Diagnostic Policy Service - high CPU

Question

_{Saturday, April 7, 2018 5:53 PM | 2 votes}

** Diagnostic Policy Service - high CPU**

 HP laptop problem

In the last few days, this laptop started having poor performance, with Task manager showing Diagnostic Policy Service taking up to 30% or more of CPU.

HP Spectre x360 - 13-4197dx (ENERGY STAR)

 

 

In the last few days it started having poor performance, with Task manager showing Diagnostic Policy Service taking up to 30% or more of CPU.

         

Did upgrade of BIOS, no improvement.

Downloaded all current windows upgrades – no fix.

I created a new (admin) user, same problem.

I ran all of the diagnostics in the HP Support Assistant, all passed – no effect.

I ran "sfc /scannow." and "Dism /Online /Cleanup-Image /RestoreHealth" – no effect.

There is an online thread on this in the HP forums, which does not seem to show any fix.

      https://h40434.www3.hp.com/t5/Notebook-Operating-System-and-Recovery/Continually-high-CPU-usage-due-to-service-host-diagnostic/td-p/6209980

 The HP support is abysmal – it took several minutes for him to echo back “so this is your computer system?”, and then the only suggestion was a factory reset.

Guthrie

All replies (22)

_{Sunday, April 8, 2018 8:58 PM ✅Answered | 3 votes}

"I could not stop the service": you should be able to kill the svchost process hosting the service via task manager

"A bad page link (error -338) has been detected in a B-Tree (ObjectId: 31, PgnoRoot: 7633) of database C:\WINDOWS\system32\SRU\SRUDB.dat"
so as I expected, a problem with the file, deleting it should help.

---

_{Saturday, April 7, 2018 7:11 PM}

you could take a performance trace at the time this happens, and upload it, as describe in this wiki.

---

_{Saturday, April 7, 2018 8:29 PM}

Here:  https://login.filesanywhere.com/fs/v.aspx?v=8b726b87606372b2729f

Guthrie

---

_{Saturday, April 7, 2018 10:04 PM}

did you not read what I linked?
Be sure to upload the file that ends in "ETL" not the smaller folders that end in PDB!!!

---

_{Sunday, April 8, 2018 12:20 AM}

Oops, sorry I saw the folder with the *etl.. name, and uploaded it.

Now I see the other file (with the extension not shown..., but is the .etl file), here:

You can also copy this link to your web browser: https://login.filesanywhere.com/FS/v.aspx?v=8b726b8760667177af6e

Guthrie

---

_{Sunday, April 8, 2018 9:18 AM | 2 votes}

seems it is constantly updating its database.
perhaps you can see errors in event log from source ESENT?

You can:
stop the "Diagnostic Policy Service"
delete the file "C:\Windows\System32\sru\SRUDB.dat" (on my system, the size of this file is 32MB)
restart the service.

---

_{Sunday, April 8, 2018 6:20 PM}

the file "C:\Windows\System32\sru\SRUDB.dat"

is about 61MB on my system, but doesn’t show any updates in the last ~22 hours.

 I could not seem to stop the service, the stop request timed out, and it’s status is now just “stopping”. Because of that, I could not delete the SRUDB.dat file.

 Not sure where/how to find all of the ESENT events, but under administrative events, tons of these, looks like one about every minute or so, from various sources { General, …}, but almost all from “Database corruption”.

 Here is one:

Log Name:      Application

Source:        ESENT

Date:          3/29/2018 6:25:00 AM

Event ID:      447

Task Category: Database Corruption

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      grglap

Description:

svchost (4204,D,21) SRUJet: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 31, PgnoRoot: 7633) of database C:\WINDOWS\system32\SRU\SRUDB.dat (2400 => 12609, 31).

