Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Process Monitor : Procmon Stops other processes from running.

September 24, 2016, 9:36 am
$
0
0
Author: ruifsp
Subject: Procmon Stops other processes from running.
Posted: 24 September 2016 at 4:36pm

Hi,

I've been struggling with ProcMon version 3.31 (also tried with older ones and result was the same) where an application I need to "debug" slows to almost stopped when I run process monitor on the machine the application is running.

The application is transcoding video from one network location into another using SMB share to access the source file and SMB share to write the resulting file and uses almost 100% CPU on steady state. These shares are in different servers.

When Procmon starts monitoring the machine, the application CPU usage goes to 0%... and not transcoding is done...

What I found so far is that if while running Procmon I disable PROCMON23 filter driver using the following command on a command line "fltmc.exe detach PROCMON23 \device\MUP\" the application returns to full speed.

If the filter (PROCMON23) is loaded but procmon is not monitoring (it can be open but as long it's not monitoring) the application uses the CPU and runs.

If PROCMON23 filter is detached using the command above, procmon does not affect the application performance, but I cannot log the filesystem events on the machine and so procmon becomes useless...

Anyone has a suggestion on what to do next?

Any alternatives to procmon that produce the same level of info on a system?

Thanks a million

Cheers


Search

Miscellaneous Utilities : Sysmon crash

September 26, 2016, 8:34 am
$
0
0
Author: MSFT_markc
Subject: Sysmon crash
Posted: 26 September 2016 at 3:34pm

Thanks for the prompt response.  Do you have OneDrive and if so would you be able to upload to that and send us a link ??

Process Monitor : Error when opening Process Monitor

September 26, 2016, 11:11 am
$
0
0
Author: racrford67
Subject: Error when opening Process Monitor
Posted: 26 September 2016 at 6:11pm

I am unable to open process monitor, any version, on any computer with any user account.  
I receive the message "Capture requires Administrators group membership"  
I am logged in with local admin rights. I have launched process monitor with Run as Administrator.  This is happening on both a new Windows 10 machine, and a Windows 7 machine that I have run process monitor on in the past.  On the Windows 7 machine UAC is disabled.  
The Windows 10 computer is not generating any event logs.  However, the Windows 7 machine shows something going on with Ultra VNC, which is running on both computers
Faulting application name: Procmon64.exe, version: 3.3.0.0, time stamp: 0x4ffcb780
Faulting module name: vnchooks.dll, version: 1.1.0.0, time stamp: 0x5085bec7
Exception code: 0xc0000005
Fault offset: 0x0000000000001e02
Faulting process id: 0x271c
Faulting application start time: 0x01d21814a454046d
Faulting application path: C:\PSTOOLS\Procmon64.exe
Faulting module path: C:\Program Files\uvnc bvba\UltraVNC\vnchooks.dll

Uninstalled vnc on the Windows 7 computer.  Process monitor still gets the same error, but is no longer generating event logs.

Miscellaneous Utilities : Sysmon crash

September 26, 2016, 12:25 pm
$
0
0
Author: ajtarter
Subject: Sysmon crash
Posted: 26 September 2016 at 7:25pm

I sent a OneDrive memory dump link to the support email address.  I could not get the keyboard method of forcing a dump to work for the VMWare Fusion VM using a Mac keyboard, so I had to create a snapshot and then use vmss2core to convert the snapshot kernel dump using the -WK option.  You should also be able to easily recreate this by using the ImageLoad config with Mcafee VirusScan Enterprise installed.  There is a free trial version you can use to test.


In addition to the hang issue, I am wondering if there is a way to enable driver loads without image load?  In my experience, this does not work on Windows 7 without ImageLoad turned on.

BgInfo : RDS2012R2 wallpaperupdate on two different servers

September 26, 2016, 9:24 pm
$
0
0
Author: WindowsStar
Subject: RDS2012R2 wallpaperupdate on two different servers
Posted: 27 September 2016 at 4:24am

We have 9000 employees and we don't use Roaming profiles, more of a hassle than a help, we tried it a few times. :-) Plus on TS we really don't use them, slows connections and causes a lot of issues. Better to have the profile locally on a TS. But I cannot speak to your situation or politics or how your site needs to work.
On the GPO you need to find the location of the files and where that information is stored in the registry and then do some searches to see if someone else has done all the work for you. If not then build a policy to keep the registry setting local, or change it back to local, or deny the change from the Roaming Profile. Policy is designed to do this so it should be clean and easy. -WS

Troubleshooting : How to Convert Outlook Express to Outlook PST?

