Troubleshoot High CPU utilization in the system process.
High CPU Utilization on Server..!!! Don’t panic… Analyze what causing the high CPU, you need to perform some of the standard troubleshooting steps, before you conclude any decision.
PID for system process is 4.
What is the System process?
The System process is a kernel mode process which runs system threads (the kernel and loaded device drivers) taking care of network I/O or disk I/O,
Below parameters may cause for High CPU utilization.
1. 3rd party applications such as:
A. Antivirus on the remote machines keeps on scanning the server.
B. Firewall programs.
2. Issues with network interface card (NIC) drivers/firmware.
3. Scheduled tasks, Scripts and batch files that place excessive load on the server possibly run from the remote machines.
4. Windows Security Auditing configured aggressively as to Audit, in particular audits on success /failure.
We have many tools to troubleshoot performance issues.
1. Task Manager – Default built in tool in operating system
2. Process Explorer – Download from below path
3. Perfmon – Default built in tool in operating system
4. KernRate – Applicable to Windows 2000 or Windows Server 2003,
Note : kernrate is not applicable to Windows Server 2008 and 2008 R2 and above
5. Windows Performance Toolkit (Xperf) – Replace tool for KernRate
(Applicable to Windows Server 2008 / R2 and above versions)
6. Complete memory dump.
KB 972110 How to generate a kernel dump file or a complete memory dump file in Windows Server 2003 http://support.microsoft.com/?id=972110
KB 969028 How to generate a kernel or a complete memory dump file in Windows Server 2008
7. Analyze Network issues – Microsoft Network Monitor / Wireshark http://www.microsoft.com/downloads/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en
1. Update the kernel filter drivers for the antivirus and/or firewall program(s).
KB 816071 will help you to how temporarily deactivate the kernel mode filter driver in Windows
2. Update the NIC driver/firmware
3. Update the NIC teaming software/driver/firmware,
1. Remove Network cable and check – If that resolves the issue, then may be issue is coming from Network level, Use network Monitor / Wireshark to analyze network traces.
2. Restart server in Safemode / safemode with Networking – If you get same issue, Collect Tracert and netstat report and check further.
3. Perform Clean boot : Disable all all services from startup except Default.
Refer: http://support.microsoft.com/kb/929135/en-us and http://support.microsoft.com/kb/331796/en-us
If that didn’t fix the issue, you can Try analyzing the Procmon / Process Explorer / Xperf and other tools logs.
For more information you can visit Microsoft’s Performance Team blog or Premier Field Engineering team blog.
Performance Team: http://blogs.technet.com/b/askperf/
Premier field Team Blog: http://blogs.technet.com/b/askpfeplat/