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="ESENT" />

    <EventID Qualifiers="0">447</EventID>

    <Level>2</Level>

    <Task>12</Task>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2018-03-29T11:25:00.023206500Z" />

    <EventRecordID>47780</EventRecordID>

   <Channel>Application</Channel>

    <Computer>grglap</Computer>

    <Security />

  </System>

  <EventData>

    <Data>svchost</Data>

    <Data>4204,D,21</Data>

    <Data>SRUJet: </Data>

    <Data>-338</Data>

    <Data>31</Data>

   <Data>7633</Data>

    <Data>C:\WINDOWS\system32\SRU\SRUDB.dat</Data>

    <Data>2400</Data>

    <Data>12609</Data>

    <Data>31</Data>

  </EventData>

</Event>

 But here is one from General:

 Log Name:      Application

Source:        ESENT

Date:          4/4/2018 4:34:49 PM

Event ID:      522

Task Category: General

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      grglap

Description:

ShellExperienceHost (1940,P,0) TILEREPOSITORYS-1-5-21-2554618691-1091664963-2105190305-1006: An attempt to open the device with name "\.\C:" containing "C:\ failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="ESENT" />

    <EventID Qualifiers="0">522</EventID>

    <Level>2</Level>

    <Task>1</Task>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2018-04-04T21:34:49.006341300Z" />

    <EventRecordID>50404</EventRecordID>

    <Channel>Application</Channel>

    <Computer>grglap</Computer>

    <Security />

  </System>

  <EventData>

    <Data>ShellExperienceHost</Data>

    <Data>1940,P,0</Data>

    <Data>TILEREPOSITORYS-1-5-21-2554618691-1091664963-2105190305-1006: </Data>

    <Data>\.\C:</Data>

    <Data>C:\/Data>

    <Data>-1032 (0xfffffbf8)</Data>

    <Data>5 (0x00000005)</Data>

    <Data>Access is denied. </Data>

  </EventData>

</Event>

Guthrie

---

_{Sunday, April 8, 2018 10:21 PM}

Thanks for the info & response.

Trying to stop the process fails. I found the Services host for it in Task Manager, and trying to kill that process - it gives a warning, but going ahead, it seems to just keep running (or immediately restarts?).

---

_{Monday, April 9, 2018 5:06 AM}

Then you could try to set the service to disabled before killing the process.

---

_{Tuesday, April 10, 2018 4:29 PM}

I booted to recovery options, and advanced, command prompt - and could delete it from there. Seems to have fixed it - will monitor things for today.

Many thanks, good job!

Guthrie

---

_{Friday, May 4, 2018 10:43 PM}

i can end this process but I cannot delete SRUDB.dat. also after ending in task manager disk use goes down but cpu use goes up

---

_{Friday, May 4, 2018 11:01 PM}

Open the HP website > support > software and drivers > enter the computer's product or serial number > select the operating system > view drivers > post a URL or hyperlink into the thread

To evaluate the computer environment please post logs for troubleshooting.

Using administrative command prompt copy and paste this whole command:

Make sure the default language is English so that the logs can be scanned and read.

https://www.tenforums.com/tutorials/3813-language-add-remove-change-windows-10-a.html

The command will automatically collect the computer files and place them on the desktop.

Then use one drive or drop box to place share links into the thread for troubleshooting.

https://support.office.com/en-us/article/Share-OneDrive-files-and-folders-9fcc2f7d-de0c-4cec-93b0-a82024800c07

This command will automatically collect these files:  msinfo32, mini dumps, drivers, hosts, install, uninstall, services, startup, event viewer files, etc.

Open administrative command prompt and copy and paste the whole command:

copy %SystemRoot%\minidump\.dmp "%USERPROFILE%\Desktop\&dxdiag /t %Temp%\dxdiag.txt&copy %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"&reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"&reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"

There is 1 file for you to find manually:   In the left lower corner search type:  dxdiag > When the DirectX Diagnostic Tool opens click on the next page button so that each tab is opened > click on save all information > save to desktop > post one drive or drop box share link into the thread

.

.

.

Please remember to mark the replies as answers if they help.

.

.

.

---

_{Thursday, May 24, 2018 7:33 PM}

Your SRUDB.dat is only 65 MB? 

I am experiencing the same problem with diagnostic policy service running constantly at about 35% of the CPU and the sru folder...

I looked at the Windows\System32\sru folder and found that there are now over 27000 files (SRU...log files) and rapidly growing; it's now at SRU00444042.log. 

The SRUDB.dat file is now 25 Gigabytes in size (and also growing). Yes, I really did mean GIGABYTES! :(

I'm going to follow the rest of these steps and hopefully this will be successful. 

Thanks to everyone who documented this issue and to those who helped with suggestions.

