Remove From My Forums

WmiPrvSE.exe CPU consumption

Question

1

Sign in to vote

Hi,

I was wondering if there is some way resolve the issue of WmiPrvSE.exe consuming from 4-6 percent of my CPU constantly? I have a new installation of Windows 2008 Enterprise running on a Quad Core with 4GB ram and the Windows Management Instrumentation will not settle down.

I have another 2008 installation that does not exhibit this behavior. What might be causing this process to consume my CPU? I have tried disabling various services to no avail. Is there a specific service or role that can cause this? Any way to dig in on what's running in the process?

Thanks!

---UPDATE---

I downloaded Process Monitor from Sys Internals and I am seeing that wmiprvse.exe is running a CreateFile process on C:\WIndows\System32\tzres.dll over and over constantly.

Code Snippet

1115321    10:20:34.5323064 PM    wmiprvse.exe    2724    CloseFile    C:\Windows\System32\tzres.dll    SUCCESS
1115324    10:20:34.5324188 PM    wmiprvse.exe    2724    QueryStandardInformationFile    C:\Windows\System32\tzres.dll    SUCCESS    AllocationSize: 4,096, EndOfFile: 2,048, NumberOfLinks: 1, DeletePending: False, Directory: False
1115328    10:20:34.5325959 PM    wmiprvse.exe    2724    CloseFile    C:\Windows\System32\tzres.dll    SUCCESS
1115329    10:20:34.5326125 PM    wmiprvse.exe    2724    CreateFile    C:\Windows\System32\en-US\tzres.dll.mui    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened
1115332    10:20:34.5327013 PM    wmiprvse.exe    2724    QueryStandardInformationFile    C:\Windows\System32\en-US\tzres.dll.mui    SUCCESS    AllocationSize: 20,480, EndOfFile: 18,944, NumberOfLinks: 2, DeletePending: False, Directory: False
1115336    10:20:34.5333601 PM    wmiprvse.exe    2724    QueryOpen    C:\Windows\System32\tzres.dll    FAST IO DISALLOWED
1115337    10:20:34.5336879 PM    wmiprvse.exe    2724    CloseFile    C:\Windows\System32\en-US\tzres.dll.mui    SUCCESS
1115339    10:20:34.5340095 PM    wmiprvse.exe    2724    CreateFile    C:\Windows\System32\tzres.dll    SUCCESS    Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened
1115340    10:20:34.5340912 PM    wmiprvse.exe    2724    QueryBasicInformationFile    C:\Windows\System32\tzres.dll    SUCCESS    CreationTime: 1/18/2008 10:59:11 PM, LastAccessTime: 1/19/2008 2:24:58 AM, LastWriteTime: 11/2/2006 12:05:07 AM, ChangeTime: 3/5/2008 2:29:13 PM, FileAttributes: A
1115341    10:20:34.5341305 PM    wmiprvse.exe    2724    CloseFile    C:\Windows\System32\tzres.dll    SUCCESS
1115343    10:20:34.5341950 PM    wmiprvse.exe    2724    QueryOpen    C:\Windows\System32\tzres.dll    FAST IO DISALLOWED
1115344    10:20:34.5345423 PM    wmiprvse.exe    2724    CreateFile    C:\Windows\System32\tzres.dll    SUCCESS    Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened
1115345    10:20:34.5345949 PM    wmiprvse.exe    2724    QueryBasicInformationFile    C:\Windows\System32\tzres.dll    SUCCESS    CreationTime: 1/18/2008 10:59:11 PM, LastAccessTime: 1/19/2008 2:24:58 AM, LastWriteTime: 11/2/2006 12:05:07 AM, ChangeTime: 3/5/2008 2:29:13 PM, FileAttributes: A
1115346    10:20:34.5346293 PM    wmiprvse.exe    2724    CloseFile    C:\Windows\System32\tzres.dll    SUCCESS
1115348    10:20:34.5346913 PM    wmiprvse.exe    2724    CreateFile    C:\Windows\System32\tzres.dll    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened
1115350    10:20:34.5347922 PM    wmiprvse.exe    2724    QueryStandardInformationFile    C:\Windows\System32\tzres.dll    SUCCESS    AllocationSize: 4,096, EndOfFile: 2,048, NumberOfLinks: 1, DeletePending: False, Directory: False
1115352    10:20:34.5348427 PM    wmiprvse.exe    2724    CreateFile    C:\Windows\System32\tzres.dll    SUCCESS    Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened
1115356    10:20:34.5349242 PM    wmiprvse.exe    2724    QueryStandardInformationFile    C:\Windows\System32\tzres.dll    SUCCESS    AllocationSize: 4,096, EndOfFile: 2,048, NumberOfLinks: 1, DeletePending: False, Directory: False
1115357    10:20:34.5351181 PM    wmiprvse.exe    2724    CloseFile    C:\Windows\System32\tzres.dll    SUCCESS
1115362    10:20:34.5353233 PM    wmiprvse.exe    2724    CloseFile    C:\Windows\System32\tzres.dll    SUCCESS
1115364    10:20:34.5360080 PM    wmiprvse.exe    2724    QueryOpen    C:\Windows\System32\tzres.dll    FAST IO DISALLOWED
1115365    10:20:34.5360208 PM    wmiprvse.exe    2724    CreateFile    C:\Windows\System32\en-US\tzres.dll.mui    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened
1115367    10:20:34.5362581 PM    wmiprvse.exe    2724    QueryStandardInformationFile    C:\Windows\System32\en-US\tzres.dll.mui    SUCCESS    AllocationSize: 20,480, EndOfFile: 18,944, NumberOfLinks: 2, DeletePending: False, Directory: False
1115368    10:20:34.5362947 PM    wmiprvse.exe    2724    CreateFile    C:\Windows\System32\tzres.dll    SUCCESS    Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened
1115371    10:20:34.5363607 PM    wmiprvse.exe    2724    QueryBasicInformationFile    C:\Windows\System32\tzres.dll    SUCCESS    CreationTime: 1/18/2008 10:59:11 PM, LastAccessTime: 1/19/2008 2:24:58 AM, LastWriteTime: 11/2/2006 12:05:07 AM, ChangeTime: 3/5/2008 2:29:13 PM, FileAttributes: A
1115373    10:20:34.5363872 PM    wmiprvse.exe    2724    CloseFile    C:\Windows\System32\tzres.dll    SUCCESS
1115375    10:20:34.5364900 PM    wmiprvse.exe    2724    CloseFile    C:\Windows\System32\en-US\tzres.dll.mui    SUCCESS
1115377    10:20:34.5366723 PM    wmiprvse.exe    2724    CreateFile    C:\Windows\System32\tzres.dll    SUCCESS    Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened
1115320    10:20:34.5322271 PM    wmiprvse.exe    2724    CreateFile    C:\Windows\System32\tzres.dll    SUCCESS    Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened

