W10 on VMware ESXi 6.7 odd CPU spikes
Denes, Laszlo
Hi Everyone,
Hoping someone has seen this before and can shed some light on it.
We run a 3 x ESXi 6.7 VMware cluster (servers all g10 HP with Nimble SAN)
1 of the hosts complains almost every night about high CPU usage (goes from green to red to yellow and back to green) around 2:30 AM. It only lasts about 60 minutes and the event log on the host identifies only W10 (22h2 PRO) vm’s as the culprit.
I cannot figure out why those W10 vm’s are spiking the host CPU when we have far more CPU intense servers on the other hosts which do not.
Moving those W10 vm to another host creates the same issue on the new host. There are no host related warnings or other issues.
Any thoughts? Appreciate insights.
Many thanks in advance for your time.
Regards,
Laszlo
Laszlo Denes
Technical Analyst Servers
Information Systems
The Salvation Army Toronto Grace Health Centre
650 Church Street, Toronto, ON M4Y 2G5
f: 416-925-3211
Exceptional and compassionate care for all.
Henry Awad
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/YQBPR01MB1028620A03E481EE2296F8D76BA5CA%40YQBPR01MB10286.CANPRD01.PROD.OUTLOOK.COM.
Melvin Backus
I would suspect an AV or security scan, etc., which may be targeting those VMs because they’re workstations, in a different OU, etc. The event logs should give you additional direction since it seems to be repeatable.
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
¯\_(ツ)_/¯
--
Kevin Lundy
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/1ADD796D2529E94DB4552E7C1F12A21A01DFB6B5BE%40ATLEXCH04.byers.local.
Gustavo Alejandro Gonzalez Plascencia
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CAB0geZMkJVBH0%3DrUr2HFCjmejcG-FuWuPr%2BRObAKd_epopx%2B3A%40mail.gmail.com.
Gordon Hait
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/YQBPR01MB1028620A03E481EE2296F8D76BA5CA%40YQBPR01MB10286.CANPRD01.PROD.OUTLOOK.COM.
Denes, Laszlo
Not using defender and logs really don’t show anything that jumps out.
Thank you in advance for your time.
Laszlo
Laszlo Denes
Technical Analyst Servers
Information Systems
From: Henry Awad <aw...@cua.edu>
Sent: Tuesday, June 20, 2023 8:03 AM
To: ntsys...@googlegroups.com
Cc: Denes, Laszlo <lde...@torontograce.org>
Denes, Laszlo
Okay thanks everyone will check AV (Kaspersky)
Thank you in advance for your time.
Laszlo
Laszlo Denes
Technical Analyst Servers
Information Systems
t: ext. 214
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
On Behalf Of Gordon Hait
Sent: Tuesday, June 20, 2023 11:28 AM
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] W10 on VMware ESXi 6.7 odd CPU spikes
With the brand of AV we were previously using I had to break the scheduled scans of our Windows servers into three groups that did the
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CAAR%2B0hhcg7xsa70jJEVGRAnmDwzcN2tJm%2B3AX9B1Y0wDdWJEog%40mail.gmail.com.
Shawn K. Hall
unless that feature is disabled.
-S
> -----Original Message-----
> From: ntsys...@googlegroups.com
> [mailto:ntsys...@googlegroups.com] On Behalf Of Denes, Laszlo
> Sent: Tuesday, June 20, 2023 11:42
> To: Henry Awad; ntsys...@googlegroups.com
> Subject: RE: [ntsysadmin] W10 on VMware ESXi 6.7 odd CPU spikes
>
> Not using defender and logs really don't show anything that jumps out.
>
>
>
> Thank you in advance for your time.