September 26, 2016, 10:19 pm
$
0
0
Author: alexanderhicks
Subject: How to Convert Outlook Express to Outlook PST?
Posted: 27 September 2016 at 5:19am

Once DBX to PST Conversion is done, it allows users to save all the data of Outlook Express into a fresh Outlook PST files or export it into current PST. It also comes with “Technical Version” to convert several DBX files. It also saves the converted DBX files into various formats like MSG, RTF, EML,HTML file format.

BgInfo : RDS2012R2 wallpaperupdate on two different servers

September 27, 2016, 12:01 am
$
0
0
Author: Malte_EP
Subject: RDS2012R2 wallpaperupdate on two different servers
Posted: 27 September 2016 at 7:01am

Just becuase it's intresting for me... Every user can connect to every TS?

I tried it to exclude the specific path from roaming, but that doesn't seems to work.
No I'll try to run it as standard background from the Server. I don't think we need the username informations displayed. May that works for us.
 
Just wondering why MS changed this behavior Ermm In RDS 2008 R2 it was perfect.

BgInfo : Ctrl Alt Del Logon screen Windows 10

September 27, 2016, 10:02 am
$
0
0
Author: shane54
Subject: Ctrl Alt Del Logon screen Windows 10
Posted: 27 September 2016 at 5:02pm

+1
Ryan, or anyone else, who knows, how to use BGinfo for showing info on Logon UI.
Or, at least describe please mentioned above trick for Windows 7 - maybe it can help to understand, where is problem and how it was resolved in the past...
Search

Miscellaneous Utilities : ZoomIt 4.5 Live Zoom in VMware VM

September 27, 2016, 10:29 am
$
0
0
Author: Gnosis18
Subject: ZoomIt 4.5 Live Zoom in VMware VM
Posted: 27 September 2016 at 5:29pm

I realize this is an old post but wanted to say, as a trainer who does this for a living, I spent hours researching this issue and found you post.  It weirdly worked in 2012 but during our class labs we upgrade to 2012 R2.  After that, had horrible visual artifacts while live zoomed.  This solution fixed it!  Thank you for taking the time to report your solutions!

BgInfo : Ctrl Alt Del Logon screen Windows 10

September 27, 2016, 11:18 am
$
0
0
Author: bmv98rus
Subject: Ctrl Alt Del Logon screen Windows 10
Posted: 27 September 2016 at 6:18pm

The problem is only because MS have changed solution and now change lock screen option is avaliable only for Enterprise and Education version. Since 1607 version Logon screen background have bin eq. lock screen background.   

BgInfo : Ctrl Alt Del Logon screen Windows 10

September 27, 2016, 12:09 pm
$
0
0
Author: ryan.clinton
Subject: Ctrl Alt Del Logon screen Windows 10
Posted: 27 September 2016 at 7:09pm

on windows 7 use BG info to create an image then copy the image to C:\Windows\System32\oobe\info\backgrounds\

Process Monitor : ** Feature request list **

September 27, 2016, 2:55 pm
$
0
0
Author: IanHaskin
Subject: ** Feature request list **
Posted: 27 September 2016 at 9:55pm

Need a way to suppress error popups when calling procmon from the command-line.

Process Monitor : ProcessMonitor stops after reaching history depth

September 28, 2016, 6:47 am
$
0
0
Author: ezeltje
Subject: ProcessMonitor stops after reaching history depth
Posted: 28 September 2016 at 1:47pm

I am troubleshooting a client-server application where the clients become unresponsive after several weeks of continuous operation. When the problem occurs, either the server side of the application is restarted or the server is rebooted.
Since I strongly suspect that the root cause of the problem is on the server, I want to run ProcessMonitor until the application gets restarted or the server rebooted. I have configured it to use backing files for storing the event data so I can analyze it offline. To avoid using to much disk space for the logging I have restricted the history depth to 125M events.
I expected ProcessMonitor to continue to run but it stops, seemingly when it reaches the history depth limit. I didn't find anything in the Windows event log about ProcessMonitor stopping unexpectedly, so this appears to be designed behaviour. The manual suggests otherwise "that you can leave Process Monitor running for long periods and ensure that it always keeps the most recent events". Therefore I consider this a bug.
I have to add that I script running ProcessMonitor and that I run that script through the task scheduler to allow ProcessMonitor to run unattended while I'm not logged in.