Saturday, March 15, 2008 5:12 AM

Reply

|

Quote

Answers

0

Sign in to vote

Hi Tomas,

Generally speaking, it is quite normal that the WmiPrvSE process cost 4-6 percent of CPU consumption when a specific software requires its facilities.

The WmiPrvSE.exe is a host process for WMI provider services.WMI provider services were loaded in-process with the WMI Service (a new request to WMI would restart the WMI Service). This is an essential service which will start whenever a specific piece of software requires its facilities.

You may check with the 2 different Windows Server 2008 operation system, and see if they are installed with different roles or features or other third party appliction. You may also disable all the third party application on the server to see if the issue will be reoccur.

Hope it helps.

Wednesday, March 19, 2008 1:27 PM

Reply

|

Quote

All replies

0

Sign in to vote

Hi Tomas,

Generally speaking, it is quite normal that the WmiPrvSE process cost 4-6 percent of CPU consumption when a specific software requires its facilities.

The WmiPrvSE.exe is a host process for WMI provider services.WMI provider services were loaded in-process with the WMI Service (a new request to WMI would restart the WMI Service). This is an essential service which will start whenever a specific piece of software requires its facilities.

You may check with the 2 different Windows Server 2008 operation system, and see if they are installed with different roles or features or other third party appliction. You may also disable all the third party application on the server to see if the issue will be reoccur.

Hope it helps.

Wednesday, March 19, 2008 1:27 PM

Reply

|

Quote

0

Sign in to vote

I just installed my first 2008 Ent server and I am seeing the same thing, except the utilization is consistently between 10-20%. That seems a bit high to me. I do have IIS, Terminal Services and Deployment Services on this box. Any way to throttle this? Just start disabling services until it stops consuming resources?

Wednesday, April 02, 2008 11:00 PM

Reply

|

Quote

0

Sign in to vote

Did you install the Feature: "Windows System Resource Manager"?

When I enabled this feature, the CPU went up on the wmiprvse process. (and stopped when i removed the feature).

Thursday, April 03, 2008 10:13 AM

Reply

|

Quote

0

Sign in to vote

It can also be that WMI Queries are running remotely.
www.infotechguyz.com - Server 2008, Exchange 2007 Tutorials

Wednesday, July 09, 2008 7:16 PM

Reply

|

Quote

0

Sign in to vote
I had the same issue of wmiprvse.exe constantly accessing tzres.dll. Removing/Uninstalling Windows System Resource Manager seems to have done the trick for me.
- Proposed as answer by Bill Phillips Jr Friday, October 03, 2008 6:39 PM
Friday, October 03, 2008 6:38 PM

Reply

|

Quote

0

Sign in to vote

Sorry to bring this thread back from the grave, but this is exactly what I am seeing. wmiprvse.exe seems very very intrested in creating and querying this tzres.dll and tzres.dll.mui files so much so that it consumes about 50% (1 CPU) worth of processing time. It is clearly tied to the "Windows System Resource Manager" and removing this does resolve the issue, but it returns as soon as it is reinstalled. This is just shy of a clean install of Windows Server 2008 so it is hard to imagine what has set this process into such a tizzy, but thought I would see if there were any new developments in a possible resolution.

Mia

Friday, January 16, 2009 11:38 PM

Reply

|

Quote

0

Sign in to vote
We are seeing the same thing on all seven of our Windows Server 2008 Enterprise x64 terminal servers with WSRM installed and active.

Does anyone know what tzres.dll is?
- Proposed as answer by Mulb Monday, March 30, 2009 7:22 PM
Tuesday, February 10, 2009 3:59 PM

Reply

|

Quote

0

Sign in to vote

Okay so tzred.dll is related to Time Zones.

Why would WSRM be trying to create this file over and over again?

