Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CPU 100% - by System

Status
Not open for further replies.
KRPGroup

KRPGroup

MIS
Jun 22, 2005
317
CA
This server is a basic file server that started to run 90-100 CPU. After checking the task manager it is the System process that is doing it.

The CPU does settle down in the evenings when staff go home but the System process is still a bit high but the server is atleast manageable. It runs in the 25-35% spiking in the 70-80 for short bursts.

After extensive testing, changing out hardware EG Raid Controller, NIC, we think have narrowed the issue down to the Network.
We have found out if we disable the NIC or unistall it, the server runs normally. As soon as we install or enable the NIC the System process CPU usage jumps way up.
 
Sort by date Sort by votes
This could be considered normal behaviour depending on things like how many users you have accessing the server, is there a lot of I/O being generated on the disk subsystem, network interface, memory/cache.

Does this server also run as a print server? Do you have any other software running on it.

Start by doing some performance monitoring to see if you have a bottleneck, by disabling the NIC all you're doing is stopping the server from serving it's role that of a file server.

Hope this helps.
 
Upvote 0 Downvote
what you could try is downloading a tool from called currports, that should tell you what if anything is using the carious ports on your system, to connect to the internet. it will also show the executable fle that is active.

it sounds like you could have a trojan of some sort.

hope that helps.

Many Thanks
Yurov Ardyy
 
Upvote 0 Downvote
We unshared 2 shared folders
1 - Users, All user folders, approx 90-95 staff
2 - Apps, Application folder (had less than 10 staff in at the time)

As soon as we got everyone disconneted from the server the CPU dropped to normal. The server is still on the network but seems as soon as a large number of clients connect even if they do not have files open the server System spikes.
 
Upvote 0 Downvote
could be a malware program on your clients computers..



Many Thanks
Yurov Ardyy
 
Upvote 0 Downvote
Also the server is doing the following
1 - 2 File Shares, Apps and Home folders
2 - Payroll database (which I have turned off)

It did have Shadow copy running but I have disabled this as well.

Itsp1965, can you recommend a few PM Counters to run?
 
Upvote 0 Downvote
The key metrics you should check (as per MS)

Physical/Logical disk
---------------------
Disk transfer/sec
Avg Disk Queue Length (should not > 2)
(note you will need to enable disk counters by typing diskperf -ye at the command prompt)

Memory
------
Pages/Sec (should not be > 20 for a period of 5 mins or more)
Avail Bytes (should never go < 4MB

Paging File
-----------
% Usage (lookout for growth)

Network Interface
-----------------
Bytes Total/Sec (should not be greater than 50%)

Now you didn't mention as to whether the CPU spikes were at 90-100% for what period of time. If it's constantly running like this then I would also check what the other posts have indicated otherwise it's quite possible your server has a bottleneck

Hope this helps.
 
Upvote 0 Downvote
When we are experiencing the problem the System is 90% + constantly and with a few of the other processes taking 1-2% the server is running 100% or close to it.

I have ran a full virus scan using Trend Server Protect. I went to the site but couldn't find Currports?

Now that the sever is running normally I have started to remapped staff back to it for their Applicaiton drive. I figured I could slowly increase it to see if anything happens. I will keep staff from mapping their user folders for now to see if that has anything to do with it.
 
Upvote 0 Downvote
This server doesnt have an smtp server on it that could be used as a relay does it?
 
Upvote 0 Downvote
I did a P2V Vmware conversion to see if it was hardware related and even in the VM it is still running with a Hgih CPU only when staff are connected. After hours it drops way down.

The NIC in the vm is solid all the time.
I looked at the properties of the card and it was displaying 86,xxx,xxx,xxx bytes sent in 3 days while the hosts of the VM is only at 600,xxx,xxx bytes sent.

The network utilization on the VM in under 1% on the task mgr
 
Upvote 0 Downvote
Have you tried running a packet sniffer on it like ethereal and analyzing the kind of traffic coming out of it?

RoadKi11
 
Upvote 0 Downvote
I have ran the Process Explorer and System shows 90%+ and all the sub process register blank (I am assuming too low to count) and another one registers 1-2%max.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
251
RRankin355
RRankin355
kurio71
  • Locked
  • Question
IE11 - Remember my credentials checked by default
Replies
0
Views
154
kurio71
kurio71
bhimmler
  • Locked
  • Question
Looking for a way to Capture/Log high CPU Utilizing Processes over time.
Replies
0
Views
106
bhimmler
bhimmler
goombawaho
  • Locked
  • Question
Operating System Compatibility
Replies
0
Views
119
goombawaho
goombawaho
cabraun
  • Locked
  • Question
Group Policy Question (Set System Variable)
Replies
2
Views
159
markdmac
markdmac

Part and Inventory Search

Sponsor

Back
Top