Announcement

Collapse
No announcement yet.

Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

    We have virtual VMware Windows server 2008 SP2 with strange behaviour. When I scroll down events in eventlog viewer CPU usage hits 100% and eventlog viewer freeze. CPU usage is split between 2 processes SVCHOST.EXE (lmhosts, eventlog and Dhcp services) and MMC.EXE.
    1. I tried to replace eventlog files with new ones. That didnít helped
    2. After server clean boot problem still exist.
    3. When CPU hits 100% usage process explorer shows that from SVCHOST.EXE process CPU is used by service EventLog.
    4. Issue is for all users on this server domain and local
    5. Log file size is 16384KB with option "Overwrite events as needed"
    6. VMware tools upgrade and reinstall didn't helped
    7. VM network adapter configured on that VMXNET 3 didn't helped
    8. Change NTFS permission of %WINDIR%\System32\WinEvt\Logs directory didn't helped
    9. CHKDSK on all drives don't show any errors
    Any ideas how to fix it?

  • #2
    Re: Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

    Can you export the log and see if there are a lot of events being written?
    Does it happen if you view it remotely?

    This may help narrow down.
    http://www.networksteve.com/forum/to...=21713&Posts=0
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

      Hi Andy

      There is not much events in eventlog ~9000 records. If I export eventlog and open it on other server everything works fine. If I open eventlog remotely problem appears on server from wich I opened this eventlog - CPU reach 100%. Original server at this moment works fine.

      Comment


      • #4
        Re: Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

        Hi Jazi,

        we have same problem with our 2008 r2 terminal server.

        can you remember how did you solve that problem?

        It makes us sleepless for about a month.

        Comment


        • #5
          Re: Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

          Originally posted by nickbalbo View Post
          Hi Jazi,

          we have same problem with our 2008 r2 terminal server.

          can you remember how did you solve that problem?

          It makes us sleepless for about a month.
          Hi Nickbalbo

          Problem was caused by application which created tremendous amount of registry source entries.

          HKLM\System\CurrentControlSet\Services\EventLog\Ap plication\

          When I deleted ~34 000 registry keys eventlog viewer started to work normally

          Comment


          • #6
            Re: Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

            Check whether there might be corrupted user profile ..if it exist remove it & then perform the same operation

            Comment


            • #7
              Re: Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

              how many CPU's are assigned to the virtual system? if its only one, try to add an extra CPU, i try to set it to 2 minimum so the server cant be impacted too much because of 1 specific task...

              Comment


              • #8
                Re: Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

                Hi cesar1980 and skyline212

                As I replied to nickbalbo problem was with registry keys in

                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\eventlog\Application\

                Problem solved by deleting ~34 000 registry keys

                Comment


                • #9
                  Re: Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

                  Originally posted by jazi View Post
                  Hi cesar1980 and skyline212

                  As I replied to nickbalbo problem was with registry keys in

                  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\eventlog\Application\

                  Problem solved by deleting ~34 000 registry keys
                  Hi Jazi, I have somewhat a similar issue. In my case the windows event is constantly consuming 35-50% CPU.
                  Question.. Did the reg entries get recreated after u deleted them?

                  Comment

                  Working...
                  X