Tuesday, February 10, 2009 4:12 PM

Reply

|

Quote

In ProcessExplorer I am seeing two instances of WmiPrvSE.exe.

Looking at the properties of both there seems to be a pretty big difference in the resources each instance has been using:

WmiPrvSE.exe Properties	Instance 1	Instance 2
CPU Priority Kernel Time User Time Total Time Cycles	8 0:00:01.575 0:00:04.758 0:00:06.33 17,296,920,576	8 48:16:30.371 10:42:54.538 58:59:24.910 567,454,961,733,880
Virtual Memory Private Bytes Peak Private Bytes Virtual Size Page Faults Page Fault Delta	23,224 K 24,996 K 96,368 K 15,263 0	20,676 K 24,128 K 94,852 K 694,482,409 2,979
Physical Memory Memory Priority Working Set WS Private WS Shareable WS Shared Peak Working Set	5 28,544 K 21,856 K 6,688 K 6,024 K 30,596	5 26,436 K 18,692 K 7,744 K 6,748 K 29,624 K
I/O I/O Priority Reads Read Delta Read Bytes Delta Writes Write Delta Write Bytes Delta Other Other Delta Other Bytes Delta	Normal 1,137 0 0 1,221 0 0 2,906 0 0	Normal 2,535,055 8 448 B 2,536,069 8 752 B 6,240,561,542 26,644 23.1 KB
Handles Handles GDI Handles USER Handles	153 0 0	269 0 0

The second instance has used more CPU time than *any* other process - surely that cannot be right?

PS: The server has only been up for ~130hrs.

Edited by Luke Maslany Tuesday, February 10, 2009 5:10 PM Added uptime

Tuesday, February 10, 2009 5:03 PM

0

Sign in to vote
Also seeing the same thing on a newly installed VM of 2008 x64 Std with RC of SP2. Only thing that has been done to the install is added Terminal Services role and WSRM. If I turn off the Windows Resource Manager service WmiPrvse process stops spiking the CPU.
- Proposed as answer by kev4570 Monday, April 21, 2014 7:43 PM
Wednesday, March 11, 2009 9:41 PM

Reply

|

Quote

0

Sign in to vote

So what is solution anyway? I'm using Windows Server 2008 on my VM and getting the same problem!

Friday, March 27, 2009 12:22 PM

Reply

|

Quote

0

Sign in to vote

I have the same problem with WmiPrvSE.exe and tzres.dll/tzres.dll.mui. WmiPrvSE.exe suddenly starts consuming about 50% of the processing time.
I'm running an Intel DualCore, 2 GB RAM, Vista Ultimate SP2 RC and i think i have no WSRM installed ...
Thanx!

Monday, March 30, 2009 7:33 PM

Reply

|

Quote

0

Sign in to vote

I'm having the wmiprvse cpu consumption issue as well, except mine goes to 100%. Specifically, it is continuouly performing a QueryStandardInformationFile operation against C:\Windows\System32\Spool\Drivers\w32x86\3\hplt8m2.dat, which is a file for an HP Designjet 800. It alternates on occasion by doing the same operation against hplt5m4.dat, which belongs to an HP Designjet 500.

"Process Name","PID","Operation","Path","Result","Detail","Sequence","TID","Category","Time of Day"

"wmiprvse.exe","2652","Process Profiling","","SUCCESS","User Time: 24369.8125000, Kernel Time: 304590.4687500, Private Bytes: 9,588,736, Working Set: 13,250,560","n/a","1832","","5:05:04.2801934 PM"

"wmiprvse.exe","2652","QueryStandardInformationFile","C:\WINDOWS\system32\spool\drivers\w32x86\3\hplt8m2.dat","SUCCESS","AllocationSize: 172,032, EndOfFile: 170,042, NumberOfLinks: 1, DeletePending: False, Directory: False","n/a","1400","Read Metadata","5:05:04.2854198 PM"

"wmiprvse.exe","2652","QueryStandardInformationFile","C:\WINDOWS\system32\spool\drivers\w32x86\3\hplt8m2.dat","SUCCESS","AllocationSize: 172,032, EndOfFile: 170,042, NumberOfLinks: 1, DeletePending: False, Directory: False","n/a","1520","Read Metadata","5:05:04.2864111 PM"

"wmiprvse.exe","2652","QueryStandardInformationFile","C:\WINDOWS\system32\spool\drivers\w32x86\3\hplt8m2.dat","SUCCESS","AllocationSize: 172,032, EndOfFile: 170,042, NumberOfLinks: 1, DeletePending: False, Directory: False","n/a","1400","Read Metadata","5:05:04.2865925 PM"

"wmiprvse.exe","2652","QueryStandardInformationFile","C:\WINDOWS\system32\spool\drivers\w32x86\3\hplt8m2.dat","SUCCESS","AllocationSize: 172,032, EndOfFile: 170,042, NumberOfLinks: 1, DeletePending: False, Directory: False","n/a","1400","Read Metadata","5:05:04.2871798 PM"

Monday, April 13, 2009 5:45 PM

Reply

|

Quote

0

Sign in to vote

I have a related problem with a memory leak eminating from services.exe at the same time wmiprvse.exe is the top page faulter. We do have a lot of stuff running that uses the WMI services.

