I found myself in a situation recently where a Windows Server 2012 R2 instance suddenly began suffering from high CPU utilisation. Briefly watching process CPU usage in Task Manager showed the Windows Management Instrumentation (WMI) service to be the culprit.
I ended up down a rabbit hole and will include some of the debugging steps I followed and results found.
Verified WMI works correctly locally using wbemtest
Verified WMI can connect remotely with wbemtest using a monitoring service account
Ran winmgmt /verifyrepository to verify WMI repository is not corrupt
Verified C:\Windows\System32\wbem\Repository\objects.data file is not excessively large
Ran queries with wbemtest. All queries to Win32_PerfRawData, Win32_PerfFormattedData and Win32_Perf failed but other queries ran successfully.
Verified no Windows Updates with WMI fixes were available.
Reviewed Event Viewer and could see ~1400 events within a 5 hour period similar to those described in this Microsoft kb https://support.microsoft.com/en-us/help/3124914/wmi-activity-event-5858-logged-frequently-with-resultcode-0x80041032
Re-registered all DLLs and recompiled .mofs in wbem folder.
Re-registered WMI Service and provider.
At this point all roads were leading to WMI database corruption that was being missed by winmgmt but I didn’t want to force a rebuild without hard evidence. Finally, I opened perfmon.msc and was greeted with the following-
Unable to add these counters:
\Memory\Available MBytes
\Memory\% Committed Bytes In Use
\Memory\Cache Faults/sec
\Memory\Cache Faults/sec
\PhysicalDisk(*)\%Idle Time
\PhysicalDisk(*)\Avg. Disk Queue Length
\Network Interface(*)\Bytes Total/sec
Bingo.
One short command to rebuild performance counters-
lodctr /r
This can be verified with-
lodctr /q
Hi Jonny, lodctr commands worked like a charm. Thanks very much for the good work.
Glad it helped!
worked for me too :thumbsup