---

_{Thursday, May 24, 2018 7:51 PM}

I am experiencing the same problem with diagnostic policy service running constantly at about 35% of the CPU and the sru folder...

I looked at the Windows\System32\sru folder and found that there are now over 27000 files (SRU...log files) and rapidly growing; it's now at SRU00444042.log. 

The SRUDB.dat file is now 25 Gigabytes in size (and also growing). Yes, I really did mean GIGABYTES! :(

I'm going to follow the rest of these steps and hopefully this will be successful. 

Thanks to everyone who documented this issue and to those who helped with suggestions.

Hardware: Asus motherboard (so, this is not exclusively an HP related problem)
OS: Windows 10 Pro

---

_{Friday, June 15, 2018 1:10 PM}

I had the same issue on my MS Surface 3. It happened twice.

The first time was a couple of months ago. The only apps on that device is O365 and MS Store apps, so I ended up resetting it. That worked, but was a "let it run all night" affair. 

It occurred again last night, which coincidentally was right after the latest Windows update was installed. This time, based on this thread, I selected and deleted 11,000+ SRU log files in the SRU directory. That was a 5 to 10 minute affair. CPU usage and performance returned to normal. I did not touch the .dat file, but it had reduced in size.

Does anyone have an idea what causes the Diagnostic Policy to fail?

Jim

---

_{Monday, June 25, 2018 10:52 AM | 10 votes}

Hello, i finally found the solution for the problem! The dps service constantly creates log files in folder "C:\Windows\system32\sru" every second. This leads to high disk usage and the folder becomes very large, multiple Gigabytes of data. Force stopping the service and then deleting this folder fixes the problem. The folder is not created anymore when you start the service. You must stop the service before deleting the folder.

I made a batch file which stoppes the service and prompts the user to delete the folder. Then the service is startet again. Just create a text file and insert following code. Then save as .bat file. You need to start the bat as admin though.

@echo off
echo ... Set DPS service start type to manual ...
echo.
sc config DPS start= demand

echo.
echo ... Find PID of DPS service ...

for /f "tokens=2 delims=[:]" %%f in ('sc queryex dps ^|find /i "PID"') do set PID=%%f

echo.
echo ... Kill DPS service
echo.

taskkill /f /pid %PID%


echo.
echo ... Delete sru Folder ...
echo.

rd /s "%windir%\system32\sru"

echo.
echo ... Set DPS service start type to auto ...
echo.
sc config DPS start= auto

echo.
echo ... Start DPS service ...

sc start DPS
echo.

pause

---

_{Tuesday, August 21, 2018 10:36 AM}

In my case SRUDB.dat was 25GB and the folder contained more than 8000 64KB log files.

---

_{Tuesday, August 21, 2018 2:13 PM}

Is your system also from HP?

Maybe one of the log files contains info on what is the problem.

---

_{Sunday, November 11, 2018 5:35 PM}

Hi Guthrie,

I had the same exact problem. As a precaution, I always

create a restore points when I'm Installing something on

my Win 10 Desktop. So when I looked at my restore points,

I Noticed the problem happened just before I installed the

latest version of a Java update. So what I did was simply

was  to go Java website and manually reinstalled Java from

there. I did not remove Java I just reinstalled over it.

Hope This helps

Drew.

---

_{Wednesday, January 2, 2019 5:33 PM}

Hey, I just wanted to post a quick reply here...just stumbled onto the DPS service being the problem for my slow work laptop today, and after a quick bing search was led to this page.

I could have fixed this manually, but this batch file saved me time and will allow me to keep it handy for other PCs that may be experiencing the same issue. Thanks for posting this -- it solved the issue quickly and easily in my case!

Mike Gresley

---

_{Sunday, January 20, 2019 3:05 PM | 2 votes}

Can confirm by force-closing the process running the service for diagnostic policy service, then deleting SRUDB.dat (which was 19.5G in size in my case) has fixed the problem.  This service now runs again but with significantly lower CPU usage (near on idle) so this has fixed the issue in my case.

---

_{Friday, December 13, 2019 2:17 AM}

I have an old gateway and was doing the same thing - consuming around 50% of cpu, sru directory was 7 GB. stopped the task and deleted sru and it has so far stopped. Do we know why yet ?   Thank-you