This system is a 64 bit Windows 2003 R2 SP2 Domain Controller. It has 8 GB memory, and with nothing much going on the page file will grow in a matter of a few days to over 8 GB in size. Just before the last interventional reboot, the page file was 8.68 GB, with services.exe using 7 GB of memory.

Friday, June 12, 2009 8:02 PM

Reply

|

Quote

0

Sign in to vote

Not sure if this is valid for your case but mine was caused by lingering HyperV extensions. I had a Windows Server 2008 SP2 virtual machine and it had HyperV Windows Services running even though the extensions had been uninstalled. I disabled about 3 HyperV services and my machine was back to normal.

Patrick
Patrick Parker

Tuesday, July 14, 2009 10:44 PM

Reply

|

Quote

0

Sign in to vote

Is there any kind of a workaround for the WMIPrvSE issue (WSRM caused) that does not require removing WSRM?

I'm guessing this affects 100% of Server 2008 WSRM users, it's just a matter of whether or not the sysadmins have noticed it. I'm trying to propose Server 2008 RemoteApp TS to a couple of clients and I can't be giving away this much CPU.
James

Wednesday, July 15, 2009 2:51 PM

Reply

|

Quote

0

Sign in to vote

Same problem here (WSRM).

Any solution yet that desn't involve unistalling WSRM?

Thx

Filippo

Tuesday, September 15, 2009 10:13 PM

Reply

|

Quote

1

Sign in to vote

Hi,

I just searched for WSRM and WmiPsrvSE.exe and found this KBase entry:
http://support.microsoft.com/kb/970067/en-us

I have installed the hotfix on two different 2008 termnal servers, and so far the CPU usage is gone.

Frank

Friday, September 18, 2009 4:55 PM

Reply

|

Quote

0

Sign in to vote

@FHofmann77

hi,

did you make any configuration changes after you installed the patch or did it run just as installed? We were also experiencing such problems mit a w2008 terminal server, at the moment the feature is uninstalled.

thanks in advance

marco

Tuesday, June 08, 2010 10:41 AM

Reply

|

Quote

0

Sign in to vote

The network seems to be running mine. What's it Doing?

Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

Sunday, November 20, 2011 6:04 AM

Reply

|

Quote

0

Sign in to vote

same here only mine was running at 40-50%..

uninstalled CPU meter and Network meter gadgets from sidebar, and it went to 0% immediately.

Monday, February 06, 2012 4:13 PM

Reply

|

Quote

2

Sign in to vote

Hello All,

WMIPRVSE.EXE is a WMI Provider Host kind of like svchost.exe, meaning that its essentially a shell. There are lots of different types of WMI providers and what they do is left up to the developer. Some may provide information about a custom application or assist in reporting information about a piece of hardware.

If you are interested in understanding why wmiprvse.exe may be consuming resources such as cpu on your system, you first need to find out what providers are running inside of that instance of wmiprvse.exe.

Assuming you know which PID is consuming lots of cpu, start by getting a list of PID's running wmiprvse.exe by running this a command prompt:

tasklist /fi "imagename eq wmiprvse.exe"

This should show a table similar to this:

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
WmiPrvSE.exe 1716 Services 0 7,240 K

Next we need to list all of our WMI providers and see which PID they are hosted in.

C:\Windows\System32>wmic path msft_providers get hostinggroup,hostprocessidentifier,namespace,provider,user /format:list

Note the HostProcessIdentifier as it is the PID of an instance of wmiprvse.exe

HostingGroup=DefaultNetworkServiceHost
HostProcessIdentifier=1716
Namespace=root\CIMV2
provider=CIMWin32 <-- Name of the provider. There are providers for different types of software such as Exchange, MS SQL. etc etc
User=

Here we can see that Process 1716 is hosting the CIMWin32 Provider. Its reponsible for providing access to all of the Win32 classes such as Win32_ComputerSystem or Win32_QuickFixEngineering. Sometimes you are going to see that mulitple providers are being hosted under the same instance of wmiprvse.exe. When this happens you will need to narrow your scope even further by using Process Exporer and examining the stack to see which DLL(Provider) is responsible for the high cpu.

Hope this helps you track down you wmiprvse.exe high cpu issues!

Michael. [MSFT]

Wednesday, February 08, 2012 2:58 AM

Reply

|

Quote

0

Sign in to vote
I'll say this: any resort to WMI will be 1.) slow 2.) ineffecient Cpu wise and 3.) highy consumptive of memory. I wouldn't advise using it.

Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
- Proposed as answer by Bob_Mer Wednesday, April 22, 2015 3:30 PM
Wednesday, February 08, 2012 4:23 AM

Reply

|

Quote

2

Sign in to vote

That's a pretty broad brush to paint "WMI" with. Its "speed" or "cpu" or "memory" usuage is up to the developer writing the provider.

In most management scenarios it makes sense to use WMI instead of trying to reinvent the wheel.
Michael. [MSFT]

Wednesday, February 08, 2012 11:41 PM

Reply

|

Quote

0

Sign in to vote

C:\Windows\System32>wmic path msft_providers get hostinggroup,hostprocessidentifier,namespace,provider,user /format:list
Note the HostProcessIdentifier as it is the PID of an instance of wmiprvse.exe

HostingGroup=DefaultNetworkServiceHost
HostProcessIdentifier=1716
Namespace=root\CIMV2
provider=CIMWin32 <-- Name of the provider. There are providers for different types of software such as Exchange, MS SQL. etc etc
User=

Here we can see that Process 1716 is hosting the CIMWin32 Provider. Its reponsible for providing access to all of the Win32 classes such as Win32_ComputerSystem or Win32_QuickFixEngineering. Sometimes you are going to see that mulitple providers are being hosted under the same instance of wmiprvse.exe. When this happens you will need to narrow your scope even further by using Process Exporer and examining the stack to see which DLL(Provider) is responsible for the high cpu.

