none
many wsmprovhost.exe processes

    Question

  • On some of our Windows Server 2012 (not R2) servers, we are finding that wsmprovhost.exe processes are getting launched and never terminating. We would like to to determine why they are being launched and/or why they are not terminating, because unless I go in and manually terminate them, these servers will eventually run out of memory.

    Here is what I have observed:

    • The full command line is: c:\Windows\system32\wsmprovhost.exe -Embedding
    • A new process is launched every hour.
    • The start time is the same minute and second after the hour for every process on the same server. Each server has a different start time, but all servers are within about a minute of each other. For example, on one server, every process started at 6 minutes and 43 seconds after the hour; on another server the start time is 7 minutes and 7 seconds after each hour.
    • This seems to affect only servers running IIS.
    • The parent process is: c:\Windows\system32\svchost.exe -k DcomLaunch

    Can anyone help troubleshoot why this is happening?

    Thanks,
    Cam

    Thursday, December 01, 2016 12:13 AM

Answers

  • Problem not solved but we found the cause. Turns out that the culprit was PRTG, which is software we have that remotely monitors the vitals of the servers on our network (CPU, disk space, memory, etc.). When we stop the service, the wsmprovhost.exe processes no longer appear on the servers. We are working with their support department to troubleshoot this.

    • Marked as answer by C_A_M Tuesday, December 06, 2016 12:13 AM
    Tuesday, December 06, 2016 12:13 AM
  • Hi,

    wsmprovhost.exe is a Windows Remote Powershell session,when you enter a remote session ,you create on the server a process called wsmprovhost.exe.When you simply start a process in this remote session,the  new process will be a child of wsmprovhost.exe.

    According your description,may be some process are running some scripts and those remote powershell sessions are not getting closed.Please check the child process of wsmprovhost.exe,try to find out what happened there,or check with user if they are working on powershell sessions.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by C_A_M Tuesday, December 06, 2016 12:13 AM
    Thursday, December 01, 2016 2:19 AM
    Moderator

All replies

  • Hi,

    wsmprovhost.exe is a Windows Remote Powershell session,when you enter a remote session ,you create on the server a process called wsmprovhost.exe.When you simply start a process in this remote session,the  new process will be a child of wsmprovhost.exe.

    According your description,may be some process are running some scripts and those remote powershell sessions are not getting closed.Please check the child process of wsmprovhost.exe,try to find out what happened there,or check with user if they are working on powershell sessions.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by C_A_M Tuesday, December 06, 2016 12:13 AM
    Thursday, December 01, 2016 2:19 AM
    Moderator
  • A remote PowerShell session. That could be a possibility. We are not explicitly running any PowerShell scripts, but we might be running a 3rd party tool somewhere that is doing this. The problem is now determining which tool and on which remote machine. On the servers where the wsmprovhost.exe is appearing, Task Manager shows that it is running as a specific domain user, so that might help to narrow it down. If you know of a way to determine more information about why the wsmprovhost.exe process started (i.e. from what remote computer, from what application), that would be very helpful.

    Cam

    Friday, December 02, 2016 4:16 PM
  • Problem not solved but we found the cause. Turns out that the culprit was PRTG, which is software we have that remotely monitors the vitals of the servers on our network (CPU, disk space, memory, etc.). When we stop the service, the wsmprovhost.exe processes no longer appear on the servers. We are working with their support department to troubleshoot this.

    • Marked as answer by C_A_M Tuesday, December 06, 2016 12:13 AM
    Tuesday, December 06, 2016 12:13 AM
  • Hi,

    Thank you for sharing to us.


    Best Regards,
    Cartman
    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 06, 2016 3:52 AM
    Moderator
  • I am having a similar issue with multiple Windows 2012 server VMs in our network, did you ever get a solution from prtg?
    Wednesday, May 16, 2018 2:25 PM