>
>
>
> Laszlo
>
>
>
> Laszlo Denes
>
> Technical Analyst Servers
>
> Information Systems
>
> t: ext. 214
>
>
>
> From: Henry Awad <aw...@cua.edu>
> Sent: Tuesday, June 20, 2023 8:03 AM
> To: ntsys...@googlegroups.com
> Cc: Denes, Laszlo <lde...@torontograce.org>
> Subject: Re: [ntsysadmin] W10 on VMware ESXi 6.7 odd CPU spikes
>
>
>
> Have you checked the event logs on the Win10 VMs to see
> what's happening during that period? I would check to see if
> Windows Defender is running a scan during this time.
>
>
>
> On Tue, Jun 20, 2023, 7:58 AM Denes, Laszlo
> <lde...@torontograce.org> wrote:
>
> Hi Everyone,
>
>
>
> Hoping someone has seen this before and can shed some
> light on it.
>
> We run a 3 x ESXi 6.7 VMware cluster (servers all g10
> HP with Nimble SAN)
>
> 1 of the hosts complains almost every night about high
> CPU usage (goes from green to red to yellow and back to
> green) around 2:30 AM. It only lasts about 60 minutes and the
> event log on the host identifies only W10 (22h2 PRO) vm's as
> the culprit.
>
>
>
> host CPU when we have far more CPU intense servers on the
> other hosts which do not.
>
> Moving those W10 vm to another host creates the same
> issue on the new host. There are no host related warnings or
> other issues.
>
> Any thoughts? Appreciate insights.
>
>
>
>
>
> Many thanks in advance for your time.
>
>
>
> Regards,
>
>
>
> Laszlo
>
>
>
> Laszlo Denes
>
> Technical Analyst Servers
>
> Information Systems
>
> The Salvation Army Toronto Grace Health Centre
>
> 650 Church Street, Toronto, ON M4Y 2G5
>
> t: 416-925-2251 ext. 214
>
> f: 416-925-3211
>
>
> www.torontograce.org <http://www.torontograce.org/>
>
>
>
> <https://www.facebook.com/torontogracehealthcentre>
> <https://twitter.com/torontogracehc>
> <https://www.linkedin.com/company/toronto-grace-health-centre>
> <https://www.instagram.com/torontogracehealthcentre/>
>
>
> Exceptional and compassionate care for all.
>
>
>
> --
> You received this message because you are subscribed to
> the Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving
> emails from it, send an email to
> ntsysadmin+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ntsysadmin/YQBPR01MB1028620A
> 03E481EE2296F8D76BA5CA%40YQBPR01MB10286.CANPRD01.PROD.OUTLOOK.
> COM
> A03E481EE2296F8D76BA5CA%40YQBPR01MB10286.CANPRD01.PROD.OUTLOOK
> .COM?utm_medium=email&utm_source=footer> .
> --
> You received this message because you are subscribed to the
> Google Groups "ntsysadmin" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to ntsysadmin+...@googlegroups.com.
> To view this discussion on the web visit
> F7E5BF1D9AC054437BA5CA%40YQBPR01MB10286.CANPRD01.PROD.OUTLOOK.
> COM
> <https://groups.google.com/d/msgid/ntsysadmin/YQBPR01MB10286B5
> 9F7E5BF1D9AC054437BA5CA%40YQBPR01MB10286.CANPRD01.PROD.OUTLOOK
> .COM?utm_medium=email&utm_source=footer> .
>
>
Philip Elder
www.liveoptics.com on a few of the W10 VMs. Let it run for 24 hours. Get a baseline then the culprit will be clearly seen.
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
Web: www.mpecsinc.com
Blog: blog.mpecsinc.com
Twitter: Twitter.com/MPECSInc
Skype: MPECSInc.
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/YQBPR01MB10286B59F7E5BF1D9AC054437BA5CA%40YQBPR01MB10286.CANPRD01.PROD.OUTLOOK.COM.
Denes, Laszlo
Cheers for that
Thank you in advance for your time.
Laszlo
Laszlo Denes
Technical Analyst Servers
Information Systems
t: ext. 214
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/064fba7debe4423abc69b55224fe2082%40MPECSInc.Ca.