Hope this helps you track down you wmiprvse.exe high cpu issues!

Michael. [MSFT]

If I run "wmic path msft_providers" with any of the 'get' parameters I receive the following error:

"ERROR:
Code = 0x80041009
Description = Not available
Facility = WMI"

I've tried this from several machines with same error result.

Wednesday, March 07, 2012 3:36 PM

Reply

|

Quote

0

Sign in to vote
Hi Michael,

I followed your steps and I got this:

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
WmiPrvSE.exe                  2404                            0     36,184 K

HostingGroup=DefaultNetworkServiceHost
HostProcessIdentifier=2404
Namespace=root\CIMV2
provider=CIMWin32
User=

HostingGroup=DefaultNetworkServiceHost
HostProcessIdentifier=2404
Namespace=root\CIMV2
provider=Win32_WIN32_TERMINALSERVICE_Prov
User=

I looked for WmiPrvSE.exe  in Process Exporer according to its PID, but what's exactly what do I need to search for? didn't quite understand this part: "you will need to narrow your scope even further by using Process Exporer and examining the stack to see which DLL(Provider) is responsible for the high cpu"

Thanks
- Proposed as answer by fivesterlings Saturday, May 19, 2012 9:58 AM
- Unproposed as answer by fivesterlings Saturday, May 19, 2012 9:58 AM
Friday, May 04, 2012 2:02 PM

Reply

|

Quote

2

Sign in to vote
WmiPrvSe.exe has been using up to 50% of my cpu (Lenovo laptop vista SP2) for about a month. I have fixed it after a lot of work by tracking it down, using ProcMon (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx), to a hyperactive registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}

Some application was clearly frantically trying to get info from my <acronym style="font-family:'Times New Roman';line-height:normal;text-align:left;font-size:medium;" title="Network Interface Card">Network interface card extremely frequently.</acronym>

<acronym style="font-family:'Times New Roman';line-height:normal;text-align:left;font-size:medium;" title="Network Interface Card"></acronym>

<acronym style="font-family:'Times New Roman';line-height:normal;text-align:left;font-size:medium;" title="Network Interface Card">In my office I connect to an ethernet LAN and at home to a WiFi modem. The solution, found by some thought, was to prioritise my network connections to put the connection being used at the top of the list. </acronym>

<acronym style="font-family:'Times New Roman';line-height:normal;text-align:left;font-size:medium;" title="Network Interface Card">To do this without entering the registry see, for example, </acronym>http://www.hosteng.com/FAQFiles/EZ%20Ethernet.htm.

viz:

  If you have WinXP:
               (1) Start --> Control Panel.
               (2) Double-click on the "Network Connections" icon.
               (3) On the menu at the top, select Advanced --> Advanced Settings...
               (4) On the "Adapters and Bindings" tab, in the top window, select the connection you are using.
               (5) Use the green arrows at the right to move this connection to the top of the list.
               (6) Press <OK> and close Network Connections window.
               (7) You may have to reboot your PC.
          If you have WinVista:
               (1) Start --> Control Panel.
               (2) Double-click on the "Network & Sharing Center" icon.
               (3) At the left of this window, click on "Manage network connections"
               (4) Press the <ALT> key to make a menu appear at the top of this window.
               (5) On the menu at the top, select Advanced --> Advanced Settings...
               (6) On the "Adapters and Bindings" tab, in the top window, select the connection you are using.
               (7) Use the green arrows at the right to move this connection to the top of the list.
               (8) Press <OK> and close Network Connections window.
               (9) You may have to reboot your PC.

Simple! Hope this saves others lots of frustration.
- Proposed as answer by PokerBrat Tuesday, October 02, 2012 5:54 PM
Saturday, May 19, 2012 10:35 AM

Reply

|

Quote

0

Sign in to vote

Do you understand why this is astupid answer? It doesnot take cpu speeds into account.

Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

Saturday, May 19, 2012 5:58 PM

Reply

|

Quote

0

Sign in to vote
Which is reason I dont fool with management software.

Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
- Proposed as answer by fivesterlings Tuesday, May 22, 2012 2:06 PM
- Unproposed as answer by fivesterlings Tuesday, May 22, 2012 2:06 PM
Saturday, May 19, 2012 6:03 PM

Reply

|

Quote

0

Sign in to vote

Dear Renee

My problem is fixed, would you kindly explain what you mean about taking cpu speeds into account? with thanks.

Tuesday, May 22, 2012 2:13 PM

Reply

|

Quote

0

Sign in to vote

I don't think so.I'm a developer and I wouldn't dream of using WMI unless a customer requested a slow and piggish solution.

Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

Tuesday, May 22, 2012 11:21 PM

Reply

|

Quote

0

Sign in to vote

Different CPU's have different execution speeds and different number of cores. For exanple, this isa Sandy Bridge Extreme and righr now it the faster processor on the planet.

