Tag Archives: “High CPU Usage”

Microsoft Exchange Server 2010 Service Pack 2 – Update Rollup 2

Microsoft have released Update Rollup 2 for Exchange Server 2010 Service Pack 2 which resolves many issues that have been reported since the initial release of Exchange 2010 Service Pack 2

Summary of Fixes:

http://support.microsoft.com/kb/2519806 – A meeting request that is sent by an external user or by using a non-Microsoft email system is stamped as Busy instead of Tentative in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2556766 – Slow performance when you create many contacts by using Exchange Web Services in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2592398 – Email messages in the Sent Items folder have the same PR_INTERNET_MESSAGE_ID property in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2601301 – Customized contact objects revert to the default form after a public folder database replication in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2630808 – A user can log on to a mailbox by using Outlook for Mac 2011 unexpectedly in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2632201 – MAPI_E_INVALID_PARAMETER errors occur when a MAPI application receives notifications in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2635223 – A hidden user is still displayed in the Organization information of Address Book in OWA in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2636387 – Event ID 3022 is logged and you cannot replicate a public folder from one Exchange Server 2010 server to another

http://support.microsoft.com/kb/2636883 – Returned message items can disappear from the search results view when you use Outlook in online mode in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2641249 – Error message when you use the “Folder.Bind” method in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2641753 – An email message from an Exchange Server 2003 user is forwarded incorrectly to an external recipient of an Exchange Server 2010 user mailbox

http://support.microsoft.com/kb/2644144 – A read receipt is not sent when a receiver does not expand a conversation to preview the message by using OWA in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2644920 – The Get-FederatedDomainProof cmdlet fails in an Exchange Server 2010 SP1 environment

http://support.microsoft.com/kb/2645587 – An external email message is not delivered to mail-enabled public folders and you do not receive NDR messages in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2649499 – Updates for a meeting request are sent to all attendees directly in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2649679 – Text in tables is displayed incorrectly in the Conversation view in Outlook Web App in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2652730 – You encounter failures when you run the Test-EcpConnectivity cmdlet to test Exchange Control Panel connectivity in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2657103 – CPU resources are used up when you use the Set-MailboxMessageConfiguration cmdlet in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2660178 – “More than one mailbox has the same e-mail address” error message when you try to manage a mailbox in a tenant organization in an Exchange Server 2010 SP1 Hosting mode environment

http://support.microsoft.com/kb/2661277 – An ActiveSync user cannot access a mailbox in an Exchange Server 2010 forest

http://support.microsoft.com/kb/2661294 – An email address policy does not generate the email addresses of recipients correctly in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2663581 – OK button is not displayed when you change your password in Outlook Web App by using Firefox in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2664365 – Certain MailboxStatistics properties are not updated when a user uses a POP3 or IMAP4 client to access a mailbox in an Exchange 2010 environment

http://support.microsoft.com/kb/2664761 – DPM protection agent service may stop responding on Exchange Server 2010 servers that are protected by System Center DPM 2010

http://support.microsoft.com/kb/2665806 – Error message when you open an RTF email message that has inline attachments in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2673087 – Error message when you try to copy the Inbox folder to another folder in Outlook in online mode in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2677847 – The Microsoft Exchange File Distribution service consumes large amounts of memory in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2678361 – The user-agent information about an Exchange ActiveSync device is not updated in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2678414 – The display name of a contact in address book is empty in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2681464 – An EWS application crashes when it calls the GetStreamingEvents operation in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2685996 – Error message when a user who does not have a mailbox tries to move or delete an item that is in a shared mailbox by using Outlook Web App Premium

http://support.microsoft.com/kb/2688667 – W3wp.exe consumes excessive CPU resources on Exchange Server 2010 Client Access servers when users open recurring calendar items in mailboxes by using Outlook Web App or EWS

http://support.microsoft.com/kb/2693078 – EdgeTransport.exe process crashes in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2694280 – Whatif switch does not work in the Set-MoveRequest or Resume-MoveRequest cmdlet in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2694289 – Resource mailbox does not forward meeting request to delegates after one of the delegates’ mailbox is disabled in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2694414 – The update tracking information option does not work in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2694473 – File name of a saved attachment is incorrect when you use OWA in Firefox 8 in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2694474 – Incorrect delivery report when you send an email message to a recipient who has configured an external forwarding address in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2696857 – EdgeTransport.exe process crashes without sending an NDR message when you send a message to a distribution group in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2696905 – Day of the week is not localized in MailTips in Outlook Web App in an Exchange Server 2010 environment

http://support.microsoft.com/kb/2696913 – You cannot log on to Outlook Web App when a proxy is set up in an Exchange Server 2010 environment

Crypt32.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

Crypt32.dll – Pre Service Pack 2 Revision History for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Small Business Server 2011 (SBS 2011)

12-Apr-2014 – 6.1.7601.22653 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2927193 – Can’t back up the system state on a computer that’s running Windows 7 or Windows Server 2008 R2

02-Apr-2014 – 6.1.7601.22645 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2831238 – CRL processing causes high CPU usage, heavy network traffic, and service outage on a Windows Server 2008 R2-based or Windows 7-based computer

