it seems that on many servers (w2k8 and w2k12) in our environment suddenly svchost hosting Dhcp, EventLog, lmhosts, Wcmsvc services started to use 1 CPU core by 100%. Sometimes it is also WmiPrvSe. It all seems to have started on Saturday 7pm (CET) synchronously. I did not see any special event in eventlog by that time. What the heck can it be? Please advice where to look and what to investigate. Servers are mainly virtual and I can see clearly in vSphere CPU graph when the load started.
Asked
Active
Viewed 830 times
0
-
So I have fixed one server for like 5 minutes by stopping all these services and restarting them (actually they restarted by themselves). Now CPU load is normal. It was difficult though because of many dependencies. But after few minutes the CPU load of svchost.exe is back! :( – Vitas Jul 17 '17 at 20:50
-
And now it is OK again... (why can't I edit the comment after 5 minutes? Jeez...) I don't know what was the cause of CPU load and if it does not come back eventually. Anybody knows the proper sequence of commands or has some script to restart these services easily please? – Vitas Jul 17 '17 at 20:58
-
Seems like restarting eventlog service helps... – Vitas Jul 18 '17 at 09:11
-
Mostly restarting eventlog is not enough but clearing Application event log seems to help. Sometimes also System or Security... It has 400MB before clearing. – Vitas Jul 18 '17 at 10:55
-
I'm having a similar problem. Did you ever find a solution to this? – Vincent Apr 16 '18 at 16:48
-
the problem was in an app called Wincollect. It is running on our servers and collects eventlogs and sends them to some DB. When we checked resource monitor we save the CPU load is caused by eventlog service. Devs reverted it to some older version and that seems to have helped – Vitas Apr 20 '18 at 07:44
1 Answers
0
No idea if this will work for you, this is something of a shot in the dark. I had a similar issue once - it was caused by wmiprvse service going nuts, and as I recall we solved it by moving WMIprvse to its own process:
`sc config WMIprvse type= own`
Note space after '='. See Microsoft kb490995. We never got to the root cause.
Jim ReesPotter
- 308
- 2
- 10
-
-
-
Sorry it did not help. Svchost still jumps from 0 to 100 every few seconds. Also I can't find kb490995. Maybe you made a typo in it – Vitas Jul 18 '17 at 09:11
-
Ok sorry try bb not kb sorry. You'll need to restart services too.. Look in task manager, can you work out which process is going wrong? If they are in separate processes (svchost instances) you can at least get some idea of where problem is coming from. – Jim ReesPotter Jul 18 '17 at 14:12