none
Windows Update (svchost) is taking up 100% of the CPU

    Question

  • We have several Windows 7 PCs exhibiting this issue. Many users have complained of bad windows 7 performance, the problem seems to arise on many different types of PCs as well.

    We use WSUS to update our PCs.

    In Resource Monitor, if I view the the wait chain, it reads:

    "svchost.exe (netsvcs) is waiting for another process (svchost.exe (LocalServiceAndNoImpersonation))."

    We have had this issue for about a month now, and I have not been able to solve it.

    I have tried the following solutions:

    • Updating windows manually with the latest KBs
    • Re-registered wuaueng.dll
    • Disabled the local anti-virus (Sophos)
    • Removed the softwaredistribution folder in the windows directory

    Any ideas on what is causing this issue?

    Thursday, December 2, 2010 12:54 AM

Answers

  • Alright, I know it's been a while, but I have been talking to Microsoft Support, and the tech has found the issue.

    The issue was occurring because the clients were trying to process a long "supersedence chain".  Our WSUS server had all of the Windows Defender definitions set on install. The older definitions should have been set to declined when a newer one supersedes it.

    Once we declined the older updates, and removed the clients old SoftwareDistribution directory and ran a /detectnow. That fixed the issue.

    So peeps, make sure you decline the older updates! (Still not sure if this is Microsoft's fault or mine)

    Tuesday, March 1, 2011 5:51 AM

All replies

  • Hi,

    please make a xperf trace [1] to diagnostic the high CPU usage. Please upload the etl file to your SkyDrive [2] and post a link here.

    I'll take a look at it, maybe I can see more details.

    André

    [1] http://www.msfn.org/board/index.php?showtopic=140264
    [2] http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/4fc10639-02db-4665-993a-08d865088d65
    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    • Proposed as answer by highflier Friday, October 30, 2015 2:28 PM
    Thursday, December 2, 2010 1:00 PM
  • Thanks Andre,

    I have followed the instructions as best I could, I disabled the Paging Executive, and ran xperf for about 30 odd seconds. (svchost.exe was already maxing out one core when i started the trace).

    I have uploaded the .etl file to my skydrive here: http://cid-cc8b42a1f226d040.office.live.com/self.aspx/.Public/windowsupdate.etl

    Thanks very much Andre, if you need any more information I would be happy to share it. Additionally, if you can show me what tools you used to figure out whats going wrong, I would love that as well. Teach a man to fish!

     

    Friday, December 3, 2010 12:02 AM
  • Hi thomas,

    the trace works. I looked at it and the CPU usage is caused by Windows Update while searching for Updates:

    wuaueng.dll!CUpdatesToPruneList::AddSupersedenceInfoIfNeeded

    this scan also causes that a lot of files are opened and now Superfetch is also working and tries to cache them. Those 2 actions cause the CPU usage.

    This mostly happens when you have several MS programs installed which use MSI/MSP and you use MicrosoftUpdate/WSUS to check them for Updates.

    You should contact the MS support directly about the issue.

    André


    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    • Proposed as answer by Andre.Ziegler Monday, December 6, 2010 2:16 PM
    • Unproposed as answer by Thomas Higgins Tuesday, December 7, 2010 12:45 AM
    Friday, December 3, 2010 1:33 PM
  • Hi,

     

    Thanks for posting in Microsoft TechNet forums.

     

    From your description, it seems you Windows update agent contains corrupt component\conflict version.

     

    At this point, I suggest performing the following steps to troubleshoot first.

     

    Step 1: Install the latest Windows Update Agent

    =======================

    The newly released 'standalone' version of Windows Update Agent for 32 bit machines is available here:

     

    http://support.microsoft.com/kb/946928

     

    Please download\save the file on the Desktop and double click it to install.

     

    Restart the system to check the issue.

     

    The issue may also due to third party programs running in the background while booting. If the above step does not work, let us perform the steps below:

     

    Step 2: Test in Safe Mode

    =============

    1. Restart the computer.

    2. Keep pressing the F8 key until the Windows Startup menu appears.

    3. Choose Safe Mode, and press Enter.

    4. Start the computer in Safe Mode.

     

    Note: In Safe Mode, your system display and Desktop will look and perform differently than in Normal Mode. This is only temporary. To return the system back to Normal Mode, we can simply restart the computer.

     

    Does the issue exist in this mode? If not, let us continue to the next step.

     

    Step 3: Clean Boot

    ==============

    To place the computer in a clean boot state, follow the steps below:

     

    1.     Click Start, type msconfig in the Start Search box, and then press ENTER. If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.

     

    2.     On the General tab, click Selective Startup.

     

    3.     Under Selective Startup, click to clear the Load Startup Items check box.

     

    4.     Click the Services tab, click to select the Hide All Microsoft Services check box, and then click Disable All.

     

    5.     Click OK.

     

    6.     When you are prompted, click Restart.

     

    7.     After the computer starts, check whether the problem is resolved.

     

    Best Regards

    Magon Liu

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Monday, December 6, 2010 6:01 AM
    Moderator
  • Magon,

    Thanks for your suggestions, however, windows update cannot be enabled in safe mode, so I cannot test it there.

    I have disabled all other non-microsoft services and this issue is still happening.

    Where to from here? Call Microsoft support so I can get this issue fixed? (and have them find some loophole where I have to pay for their bug).

    Tuesday, December 7, 2010 12:44 AM
  • Test it in Safe Mode with Networking please.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Tuesday, December 7, 2010 7:21 AM
    Moderator
  • Thats what I did do, Safe mode with Networking.
    Tuesday, December 7, 2010 11:17 AM
  • Call Microsoft support so I can get this issue fixed? (and have them find some loophole where I have to pay for their bug).

    http://support.microsoft.com/gethelp/default.aspx?content=ph;en-us;6527

    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    Tuesday, December 7, 2010 2:15 PM
  • Alright, I know it's been a while, but I have been talking to Microsoft Support, and the tech has found the issue.

    The issue was occurring because the clients were trying to process a long "supersedence chain".  Our WSUS server had all of the Windows Defender definitions set on install. The older definitions should have been set to declined when a newer one supersedes it.

    Once we declined the older updates, and removed the clients old SoftwareDistribution directory and ran a /detectnow. That fixed the issue.

    So peeps, make sure you decline the older updates! (Still not sure if this is Microsoft's fault or mine)

    Tuesday, March 1, 2011 5:51 AM
  • The issue was occurring because the clients were trying to process a long "supersedence chain".  Our WSUS server had all of the Windows Defender definitions set on install. The older definitions should have been set to declined when a newer one supersedes it.

    Once we declined the older updates, and removed the clients old SoftwareDistribution directory and ran a /detectnow. That fixed the issue.

    So peeps, make sure you decline the older updates! (Still not sure if this is Microsoft's fault or mine)

    thanks, for the Update.

    "A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/
    • Proposed as answer by Mark Mathers Sunday, May 19, 2013 6:21 AM
    • Unproposed as answer by Mark Mathers Sunday, May 19, 2013 6:23 AM
    Tuesday, March 1, 2011 1:42 PM