0

We have a Windows 10 VM with one vCPU and 8 gigs of RAM. It runs an HVAC design software that various users can RDP in and use. We've noticed that sometimes, the CPU will (seemingly randomly) max at 100%. When this happens, it becomes impossible to log in via RDP. The RDP connection times out. Log in attempts from the VMware web console are extremely slow. Once the log in screen is finally passed, a black screen appears with an error stating 'sihost.exe - System error The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application'. Clicking 'OK' dismisses the error message but the VM hangs at the black screen indefinitely. There is no mouse cursor available and the VM does not appear responsive to keyboard input.

I ran a Trend Micro virus scan and also ran the sfc/scannow command, both of which found no issues. When the VM gets in this state, the only way to 'fix' it is to restart it from vCenter. Does anyone have any other ideas or suggestions?

EDIT: I was able to determine that it is 'Service Host: Remote Desktop Services' that is pegging the CPU at 100%. I have no idea why this is happening because it doesn't happen when connecting or disconnecting to the VM via RDP. It seemingly happens out of nowhere.

CacheMoney
  • 25
  • 5
  • 1
    Hi, it seem a error from an installed application, I would check what it's, and call the support of the said application after to help diagnose. – yagmoth555 Nov 13 '20 at 17:24
  • 1
    One vCPU sounds extremely low especially for a machine running this type of software. If it was running a license server I would understand but id recommend increasing the vCPU amount to at least 2 – Gordster Nov 13 '20 at 17:54
  • @Gordster, I thought about that as well but as far as I can tell, the CPU is getting pegged later in the evening or earlier in the morning when no one is using the software. – CacheMoney Nov 13 '20 at 18:38

2 Answers2

1

CPU usage spikes on Windows can often be from updates. Often after an update/reboot, applications that use .NET Framework will run a little slower and use a bit more CPU while the new assemblies are linked to the new framework version. This can often show up as mscorsvw.exe in the process list. Based on the single core configuration of this server, I would recommend adding at least one more to reduce the impact of these updates.

You can also speed up the process and manually invoke the .net optization:

c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe executeQueuedItems 
schTasks /run /Tn "MicrosoftWindows.NET Framework.NET Framework NGEN v4.0.30319"
c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems 
schTasks /run /Tn "MicrosoftWindows.NET Framework.NET Framework NGEN v4.0.30319 64"

One final piece of advice would be to use Windows Server 2016/2019 instead of Windows 10, since updates are non-optional and run automatically on desktop versions.

Source: https://devblogs.microsoft.com/dotnet/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up/

nbailey
  • 161
  • 5
  • Good suggestions, thank you. Even with the single CPU, I would expect CPU spikes due to updates to settle down eventually but that doesn't seem to happen here. Once the CPU is pegged it stays that way indefinitely. I think we considered Server 16/19 but found a reason we needed Windows 10. I will go back and look into that though. EDIT: A point of clarification - it is impossible to access the task manager/process list when the VM gets in this state and presents the black screen. As a result, I have no idea which process(es) is responsible for the high sustained CPU activity. – CacheMoney Nov 13 '20 at 18:42
0

Check your Sysmain process if anything else doesn't ring a bell. Try to disable it and check for perfomance improvements.

Bluekat
  • 136
  • 5