Next time, taking a dump of winlogon at
100% (actually a couple a few seconds apart) would be interesting. With that we
can see what it is chewing on, and perhaps get root cause.
~Eric
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Clark
Sent: Thursday, May 05, 2005 3:48
AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Winlogon
100% CPU and Fast user Switching as a Fix?
Gentlemen,
A random other problem gave me a clue
looking into it further it turns out that offline files was the problem,
reinitialising the offline cache has put the box back onto its feet. For anyone
who needs to do this it can be done with control and shift held down
while clicking the "delete files" on the offlline files tab of
Folder options, it requires a reboot, I have no idea of the cause of the
corruption but this does seem to resolve the problem.
thanks anyhoo.
Gary
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Za Vue
Sent: 04 May 2005 19:10
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Winlogon
100% CPU and Fast user Switching as a Fix?
Dell GX-270’s have a defected
capacitor and is dying all over the world. Replace the system board.
-Z.V.
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Clark
Sent: Wednesday, May 04, 2005
12:46 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Winlogon 100%
CPU and Fast user Switching as a Fix?
Hello
all,
Having spent two days poking this problem I am throwing myself on the groups
mercy. Windows XP SP1 computer joined to domain much like its 300
brothers and sisters decides one day that winlogon.exe should take 50% or
rather 100 % of one of the Dell GX270 hyper threading virtual processors,
constant high cpu utilization makes the fans ramp up and turns a nice box into
a loud evil box.
With winlogon using all the processor the box shows symptoms of having broken
WINS no Netbios name resolution, can not find file shares etc which also
creates event id of 1030 and 1058 as the group policy objects can not be found.
Example
Windows cannot access the file gpt.ini for GPO
CN={****-0**2-4B**-B3F6-7B*****8B878},CN=Policies,CN=System,DC=**,DC=***,DC=**,DC=**.
The file must be present at the location
<\\ad.***.**.**\SysVol\ad.****.**.**\Policies\{*******-***-***-***-****}\gpt.ini>.
(The network path was not found. ). Group Policy processing aborted
While in this confused state the box will also not shutdown clean and has to be
POPO'd
The obvious malware lines of investigation have proved fruitless ad-aware did
find some bits but this has not resolved the problem. The winlogon has been
verified as being in the right location and has not been switched with another
version. The fact that the box is a Dell Gx270 with a Gigabit card also made me
think that MS Article 840669 with the group policy not starting due to the race
condition might have helped but again zip. Virus protection is installed
and maintained and returns no nasties.
The Intel 1000 gigabit card has had its drivers updated and still nadda. I even
disabled the built in card and installed a 3com 10 Mb NIC and that exhibited
the same trouble.
The curious thing and what is driving me absolutely nuts is that if the
Computer is removed from the domain and returned to a workgroup the problem
persists until you change the way users logon and use the welcome with the fast
user switching, it has to be both using the welcome screen and fast user
switching, this puts the box back on its feet. Winlogon behaves and the network
drives can once again be accessed.
We have seen this twice before on separate computers but have not paid it
too much attention. rebuilds of the Computershave fixed the problem,
as this is something which keeps raising its ugly head I think I need to try
and get a good handle on it, the fact that there are so many other unaffected
boxes makes me think that it is a software conflict on the client. What I
don't get is why it can be turned on and off with the fast user switching? If I
did'nt need the box to be in AD I would leave it as is fast user switching
enabled and slip into a dark cave and put this down to gremlins but thats not
an option, and I am very nervous that more boxes could start playing up too...
~cheers
Gary
