Ping a Specific Port

Question

makerofthings7

Asked: 2013-03-05 06:29:44 +0800 CST2013-03-05 06:29:44 +0800 CST 2013-03-05 06:29:44 +0800 CST

How can I troubleshoot high Kernel time?

772

I have unusually high Kernel time on my CPUs as shown in task manager.

What are some ways I can troubleshoot this?

enter image description here

4 Answers

Voted

Ryan Ries · Answer 1 · 2013-03-05T06:41:53+08:00

Ryan Ries

2013-03-05T06:41:53+08:002013-03-05T06:41:53+08:00

The definitive tool for finding out exactly what is using kernel time is kernrate.exe. It comes with the Windows SDK/WDK Visual Studio, etc.

Also Xperf can do the same kernel polling/tracing as well... and is probably a lot easier to use. Kernrate was kind of a beast.

13

Greg Askew · Answer 2 · 2013-03-05T09:21:21+08:00

Greg Askew

2013-03-05T09:21:21+08:002013-03-05T09:21:21+08:00

This is probably easier than you think. If you have consistent, high system usage, Process Explorer provides a Threads tab that you can use for the System process (process id: 4). The offending module and function should be displayed.

enter image description here

If you need a formal tool for collecting the empirical data to analyze the issue, you may use the Windows Performance Recorder/Windows Performance Analyzer, part of the Windows Performance Toolkit.

https://blogs.technet.com/b/yongrhee/archive/2012/11/23/installing-the-windows-performance-toolkit-v5-0-wprui-wpr-xperf.aspx

https://blogs.technet.com/b/yongrhee/archive/2012/11/23/wpr-xperf-capture-high-cpu-disk-i-o-file-registry-networking-private-bytes-virtual-bytes-paged-pool-nonpaged-pool-and-or-application-slowness.aspx

11

makerofthings7 · Answer 3 · 2013-03-05T06:32:20+08:00

makerofthings7

2013-03-05T06:32:20+08:002013-03-05T06:32:20+08:00

I had the issue myself with high kernel times consuming 50% of CPU, while other processes accounted for the remaining 40%. The issue was caused by not properly disabling and uninstalling Trend AV.

Even though the services were stopped, and the realtime scan disabled, kernel mini filters appeared to be enabled. I deduced that they were consuming kernel time after I unstalled the software properly and observed that the kernel time reduced to 1/10th of the previous load.

To view the list of filters on your system, type

C:\Users\TEMP>fltmc filters
Filter Name                     Num Instances    Altitude    Frame
------------------------------  -------------  ------------  -----
TmPreFilter                             3       328500         0
luafv                                   1       135000         0

Microsoft has a list of 3rd party filters available here. According to that spreadsheet, TmPreFilter is Trend Micro, an AV Scanner.

6

Simon Catlin · Answer 4 · 2013-03-05T09:55:25+08:00

Simon Catlin

2013-03-05T09:55:25+08:002013-03-05T09:55:25+08:00

Have a nose using Process Monitor and DiskMon (Microsoft SysInternals) to see what the machine is doing. One common culprit, aside from dodgy device drivers, is good old paging.

-1

How can I troubleshoot high Kernel time?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?