That will change and Sandy Bridge in a relative sense will be slower as new technologies evolve,

Renee
"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

Tuesday, May 22, 2012 11:26 PM

Reply

|

Quote

0

Sign in to vote

OK Renee, I'm quite willing to learn from an expert. Are you saying that there is a better way to manage my Vista O/S LAN and WiFi network connections which by-passes Windows Management Instrumentation? Could you tell me how to find out how, I guess that means programming the relevant registry keys manually and disabling the management software?

Fivesterlings

Wednesday, May 23, 2012 3:11 PM

Reply

|

Quote

0

Sign in to vote

If you're on Vista you are in luck! Lan is acessacble in ways that it isn't in Win7 or WAN I should say.

I have some remaing WAN code.

Renee

"MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

Thursday, May 24, 2012 4:31 AM

Reply

|

Quote

0

Sign in to vote

Not quite in luck since am about to upgrade to Win 7. However, have found and installed Novell client SP2 which also seems to do the trick. Don't know why this does not come up on the forums as an answer to the WmiPrvSe.exe high CPU problem. Thanks for your interest.

Thursday, May 24, 2012 9:09 AM

Reply

|

Quote

0

Sign in to vote

I was seeing three instances of WmiPrvSE.exe. In the busiest one, about 25% CPU, Process Monitor showed acess to tzres.dll a lot. When I right clicked on it, selected Properties, then the Process tab, I saw an entry for guard32.dll from COMODO. I'm not currently running COMODO, I thought, but tracing that down led to Comodo System Services, which I'd installed while looking for a cure for a search results hijacking virus. I uninstalled the Comodo System Services and the third, busy, instance of WmiPrvSE.exe disappeared. Now I have just one instance running, at 11 or 12%. Hopefully that will help cool down my rather warm laptop.

I hope this might help someone else! The Sysinternals Process Monitor and Process Explorer are very handy tools.

Thursday, September 06, 2012 11:29 PM

Reply

|

Quote

0

Sign in to vote

Hello, i have similar problem on hp proliant server running windows 2008 (32bit) with 4cores cpu, the WmiPrvSE.exe process is shortly after boot consuming 25% of CPU (i.e. 100% of one core) for ever and for example Disk Management does not work anymore.

C:\>tasklist /fi "imagename eq wmiprvse.exe"

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
WmiPrvSE.exe                  3964 Services                   0     26,536 K
WmiPrvSE.exe                  6576 Services                   0      6,056 K

C:\>wmic path msft_providers get hostinggroup,hostprocessidentifier,namespace,provider,user /format:list
^C (command just hangs)

7532 thread stack (the one with one cpu core full usage):

!std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::_Put+0x12

!LPoly+0x21c

!_dllonexit+0x9f
!CollectPerformanceData+0x228c1
!CollectPerformanceData+0x22852
!CollectPerformanceData+0x234f6
!CollectPerformanceData+0x231b3
!CollectPerformanceData+0x232ba
!NLG_Return
!CollectPerformanceData+0x20b4f
!CollectPerformanceData+0x27040e
!initterm+0x13
!CollectPerformanceData+0x20abe3
!CollectPerformanceData+0x20adab
!CollectPerformanceData+0x20ae78
ntdll.dll!RtlQueryInformationActivationContext+0x1b7
ntdll.dll!RtlEncodeSystemPointer+0x56d
ntdll.dll!LdrLoadDll+0x35b
ntdll.dll!LdrLoadDll+0x11f
!LoadLibraryExW+0x24c
!ElfRegisterEventSourceW+0x3c42
!ElfRegisterEventSourceW+0x3aff
!WmiQuerySingleInstanceW+0xc2d
!WmiQuerySingleInstanceW+0xae6
!RegQueryValueExW+0x97
!PdhGetCounterInfoA+0x2f84
!PdhLookupPerfNameByIndexW+0x1c9d
!PdhEnumMachinesA+0x196
!PdhEnumObjectsHW+0x124
!PdhEnumObjectsW+0x101
!DllCanUnloadNow+0x2b1
!DllCanUnloadNow+0x1432
!RpcServerUnregisterIf+0x1004
!NdrStubCall2+0x27f
!CStdStubBuffer_Invoke+0xa0
!CWbemInstance::GetPropQualifier+0x61
!WdtpInterfacePointer_UserUnmarshal+0x1e09
!WdtpInterfacePointer_UserUnmarshal+0x1f9d
!CoRevokeClassObject+0xb145
!CoRevokeClassObject+0xb056
!WdtpInterfacePointer_UserUnmarshal+0x6de
!WdtpInterfacePointer_UserUnmarshal+0x1cdf
!WdtpInterfacePointer_UserUnmarshal+0x6ee
!RpcServerUnregisterIf+0x1236
!RpcServerUnregisterIf+0x10e4
!I_RpcGetBufferWithObject+0x34d
!I_RpcGetBufferWithObject+0x2cf
!RpcServerUnregisterIf+0x14d7
!RpcServerUnregisterIf+0x13e5
!RpcServerUnregisterIf+0xc35
!I_RpcSend+0x7fe
!NdrTypeFlags+0x82b
!NdrTypeFlags+0x3d4
!NdrTypeFlags+0x39b
!NdrTypeFlags+0x41e
!BaseThreadInitThunk+0x12
ntdll.dll!RtlInitializeExceptionChain+0x63
ntdll.dll!RtlInitializeExceptionChain+0x36

!LPoly+0x1b4
!std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::do_put+0x59
!std::num_put<char,std::ostreambuf_iterator<char,std::char_traits<char> > >::do_put+0x43

ntdll.dll!RtlFreeHeap+0x23f

ntdll.dll!RtlAllocateHeap+0x95

!std::basic_streambuf<char,std::char_traits<char> >::sputc+0x33
!StrStrW+0x8cbf8

ntdll.dll!RtlEnterCriticalSection
!LPoly+0x1708

---------------------------
Process Explorer
---------------------------
The module cannot be located
---------------------------
OK
---------------------------

i'm not able to identify any DLL which can be connected with this strange issue

any advice please?

