Might also try from a clean boot.
https://support.microsoft.com/en-us/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd
SYSTEM (ntoskrnl.exe) high CPU usage - All Windows Server versions
Hi everyone,
We can't understand a behavior that we got since yesterday on every file server of our infrastructure: The "SYSTEM" process (ntoskrnl.exe) is using all CPU available, conducting to completly overload the server and slow down to hell its services... Same problem on WS2012R2 & 2016.
On 2012R2, we got 3 KB installed recently (05/09) : KB5004233, KB5004298, KB5004285. On 2016, the last CU installed was the KB5005043 on late august. Nothing more since that.
- I tried to use ProcessHacker tool to see what could cause that, but i can't see nothing intersting / relevant :
- I tried to follow the detailed informations of this thread:
https://superuser.com/questions/527401/troubleshoot-high-cpu-usage-by-the-system-process
Same thing, can't find any relevant using the Windows Performance Analyzer...
Have you any advices ?
Thanks in advance...
Arnaud
8 answers
Sort by: Most helpful
-
Anonymous
2021-09-09T15:03:39.307+00:00 -
Arnaud Rigole 141 Reputation points
2021-09-10T07:17:38.183+00:00 @Anonymous thanks for your response. As i told, we got unexpectedly the problem on every file server, from day to day !
Every server is different and the only common binary is the Antivirus. We tried to disable it, and still have SYSTEM process up to 70% (peaks) cpu usage !Anyway, i tried yesterday to boot a 2012R2 without any additional service, and... check that out...
Any ideas ?
-
Arnaud Rigole 141 Reputation points
2021-09-10T07:59:33.44+00:00 Following this, i disabled ABE on every SMB share on a sample server : no changes
https://learn.microsoft.com/fr-fr/windows-server/storage/file-server/troubleshoot/high-cpu-usage-issue-on-smb-server -
Docs 15,571 Reputation points
2021-09-10T08:05:03.227+00:00 See if this link is useful:
https://learn.microsoft.com/en-us/windows-hardware/test/wpt/cpu-analysis
.
.
.
.
.
Please remember to vote and to mark the replies as answers if they help.On the bottom of each post there is:
Propose as answer = answered the question
On the left side of each post: Vote = a helpful post
.
.
.
.
. -
Arnaud Rigole 141 Reputation points
2021-09-10T09:31:51.827+00:00 @Docs as you can see on my first post... i already tried to use WPA to identity binary/drivers involved...
There is nothing relevant, pure system calls if i expand [root] stack tree of the system process...