Windows Server 2012 R2 Standard VM with RDS role setup - 100% CPU Usage

%3CLINGO-SUB%20id%3D%22lingo-sub-1452378%22%20slang%3D%22en-US%22%3EWindows%20Server%202012%20R2%20Standard%20VM%20with%20RDS%20role%20setup%20-%20100%25%20CPU%20Usage%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1452378%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20Microsoft%20based%20VM%20with%20Server%202012%20R2%20standard%20OS%20and%20RDS%20role%20setup.%20Recently%20CPU%20usage%20has%20started%20to%20increase%20to%20100%25%20regardless%20of%20number%20of%20users%20logged%20in.%20Concurrent%20number%20of%20users%20are%205-10%20but%20CPU%20usage%20is%20100%25%20majority%20of%20times%20even%20single%20user%20is%20logged%20in.%20Not%20single%20service%20is%20taking%20CPU%20usage%2C%20if%20i%20close%20the%20process%20or%20service%20taking%20CPU%20usage%20then%20another%20process%20or%20service%20will%20start%20taking%20CPU%20usage.%3C%2FP%3E%3CP%3EThings%20i%20have%20tried%3A%3C%2FP%3E%3CP%3EAV%20scan%20SentinelOne%20(no%20infections%20found)%3C%2FP%3E%3CP%3EMalicious%20software%20removal%20tool%20quick%20scan%20(no%20infections%20fou)%3C%2FP%3E%3CP%3ERan%20scan%20with%20malwarebytes%20(no%20infections%20found)%3C%2FP%3E%3CP%3EInstalled%20windows%20updates%3C%2FP%3E%3CP%3ESFC%20scan%3C%2FP%3E%3CP%3ESafemode%20with%20network%20(CPU%20usage%20drops%20to%2010-20%25%20and%20then%20after%20few%20minutes%20CPU%20usage%20jumps%20to%2050-60%25%2C%20still%20high)%3C%2FP%3E%3CP%3EDisable%20network%20on%20VM%20(CPU%20usage%20drops%20to%2020-30%25%20and%20then%20jumps%20to%2050-60%25).%3C%2FP%3E%3CP%3ETried%20below%20but%20still%20the%20same%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-au%2Fhelp%2F2878605%2F100-percent-cpu-usage-occurs-when-the-enablelinkedconnections-value-is%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-au%2Fhelp%2F2878605%2F100-percent-cpu-usage-occurs-when-the-enablelinkedconnections-value-is%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20suggestion%20please%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3EHasnat%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1452378%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1586935%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20Server%202012%20R2%20Standard%20VM%20with%20RDS%20role%20setup%20-%20100%25%20CPU%20Usage%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1586935%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F694558%22%20target%3D%22_blank%22%3E%40Hasnat795%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20working%20with%20a%20similar%20environment%20where%20there%20is%20a%20high%20CPU%20usage.%20Have%20you%20tried%20to%20remove%20SentinelOne%20from%20the%20terminal%20server%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

I have a Microsoft based VM with Server 2012 R2 standard OS and RDS role setup. Recently CPU usage has started to increase to 100% regardless of number of users logged in. Concurrent number of users are 5-10 but CPU usage is 100% majority of times even single user is logged in. Not single service is taking CPU usage, if i close the process or service taking CPU usage then another process or service will start taking CPU usage.

Things i have tried:

AV scan SentinelOne (no infections found)

Malicious software removal tool quick scan (no infections fou)

Ran scan with malwarebytes (no infections found)

Installed windows updates

SFC scan

Safemode with network (CPU usage drops to 10-20% and then after few minutes CPU usage jumps to 50-60%, still high)

Disable network on VM (CPU usage drops to 20-30% and then jumps to 50-60%).

Tried below but still the same:

https://support.microsoft.com/en-au/help/2878605/100-percent-cpu-usage-occurs-when-the-enablelinkedc...

 

Any suggestion please

Thanks

Hasnat

1 Reply
Highlighted

Hello @Hasnat795 

 

I am working with a similar environment where there is a high CPU usage. Have you tried to remove SentinelOne from the terminal server?