Wednesday, September 12, 2012 3:06 PM

Reply

|

Quote

0

Sign in to vote

"

  (1) Start --> Control Panel.
               (2) Double-click on the "Network & Sharing Center" icon.
               (3) At the left of this window, click on "Manage network connections"
               (4) Press the <ALT> key to make a menu appear at the top of this window.
               (5) On the menu at the top, select Advanced --> Advanced Settings...
               (6) On the "Adapters and Bindings" tab, in the top window, select the connection you are using.
               (7) Use the green arrows at the right to move this connection to the top of the list.
               (8) Press <OK> and close Network Connections window.
               (9) You may have to reboot your PC.

Simple! Hope this saves others lots of frustration."

This fixed it for me on Server 2008. In my case an unused adapter was at the top of the binding's list. I moved the working adapter to the top and killed the Wmiprvse.exe and it didn't come back. If the binding order was wrong, the process would return instantly to a 25% usage state.

Thank you for this.
Joe H

Tuesday, October 02, 2012 5:56 PM

Reply

|

Quote

4

Sign in to vote
Setting the correct order to the binding of the network cards helped but there is still a fair amount of chatter. If you 'Restart' (not Stop then Start) the service "Windows Management Instrumentation" in the Services panel then the 'WmiPrvSE.exe' activity drops almost to zero. All of the dependent services will automatically get restarted if you use the 'Restart' option.
- Proposed as answer by simrick Saturday, June 29, 2013 2:48 PM
Wednesday, January 16, 2013 2:11 AM

Reply

|

Quote

0

Sign in to vote
Setting the correct order to the binding of the network cards helped but there is still a fair amount of chatter. If you 'Restart' (not Stop then Start) the service "Windows Management Instrumentation" in the Services panel then the 'WmiPrvSE.exe' activity drops almost to zero. All of the dependent services will automatically get restarted if you use the 'Restart' option.

@DG3

Thank you very much for this tip!! I have a W8Pro MediaCtr with a single core AMD Athlon 64 3500+ (Orleans) processor. WmiPrvSE.exe was taking up 50% of the CPU constantly! This is a desktop, and setting the binding order of network adapters didn't apply to me, as I only have the ethernet adapter, and the VPN adapter (no wireless). I noticed hyper activity with the Time Zone DLL in Process Monitor (tzres.dll). Restarting Windows Management Instrumentation did the trick, and it's now running at 0% of the CPU, if at all.
- Edited by simrick Saturday, June 29, 2013 2:53 PM added time zone filename
Saturday, June 29, 2013 2:47 PM

Reply

|

Quote

0

Sign in to vote

It looks like I was able to resolve it on a Server 2008 R2 Sp1 server by running the command winmgmt.exe /resetrepository

If I restarted the WMI service in services.msc It would drop obviously, but would rapidly climb back up to High percentages. Once I ran that command to reset the repository, CPU slowly came down to a cool 1 - 2 % mostly 0%

I searched so long for an answer, and at least for now this is a solution. I have been only monitoring it for a few hours after I flushed the repository but It seems to be holding. I am installing SP2 tonight but Have my fingers crossed.

Deselo

Thursday, July 25, 2013 7:09 PM

Reply

|

Quote

0

Sign in to vote

Running the command "winmgmt.exe /resetrepository" solves the problem, however it only reappears on the next login...

I disabled from automatic startup all services that depended on "Windows Management Instrumentation", but no change...

Sunday, August 04, 2013 2:41 AM

Reply

|

Quote

0

Sign in to vote

for me i used the command and got an error message also saying access is denied. I already tried to get access through properties but was unsuccessful. How did you get access to it???

I have a

TOSHIBA Satellite C855D with windows 8

Tuesday, August 13, 2013 1:32 AM

Reply

|

Quote

Hey there,

I have a suspicion that when WMI starts, it's out of sync with other security items installed on Windows like anti-virus, firewalls, etc. What I noticed was, at least in my case, it ran early in the startup process, and didn't detect the presence of my McAfee utilities (anti-virus, firewall, etc.). So, WMI tried to fire up those services... and kept trying to, even after McAfee started up.

I noticed that only after I restarted WMI, suddenly in my Win Action Center (Security section), it detected McAfee was running those services for me (not the default Windows services), and POOF, no CPU usage problem.

So, I created a scheduled task definition that simply auto-restarts WMI and its underlying services a few seconds after login. It has to be delayed a bit, because WMI has to actually start up with the "wrong" settings first.

Here is the definition of the task (you'll need to substitute your user name where it's specified).

