Jump to content


jimbocalvo

High CPU - IIS Worker Process

Recommended Posts

Hi guys,

 

I have just started at a new job and one of the first things I've been asked to look at is the very high CPU load on the my company's primary server.

 

The CPU maxes out at 100% (and when not that in the 90's) for most of the day, looking at the process(es) that is consuming the most and w3wp.exe, namely IIS Worker Process is the main culprit. When I look in IIS Manager I can see the WSUSPool as the source.

 

At the moment its causing an issue with clients receving timely Defender updates, my colleague is of the opinion that the high CPU load is the cause of those delays in receiving defender updates.

 

If it were a server I'd built myself or been looking into the issue since it started then I'd probably been able to get a good idea as to what the probable cause was, but I'm now playing catchup and going over things that appear to have already been tried.

 

Setup:

 

Server is a Windows Server 2012 R2 Data Center

18G Ram with 4 Cores

Config Manager 1610

 

Not sure what other information anyone would need to assist but please let me know and I'll get it.

 

So far I have amended the AV as all the directories where being scanned without the standard Config Manager exclusions and I have been looking at Private Memory Limit (under Recycling) for WsusPool in IIS.

 

thanks in advance.

Share this post


Link to post
Share on other sites

Hi,

 

At the moment it has 350 clients, but this will grow

The server is question is the Primary Server and has 14 roles installed, it has MP, SUP and DP installed. We have another server which also acts as a DP.

The client polling policy is is 10 minutes

 

Where would I check how often we were checking for SU?

Share this post


Link to post
Share on other sites

WSUS is set for an auto sync once a day at 05:33 (bizarre time but there we are). But when I look at the sync reports in the WSUS console I can see three sync's a day, the WSUS one at 05:33 and then "Manual" ones happening at 08:00 and 16:00. Are those additional sync's being requested by Config Manager?

 

I have just adjusted the polling schedule to 60 minutes.

Share this post


Link to post
Share on other sites

ok, the changes last night have made no difference :-( CPU is maxed at 100% and w3wp.exe is using 50-65% of it.

 

I was optomistic last night as CPU dropped off and was then spiking every half an hour for a 10 minute period, I've been watching it this morning and its not dropped once. Even when I recycled the application pool it dopped momentarily and then went back to 100%

Share this post


Link to post
Share on other sites

I cant see a great deal of issues in the IIS logs, but what I have seen when I cross check in the application logs are ASP.NET errors, Event ID 1309 with an Event Code of 3001. I see timeouts from workstations when contacting the WSUS site. I have read some material were other people have had issues with their WSUS database either going offline or becoming unstable/corrupt.

 

We are currently mulling over uninstalling and reinstalling WSUS and setting the database to be in the onbox installation of SQL rather than WSUS's own database.

 

Would something like that sound reasonable and also our potential course of action?

Share this post


Link to post
Share on other sites

You absolutely should be using full blow SQL and NOT WID. You also need to make sure that WSUS clean is done. In a lot of case it make more sense to remove the SUP, uninstall WSUS, drop the DB, reboot, install wsus, install SUP. I would also install SQL on the WSUS server.

Share this post


Link to post
Share on other sites

I just thought I'd post back with an update. I ended up running a full clean and reindex of WSUS and that has pretty much resolved the issue.

 

I also instructed our clients to not contact WSUS for Defender updates and rejigged the push from SCCM and added an UNC path for manual (and fallback) DAT retrieval, this reduced the load on WSUS.

 

I ran scripts against the database to see how many obsolete updates were present and it was over 8000. Some updates were (the best word I can use) stuck and I had to manually remove them from the database. The full run in the WSUS console to remove old updates took over 24 hours but purged the updates and when I ran the script against the database it came back as zero.

 

The server is certainly more stable now. I am just preparing a daily clean of WSUS on the server for a scheduled task

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...