High CPU Usage on Win 2k3 terminal server

Hello. I am new to geeks to go but i was hoping maybe you all could help me. I have 4 terminal servers hosted on a HP blade server. The servers are running citrix presentation server, servicing about 9 HP thin clients a piece. Each station/user is running the IBM iSeries software for a tcp/ip connection to our AS/400 system and also using (in a much more limited capacity) ie7 and office '07. Each of the servers runs at cpu utilization from 80 to 100 percent constantly.

Server Specs:
2.6 Ghz AMD Opteron processor
3064 MB memory
10G OS drive
12G Drive for Page File
5G drive for applications
(all drives are SAN drive)

Here is what i have tried:
After downloading Process Explorer i determined that Hardware Interrupts were taking up around 50 percent of the processor usage, and the only other thing really using processor is several instances (one per user) of winlogon. If i right click on the winlogon process in Process Explorer and go to properties, then the threads tab i see that WLNotify.dll is the dll using the processor. If i go into each of the winlogon processes and suspend the WLNotify.dll thread then the CPU usage goes to about 10 to 20 percent and the hardware interrupts go to one to two percent. However when i do this my users start complaining about freeze up so i end up having to re-enable the WLNotify. I am not exactly sure what WLNotify does or the significants of the process but microsoft says not to disable it or the system will become unstable and they seem to be right.

Any help as to what may be causing my problems or a push in the right direction would be much appreciated.

Thanks in Advance

Here is a copy of my Hijack This log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:47 PM, on 6/9/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Documents and Settings\administrator.BBTEL2K3\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\Websense\bin\WebsenseSCM.exe
C:\Program Files\Citrix\system32\cdmsvc.exe
C:\Program Files\Websense\bin\WsCitrixApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
F:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Citrix\system32\icabar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\administrator.BBTEL2K3\Desktop\ProcessExplorer\procexp.exe
C:\WINDOWS\system32\winlogon.exe
F:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\winlogon.exe
F:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
F:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
F:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [IcaBar] "C:\Program Files\Citrix\system32\icabar.exe" /adminonly
O4 - HKLM\..\Run: [Client Access Service] "F:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "F:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "F:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "F:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "F:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1247894534-1209490039-1071541069-1004\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'ctx_cpsvcuser')
O4 - HKUS\S-1-5-21-1247894534-1209490039-1071541069-1005\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Ctx_StreamingSvc')
O4 - HKUS\S-1-5-21-840638069-3426338331-1523665715-1152\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'charlott')
O4 - HKUS\S-1-5-21-840638069-3426338331-1523665715-1154\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'rita')
O4 - HKUS\S-1-5-21-840638069-3426338331-1523665715-1173\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'rebeccam')
O4 - HKUS\S-1-5-21-840638069-3426338331-1523665715-1195\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'crystal')
O4 - HKUS\S-1-5-21-840638069-3426338331-1523665715-1292\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'rhonda')
O4 - HKUS\S-1-5-21-840638069-3426338331-1523665715-3613\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'natasha')
O4 - HKUS\S-1-5-21-840638069-3426338331-1523665715-3683\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'kyt2')
O4 - HKUS\S-1-5-21-840638069-3426338331-1523665715-3725\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'kyles')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.bbtel2k3\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1179246700390
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bbtel.com
O17 - HKLM\Software\..\Telephony: DomainName = bbtel.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AF4DDF6-4510-4732-9C77-ADE50B91B312}: NameServer = 172.19.2.20,172.19.2.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bbtel.com
O23 - Service: Citrix Diagnostic Facility COM Server (CdfSvc) - Citrix Systems, Inc. - C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
O23 - Service: Citrix Client Network (CdmService) - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\cdmsvc.exe
O23 - Service: Citrix Encryption Service - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\encsvc.exe
O23 - Service: Citrix SMA Service - Citrix Systems Inc. - C:\Program Files\Citrix\Sma\SmaService.exe
O23 - Service: Citrix Virtual Memory Optimization - Citrix Systems, Inc. - C:\Program Files\Citrix\Server Resource Management\Memory Optimization Management\Program\CtxSFOSvc.exe
O23 - Service: Citrix Health Monitoring and Recovery (CitrixHealthMon) - Citrix Systems, Inc - C:\Program Files\Citrix\HealthMon\HCAService.exe
O23 - Service: Citrix WMI Service (CitrixWMIService) - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\citrix\WMI\ctxwmisvc.exe
O23 - Service: Citrix XTE Server (CitrixXTEServer) - Citrix Systems, Inc. - C:\Program Files\Citrix\XTE\bin\XTE.exe
O23 - Service: Citrix Print Manager Service (cpsvc) - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\CpSvc.exe
O23 - Service: Citrix CPU Utilization Mgmt/CPU Rebalancer (CTXCPUBal) - Aurema Pty Limited - C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpubal.exe
O23 - Service: Citrix CPU Utilization Mgmt/Resource Mgmt (ctxcpuSched) - Aurema Pty Limited - C:\Program Files\Citrix\Server Resource Management\CPU Utilization Management\bin\ctxcpusched.exe
O23 - Service: Citrix XML Service (CtxHttp) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\ctxxmlss.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Citrix Services Manager (IMAAdvanceSrv) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\Ima\IMAAdvanceSrv.exe
O23 - Service: Citrix Independent Management Architecture (IMAService) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
O23 - Service: Citrix MFCOM Service (MFCom) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\mfcom.exe
O23 - Service: Citrix Streaming Service (RadeSvc) - Citrix Systems, Inc. - C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
O23 - Service: Citrix Resource Manager Mail (ResourceManagerMail) - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\IMA\MailService.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: Websense Citrix Service (WebsenseWsCitrix) - Unknown owner - C:\Program.exe (file missing)

--
End of file - 9807 bytes

#1
nathanr.smith

Posted 09 June 2008 - 12:04 PM

Advertisements

#2
dplunk

Posted 12 September 2008 - 11:34 AM

Similar Topics

1 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us