05-Oct-2013 – 6.1.7601.18277 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2927193 – Can’t back up the system state on a computer that’s running Windows 7 or Windows Server 2008 R2

09-Jul-2013 – 6.1.7601.22380 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2862966 – An update is available that improves management of weak certificate cryptographic algorithms in Windows

09-Jul-2013 – 6.1.7601.18205 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2862966 – An update is available that improves management of weak certificate cryptographic algorithms in Windows

28-Jun-2013 – 6.1.7601.22370 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2861375 – “Operation failed with error 0x0000000a” error message when you try to install a shared printer in Windows 7 SP1 or Windows Server 2008 R2 SP1

10-May-2013 – 6.1.7601.22321 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2839217 – Long delay before all services are ready after you install an application on a computer that is running Windows 7 or Windows Server 2008 R2

10-May-2013 – 6.1.7601.22321 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2808679 – Update that protects from internal URL port scanning is available for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012

10-May-2013 – 6.1.7601.18150 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2808679 – Update that protects from internal URL port scanning is available for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012

26-Apr-2013 – 6.1.7601.22311 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2813430 – An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows

26-Apr-2013 – 6.1.7601.18142 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2813430 – An update is available that enables administrators to update trusted and disallowed CTLs in disconnected environments in Windows

01-Apr-2013 – 6.1.7601.22289 – Crypt32.dll – x64 – http://support.microsoft.com/kb/2831238 – CRL processing causes high CPU usage, heavy network traffic, and service outage on a Windows Server 2008 R2-based computer

02-Mar-2013 – 6.1.7601.22272 – Crypt32.dll – x64 – http://support.microsoft.com/kb/2807849 – You cannot back up the system state on a computer that is running Windows Server 2008 R2 or Windows Server 2012

29-Jan-2013 – 6.1.7601.22236 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2797120 – Name constraint validation fails when a URN is specified in a subject alternative name in Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012

28-Jan-2013 – 6.1.7601.22235 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2807971 – Internet Explorer takes a long time to open an HTTPS webpage in Windows 7 SP1 or Windows Server 2008 R2 SP1

03-Mar-2012 – 6.1.7601.21935 – Crypt32.dll – x64 – http://support.microsoft.com/kb/2680097 – Iscsilog.dll is not included in the system state backup files on a Windows Server 2008 R2 SP1-based computer

14-Sep-2011 – 6.1.7601.21818 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2615174 – “0x80092013, CRYPT_E_REVOCATION_OFFLINEA” error message when you try to verify a certificate that has multiple chains in Windows Server 2008 R2 or in Windows 7

24-Feb-2011 – 6.1.7601.21667 – Crypt32.dll – x86/x64 – http://support.microsoft.com/kb/2507119 – Outlook crashes when you try to open a compressed email message that is created by a third-party Outlook add-in in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in the GAV (gateway anti-virus) scand process causes lag and typing delay in Remote Desktop Sessions (RDP) and SIP or VoIP latency issues

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in scand process causes lag and typing delay in Remote Desktop Sessions (RDP).  You may find that remote users report a lag with Remote Desktop Sessions, freezing sessions, black screen and random disconnections.  At around the same time users report these issues you may find that the CPU usage of the scand process on your Watchguard has increased to 100% and the majority of the activity is attributed to the scand process.  You may be able to recreate this issue by browsing websites that utilise lots of Adobe Flash or Media Content as GAV will need to scan all these elements of the web page.  Login to the Watchguard System Manager and then open Firebox System Manager click on Status Report and scroll down the report until you find the Process List (Screenshot Below).  This information will automatically update every 30 seconds so you can see the %CPU column will change and update every 30 seconds.  The top value system shows the overall CPU utilisation and if you look further down you can see which sub processes are actually occupying the CPU time and making up the overall system usage.  In the screenshot below we can see that system is showing 100 % CPU Usage and then further down we can see that the scand process is accounting for 90.99% of this.  When the CPU Usage reaches 100% on the Watchguard unit it may stop forwarding other traffic and this accounts for the lag and jitter we see within the Remote Desktop Session.  Other time sensitive traffic such as VoIP or SIP traffic may also be affected by this issue as the packets are delayed whilst the Firewall recovers from the resource exhaustion.  Users may also report that web pages are slow to load at the time these issues occur where the GAV process is still dealing with the other requests.

Resolution/Workaround:

You can try disabling the GAV (gateway antivirus) for the HTTP and FTP Proxy to ensure that this is the actual cause of your issues, if the problem subsides then you may need to consider updating the XTM OS to the latest release i.e. 11.5.2 and/or adjusting the GAV policy so that it does not scan some content i.e. Images/Text within websites.  You may also need to consider opening a support case with Watchguard to make them aware of this issue, if you have a large number of users then you may even need to consider upgrading your XTM appliance to a larger unit i.e. XTM 23 to XTM 505 or XTM 22 to XTM330 to provide additional processing power (CPU) and system resources to cope with the additional anti-virus scanning requirements.

Watchguard XTM High CPU Usage scand
Watchguard XTM High CPU Usage scand