SYSTEM (ntoskrnl.exe) high CPU usage - All Windows Server versions

Arnaud Rigole 141 Reputation points
2021-09-09T14:38:35.64+00:00

Hi everyone,

We can't understand a behavior that we got since yesterday on every file server of our infrastructure: The "SYSTEM" process (ntoskrnl.exe) is using all CPU available, conducting to completly overload the server and slow down to hell its services... Same problem on WS2012R2 & 2016.

On 2012R2, we got 3 KB installed recently (05/09) : KB5004233, KB5004298, KB5004285. On 2016, the last CU installed was the KB5005043 on late august. Nothing more since that.

130725-image.png

  • I tried to use ProcessHacker tool to see what could cause that, but i can't see nothing intersting / relevant :
    130812-image.png
    • I tried to follow the detailed informations of this thread:

https://superuser.com/questions/527401/troubleshoot-high-cpu-usage-by-the-system-process

Same thing, can't find any relevant using the Windows Performance Analyzer...

130755-image.png

Have you any advices ?
Thanks in advance...

Arnaud

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,431 questions
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,570 questions
{count} votes

8 answers

Sort by: Most helpful
  1. Limitless Technology 39,511 Reputation points
    2021-09-10T10:07:37.537+00:00

    Hello,

    Thank you for your question.

    As you mentioned its file server it could be due to accessing of shared files in network by clients.

    I would suggest to check the usage during off hours if it comes down.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments No comments

  2. Arnaud Rigole 141 Reputation points
    2021-09-10T14:26:02.837+00:00

    Hey @Limitless Technology

    Thanks for the response.
    I spent the last 2 evenings, off production, from 8pm to 11pm, to try to debug... no users connected, no smb share accessed, no RDS session opened.
    Still have the same CPU usage !

    Arnaud

    0 comments No comments

  3. Thiago Secco 1 Reputation point
    2021-10-08T19:48:45.337+00:00

    Hi,
    Were you able to find the solution for this?

    We have a FS that has the same symptoms since earlier today. Through ProcessExplorer I can see 212 threads with this address: nstoskml.exe!oGetIoPriorityHint+0x1d8
    one thing I can't figure out is that on TCP/IP tab I can see several connections from servers that don't even exists anymore.