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
  <RegistrationInfo>
    <Date>2013-12-12T14:04:02.5955723</Date>
    <Author>Angelo B.</Author>
    <Description>Improves CPU usage by WMI</Description>
  </RegistrationInfo>
  <Triggers>
    <LogonTrigger>
      <Enabled>true</Enabled>
      <Delay>PT22S</Delay>
    </LogonTrigger>
  </Triggers>
  <Principals>
    <Principal id="Author">
      <UserId>*ENTER_YOUR_WINDOWS_USER_ACCOUNT_HERE*</UserId>
      <LogonType>InteractiveToken</LogonType>
      <RunLevel>HighestAvailable</RunLevel>
    </Principal>
  </Principals>
  <Settings>
    <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
    <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
    <AllowHardTerminate>true</AllowHardTerminate>
    <StartWhenAvailable>true</StartWhenAvailable>
    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
    <IdleSettings>
      <StopOnIdleEnd>true</StopOnIdleEnd>
      <RestartOnIdle>false</RestartOnIdle>
    </IdleSettings>
    <AllowStartOnDemand>true</AllowStartOnDemand>
    <Enabled>true</Enabled>
    <Hidden>true</Hidden>
    <RunOnlyIfIdle>false</RunOnlyIfIdle>
    <DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
    <UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine>
    <WakeToRun>false</WakeToRun>
    <ExecutionTimeLimit>P3D</ExecutionTimeLimit>
    <Priority>7</Priority>
  </Settings>
  <Actions Context="Author">
    <Exec>
      <Command>net</Command>
      <Arguments>stop "IP Helper"</Arguments>
    </Exec>
    <Exec>
      <Command>net</Command>
      <Arguments>stop "Security Center"</Arguments>
    </Exec>
    <Exec>
      <Command>net</Command>
      <Arguments>stop "Intel(R) Rapid Storage Technology"</Arguments>
    </Exec>
    <Exec>
      <Command>net</Command>
      <Arguments>stop Winmgmt</Arguments>
    </Exec>
    <Exec>
      <Command>net</Command>
      <Arguments>start Winmgmt</Arguments>
    </Exec>
    <Exec>
      <Command>net</Command>
      <Arguments>start "Security Center"</Arguments>
    </Exec>
    <Exec>
      <Command>net</Command>
      <Arguments>start "IP Helper"</Arguments>
    </Exec>
    <Exec>
      <Command>net</Command>
      <Arguments>start "Intel(R) Rapid Storage Technology"</Arguments>
    </Exec>
  </Actions>
</Task>

This now works reliably every time I restart or log in.

Friday, December 13, 2013 3:58 AM

0

Sign in to vote

This works!!! Restarted the WMI service and its resolved. Been struggling with this for months. Will try a system restart and see if it comes back then maybe look to disable startup programs with system configuration. Skinny win 8.1 laptop now idling <10% where it should be not permanent 20-40 on wmi :)

Saturday, February 15, 2014 1:04 PM

Reply

|

Quote

0

Sign in to vote

Restarted machine and WMI started up again, restarted service and it stopped. Seems something at startup is not exciting gracefully...

Saturday, February 15, 2014 1:17 PM

Reply

|

Quote

0

Sign in to vote

Thanks Kristoffer!

Thursday, February 27, 2014 2:22 PM

Reply

|

Quote

0

Sign in to vote
Thank You, Michael S [MSFT]. Your post lead me down a twisted path to find this hotfix which alleviated my WmiPrvSE.exe high CPU utilization issue on Windows 2008 R2.

MS Article ID: KB2617858
Unexpectedly slow startup or logon process in Windows Server 2008 R2 or in Windows 7

http://support.microsoft.com/kb/2617858/en-us

What lead me to the solution was seeing many threads with Start Address ntdll.dll!rtlValidateHeap+0x170 consuming most of the CPU in Process Explorer for WmiPrvSE.exe.
- Edited by Vinh Q Nguyen Monday, May 19, 2014 5:54 PM
Monday, May 19, 2014 4:26 PM

Reply

|

Quote

0

Sign in to vote

winmgmt.exe /resetrepository worked like a charm. Thanks! :D

MrMeireles

Wednesday, November 26, 2014 3:25 AM

Reply

|

Quote

0

Sign in to vote

Hey there,

I have a suspicion that when WMI starts, it's out of sync with other security items installed on Windows like anti-virus, firewalls, etc. What I noticed was, at least in my case, it ran early in the startup process, and didn't detect the presence of my McAfee utilities (anti-virus, firewall, etc.). So, WMI tried to fire up those services... and kept trying to, even after McAfee started up.

Yes, in my case Avast was the cause. Uninstalling it solved the problem. win 8.1

Saturday, January 10, 2015 10:13 AM

Reply

|

Quote

0

Sign in to vote
Same issue here

stopping WMI and running winmgmt.exe /resetrepository

seemes to solve it

Thanks!!
- Proposed as answer by Bob_Mer Wednesday, April 22, 2015 3:30 PM
Tuesday, April 21, 2015 6:13 PM

Reply

|

Quote

0

Sign in to vote

I had several Windows Server 2008 R2 terminal servers having this issue, the problem went away after I uninstalled the Ask tool bar.

Wednesday, April 22, 2015 3:32 PM

Reply

|

Quote

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

WmiPrvSE.exe CPU consumption

Question

Answers

All replies