment of "hmmm, okay.." that was more in referrence to janisumer saying it was a test server...
Defo, I have seen instances of that in the past.. Sometimes even just changing the driver from PCL to PS can have an impact..
No problem.
I have seen my spooler go nuts before....except it was that darn Microsoft "printer" driver that was getting prints to nowhere.
I have seen my spooler go nuts before....except it was that darn Microsoft "printer" driver that was getting prints to nowhere.
ASKER
WOW! What a task!
I've gone through my 55 printer drivers via process of elimination and believe I've found a bad Microsoft Supplied driver for the Lexmark E250dn (MS). Thank goodness for VMWare and Snapshots!
Anyway... I've downloaded the latest E250dn driver straight from Lexmark and have installed it. I swapped all of my E250dn printers over the to the new Lexmark driver and now I'm trying to delete the old E250dn (MS) driver. However, when I try to remove the package it says:
"Failed to remove driver Lexmark E250dn (MS). The specified printer driver is currently in use."
I've quadruple checked that the driver isn't associated on the Printers page. I've rebooted the server and restarted the Spoolsv.exe service a couple of times and can't seem to get the system to allow me to remove the package (or delete).
Any clues?
I've gone through my 55 printer drivers via process of elimination and believe I've found a bad Microsoft Supplied driver for the Lexmark E250dn (MS). Thank goodness for VMWare and Snapshots!
Anyway... I've downloaded the latest E250dn driver straight from Lexmark and have installed it. I swapped all of my E250dn printers over the to the new Lexmark driver and now I'm trying to delete the old E250dn (MS) driver. However, when I try to remove the package it says:
"Failed to remove driver Lexmark E250dn (MS). The specified printer driver is currently in use."
I've quadruple checked that the driver isn't associated on the Printers page. I've rebooted the server and restarted the Spoolsv.exe service a couple of times and can't seem to get the system to allow me to remove the package (or delete).
Any clues?
Great find.
Try stopping the print spooler and then removing it... Also check whether you installed any associated lexmark tools (queue monitors) etc.
Check in add/remove programs ;)
Try stopping the print spooler and then removing it... Also check whether you installed any associated lexmark tools (queue monitors) etc.
Check in add/remove programs ;)
I did mention Lexmark being a notorious pain...in post 34817549
I had to stop the print spooler service and edit the registry to remove the thing from a box.
HKEY_LOCAL_MACHINE\SYSTEM\
Is the location to the spooler service. I think mine replaced it or added a dependency or something to that effect. I would open the registry and search for Lexmark and you will find it placing itself in the middle of the print spooler chain, I think. Sorry, this is just from memory.
I had to stop the print spooler service and edit the registry to remove the thing from a box.
HKEY_LOCAL_MACHINE\SYSTEM\
Is the location to the spooler service. I think mine replaced it or added a dependency or something to that effect. I would open the registry and search for Lexmark and you will find it placing itself in the middle of the print spooler chain, I think. Sorry, this is just from memory.
ASKER
It won't allow you to remove it without the Print Spooler running.
I don't see any monitors installed either though "Uninstall a program".
Any way to nuke it out of the Registry?
I don't see any monitors installed either though "Uninstall a program".
Any way to nuke it out of the Registry?
ASKER
How about deleting registry key:
HKLM\SYSTEM\CurrentControl
Think that'll do it?
HKLM\SYSTEM\CurrentControl
Think that'll do it?
ASKER
The driver that was causing the server issues was the Lexmark E250dn (MS) driver.
The Print Manager wouldn't allow me to "Remove the Package" or "Delete" the driver as it always said it was in use (it wasn't).
I wound up shutting down the spoolsv.exe (Print Spooler Service), edited the registry and remove the KEY for the E250dn(MS) printer in this location:
HKLM\SYSTEM\CurrentControl
I then rebooted the server and utilization has gone done immensely. The server still spikes periodically at 100%, but now doesn't stay there for 5-7 minutes at a time.
The Print Manager wouldn't allow me to "Remove the Package" or "Delete" the driver as it always said it was in use (it wasn't).
I wound up shutting down the spoolsv.exe (Print Spooler Service), edited the registry and remove the KEY for the E250dn(MS) printer in this location:
HKLM\SYSTEM\CurrentControl
I then rebooted the server and utilization has gone done immensely. The server still spikes periodically at 100%, but now doesn't stay there for 5-7 minutes at a time.
Also, if you have one of Microsoft's fake printer drivers--like the one that comes with Office 2003, and have it set to default, it will hog spoolsv for a long time.
Look for "Microsoft Image Writer" and see if there are jobs waiting. Check all "printers" in the Printers panel to see if any have jobs.
http://www.annoyances.org/exec/forum/winxp/t1084676549