Very high CPU usage v. 5.010 (probable cause found)
I had some complaints about SD+ running slow at times, and happened to find some interesting things going on at the same time in the log file. I was using process explorer (sysinternals.org), selecting the java process on the server, and then selecting the graphing option. The process was running throughout the morning, and I noticed a rather large rise in CPU usage which went on for a VERY long time, then plummeted all of a sudden.
1. A particular tech was shown doing updates, etc. but he did NOT have a browser up on any SD+ page. The log file kept recording that he was interacting with the SD+ system.
2. I ran a file monitoring program, and oddly enough, there was a zipped file (with a .tmp extension) that was being read/written to at a VERY high rate, and repeatable.
3. An immediately run 2nd sweep with the file monitoring program showed a very high rate of accesses also trying to access a zip file in the same general area of the .tmp file mentioned above.
3. A look at the application event viewer immediately after the CPU usage dropped off showed an error message saying:
VirusScan Enterprise: The scan of C:\AdventNet\ME\ServiceDesk\server\default\log\archive\serverout.zip.tmp\SERVEROUT14MAY2006_05_02_02_928.TXT has taken too long to complete and is being canceled. Scan engine version used is 4400 DAT version 4782.(from <machine_name_removed> IP <IP_address_removed> user NT AUTHORITY\SYSTEM running VirusScan Enter 8.0 OAS)
I believe there is a very strong correlation between this attempt to scan a tmp file and servicedesk reading/writing to it at the same time.
We're excluding this directory from zip file scans and will monitor this, but it's certainly something for others to look at.
Justin
1. A particular tech was shown doing updates, etc. but he did NOT have a browser up on any SD+ page. The log file kept recording that he was interacting with the SD+ system.
2. I ran a file monitoring program, and oddly enough, there was a zipped file (with a .tmp extension) that was being read/written to at a VERY high rate, and repeatable.
3. An immediately run 2nd sweep with the file monitoring program showed a very high rate of accesses also trying to access a zip file in the same general area of the .tmp file mentioned above.
3. A look at the application event viewer immediately after the CPU usage dropped off showed an error message saying:
VirusScan Enterprise: The scan of C:\AdventNet\ME\ServiceDesk\server\default\log\archive\serverout.zip.tmp\SERVEROUT14MAY2006_05_02_02_928.TXT has taken too long to complete and is being canceled. Scan engine version used is 4400 DAT version 4782.(from <machine_name_removed> IP <IP_address_removed> user NT AUTHORITY\SYSTEM running VirusScan Enter 8.0 OAS)
I believe there is a very strong correlation between this attempt to scan a tmp file and servicedesk reading/writing to it at the same time.
We're excluding this directory from zip file scans and will monitor this, but it's certainly something for others to look at.
Justin
