SYSTEM (ntoskrnl.exe) high CPU usage - All Windows Server versions

Arnaud Rigole 141 Reputation points

Hi everyone,

We can't understand a behavior that we got since yesterday on every file server of our infrastructure: The "SYSTEM" process (ntoskrnl.exe) is using all CPU available, conducting to completly overload the server and slow down to hell its services... Same problem on WS2012R2 & 2016.

On 2012R2, we got 3 KB installed recently (05/09) : KB5004233, KB5004298, KB5004285. On 2016, the last CU installed was the KB5005043 on late august. Nothing more since that.


  • I tried to use ProcessHacker tool to see what could cause that, but i can't see nothing intersting / relevant :
    • I tried to follow the detailed informations of this thread:

Same thing, can't find any relevant using the Windows Performance Analyzer...


Have you any advices ?
Thanks in advance...


Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,431 questions
Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,570 questions
{count} votes

8 answers

Sort by: Most helpful
  1. Limitless Technology 39,511 Reputation points


    Thank you for your question.

    As you mentioned its file server it could be due to accessing of shared files in network by clients.

    I would suggest to check the usage during off hours if it comes down.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments No comments

  2. Arnaud Rigole 141 Reputation points

    Hey @Limitless Technology

    Thanks for the response.
    I spent the last 2 evenings, off production, from 8pm to 11pm, to try to debug... no users connected, no smb share accessed, no RDS session opened.
    Still have the same CPU usage !


    0 comments No comments

  3. Thiago Secco 1 Reputation point

    Were you able to find the solution for this?

    We have a FS that has the same symptoms since earlier today. Through ProcessExplorer I can see 212 threads with this address: nstoskml.exe!oGetIoPriorityHint+0x1d8
    one thing I can't figure out is that on TCP/IP tab I can see several connections from servers that don't even exists anymore.