Server unresponsive and conhost.exe high cpu (even in safe mode)

iis-7 windows-server-2008-r2 central-processing-unit
7,598

Solution 1

The problem happened again today. After much disabling and restarting, i narrowed the issue to jungle disk server backup. Not sure what it's doing (it shouldn't be running at that time) but disabling the service appeared to stop the high cpu usage in conhost.exe

Solution 2

We experienced a similar issue except we noticed that both Conhost.exe and CMD.exe were both running and were consuming about 85-100% of the CPU between the two processes. This was on one of our Windows Servers running Windows Server 2008 R2 Datacenter.

There was nothing obvious going on that we could see. We checked Sessions and open files, but still could find nothing. We could see no applications running, and after checking the error logs and resource monitor for suspects, we were drawing a blank.

Somewhere, something was running CMD.EXE and that was paired up with CONHOST.EXE. So after re-thinking the basics, we simply asked ourselves: "What can run CMD.exe and do it in the background so that no one would know it was running or to run it so it could run unattended?" Answer (in our case): Task Sheduler

Our problem was that a scheduled task had been set up to run with a high-level account authority that would run whether the user was logged in or not. The Task Scheduler had actually run a good old Dos based .BAT file, which stalled while it was waiting to process a file that had been moved from the location path that had been defined in the .BAT file. The task was not set to terminate automatically, so it simply tried to run and waited and waited.....the Conhost and CMD executables were actually doing something and trying to do it in a big way. Once the task was terminated, the CPU usage returned to normal withing a few seconds. The file the Task Sheduler's .BAT file was looking for was located and moved back to where it belonged and the Task was modified to self-terminate after a few hours if it did not complete.

Solution 3

That conhost.exe is a system process used to manage console windows, so having it running means something is working in a command prompt; there usually is also a cmd.exe around. That makecab.exe is probably the culprit, as that's a command-line utility for (guess what) creating .CAB files; the fact that it is running, and even more the fact that it is running in the SYSTEM context looks quite wrong to me.

My first guess would be your server caught some virus/malware.

Share:
7,598

Related videos on Youtube

Tom Broad
Author by

Tom Broad

Updated on September 18, 2022

Comments

  • Tom Broad
    Tom Broad over 1 year

    Having a bit of a server problem. As of this morning, one of our servers started becoming unresponsive. I was unable to remote desktop (it times out when "waiting for user profile service") in to check so had to use vnc (it's on a cloud and vnc connects straight through) and found conhost.exe was using a lot of cpu. After closing all console programs and everything non essential, this process was still running and using all the cpu.

    I restarted the machine in safe mode and found that the same symptoms are happening - the server is unresponsive and conhost.exe is using 50% cpu. Below is a screenshot of the current running processes - as you can see, nothing out of the ordinary is running. The only things that have happened to the server was the install of SP1 (which we did just now to try and fix it) and the moving of a site onto it (since moved back as this one clearly has issues!). You can't shut the machine down or kill any processes as it just hangs. I couldn't even run msconfig to disable anything!

    Turns out i can't post images so here is a link to the screenshot

    http://i56.tinypic.com/53tkwn.png

    Any one experienced anything like this before and if so, what did you do to fix it? This server needs to be up and running as it hosts our company crm and I have run out of ideas!

    The server is running Windows 2008r2 x64, IIS7.5 everything is up-to-date

    Any help is greatly appreciated!

    Cheers,

    Tom.

  • Tom Broad
    Tom Broad almost 13 years
    I'm not personally running makecab - I assumed it was windows packing log files based on the command line. Ill try and run a virus scanner on it and see what happens. Cheers for the answer.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Where can I find Web Sharing in Microsoft Windows Server 2008 R2?
Windows Server 2008 R2 + IIS 7.5 + ASP.NET 4.0 = HTTP Error 500.0
VS 2010 Publish using Web Deploy
Diagnosing "The specified module could not be found" on IIS7 with ASP.Net
Access Denied when accessing UNC path from IIS
Exchange 2013 OWA/ECP redirect loop
Error code 0x80070643 when installing IIS7 role services
Can I limit the number of php-cgi.exe that run per website on IIS 7?
How to make Windows 2008 R2 see 4 CPU cores, with two single core processors , Hyperthreading enabled
(VM)Win Server 2008 R2 is only showing one CPU but has 4 allocated