Exchange Server NT Kernel & System

I have an Exchange 2010 Server running on Windows 2008 R2 (virtual environment - VMWare)

The server has 2 vcpus, 16gb ram and it is doing Mailbox, CAS and Hub Transport with around 100  mailboxes... it has been ticking over quite nicely until.....

Just recently i have noticed that is has started really chugging - logging on you can see that the CPU usage is flatlining at 100% for a couple of hours at a time and then goes back to the usual peaks and troughs for a while before maxing out again.

When the CPU usage is at 100% the description of the process that seems to be causing it is NT Kernel & System which, having googled it, i cant seem much info on relating to a similar setup.

It is getting to the point where it is really effecting general mail flow and our users are complaning about OWA is painfully slow. Backups (using Veeam) are taking 9 hours as apposed to 3.

Nothing obvious is reported in the event logs.....

Any one seen anything similar or suggest any ways of troubleshooting this?
dbarnbrookAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Miguel Angel Perez MuñozCommented:
If have got installed Eset Mail security, ensure "background scanning" is disable (antivirus and antispyware > mail server protection > VSAPI 2.X)
0
dbarnbrookAuthor Commented:
We dont use Eset Mail Security, we use GFI Mail Defence Suite for our virus scanning and antispam protection.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
what datastore is in use to support the VMs?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

dbarnbrookAuthor Commented:
The datastores sit on an iSCSI SAN... the disks are SAS with Raid 10 then carved up into iSCSI with multipathing.
0
dbarnbrookAuthor Commented:
This is getting ridiculous now....has been sat on 100% Cpu Usage for about 4 hours now...  any further suggestions would be greatly appreciated!!
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
what process is causing the high 100% CPU?

I would suggest downloading Process Explorer

http://technet.microsoft.com/en-us/sysinternals/bb896653
0
dbarnbrookAuthor Commented:
The process is: System,  with the description of: NT Kernel & System.

Thanks hanccocka ....will try running the process explorer however is is really painful doing any kind of troubleshooting because of the cpu usage.
0
dbarnbrookAuthor Commented:
OK as i said the process is System PID 4 constantly taking 40 - 80 percent CPU (see attached screenshot)

process explorer
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Schedule some downtime, and stop all the services on the server.
0
dbarnbrookAuthor Commented:
i will go through the services tonight as i have scheduled some downtime. In the mean time I did disable the network adapter and all cpu usage dropped to almost nothing, including the System Process....
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
have you checked for denial of service attach, or SMTP delivery.
0
dbarnbrookAuthor Commented:
Right - we finally figured it out..... One of our backups (we use Veeam) had failed a couple of weeks ago and basically it had created a snapshot of the VM but not deleted it afterwards. So therefore i think the Exchange box was basically writing changes to new disks and still reading from the old ones - hence the chugging. Once i had deleted the snapshot and the changes were committed it seems all back to normal now. Thanks for your sugggestions.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dbarnbrookAuthor Commented:
I eventually figured the issue out for myself.... others helped with basic troubleshooting but didn't hit the nail on the head.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.