Process Monitor : ** Feature request list **

September 28, 2016, 6:57 am
$
0
0
Author: ezeltje
Subject: ** Feature request list **
Posted: 28 September 2016 at 1:57pm

History depth isn't exported as part of the configuration. That is inconvenient if you want to deploy ProcessMonitor on multiple computers with exactly the same configuration.
Versatile start and stop triggers, including the very events that ProcessMonitor logs, would be nice to have in order to limit the amount of data that has to be analysed.

Miscellaneous Utilities : Autologon process quandy

September 28, 2016, 8:25 am
$
0
0
Author: axelz
Subject: Autologon process quandy
Posted: 28 September 2016 at 3:25pm

You'll need to have first accepted the EULA for the user account you're running the autologon utility as.

HKCU\Software\Sysinternals\Autologon
EulaAccepted = 1 (DWORD)
 
If you run interactively you can see this and registry key being created.
 
Regards,
Alex
Search

Process Explorer : procexp source code

September 29, 2016, 6:24 am
$
0
0
Author: Michael.Haephrati
Subject: procexp source code
Posted: 29 September 2016 at 1:24pm

Which version is Process Hacker source code is the latest? 

Process Explorer : procexp source code

September 29, 2016, 6:42 am

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

September 29, 2016, 7:18 pm
$
0
0
Author: quantumgravity
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 30 September 2016 at 2:18am

Hi,

I have more of an irritating problem with ntoskrnl after the Windows 10 anniversary update.  It consistently uses about 5% of a fast CPU and causes heavier fan load.

I hate to use MagicAndre1981's time, but I've PM'd you a link to the resulting highCPUUsage.etl archive file.  When you have time, could you please take a look?

Thanks!

PsTools : -u -p options not working

September 30, 2016, 2:32 pm
$
0
0
Author: allins
Subject: -u -p options not working
Posted: 30 September 2016 at 9:32pm

I have a batch file that I use on all my location's computers in an AD environment.  It's always worked (from my XP, then Windows7, now Windows 10) computer.  I'm logged in as a non-domain admin, but use admin credentials in the batch file with PSEXEC -u -p format.  It still works on most computers, but recently SCCM-imaged (corporate image) computers give me the old

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Could not start PSEXESVC service on xxxxxxxxxx:
Access is denied.

error.

However, if I open a command window as another user and specify the admin credentials, then it works, regardless of whether I execute PSEXEC with or without the -u -p flags.
I apologize if this has already been discussed, but I didn't see any existing discussions that exactly describe this situation.

Thanks,
Shawn

PsTools : PsEXEC not connecting to remote machine

September 30, 2016, 3:44 pm
$
0
0
Author: Laks
Subject: PsEXEC not connecting to remote machine
Posted: 30 September 2016 at 10:44pm

We are not able to connect to remote machine with PsEXEC command using autosys job.

psexec \\remote_machine -i vxprint -VPl  1>VP/test.txt

when our autosys job executes the same it stuck. There is no progress after this. Below the logs attached. 

In task manager, i could see process -> PsExec*32 user-> autosys

log info
=====
INFO  [main] com.VxPrint.LoggerUtil main- bat script executed successfully
Here is the standard error of the command (if any):


PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com


But i am able to execute this manually when i run above command in cmd prompt. See the console output below

INFO  [main] com.VxPrint.LoggerUtil main- bat script executed successfully
Here is the standard error of the command (if any):


PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Connecting to xxxxxxxxxx...


Starting PSEXESVC service on xxxxxxxxxx...


Connecting with PsExec service on xxxxxxxxxx...


Starting vxprint on xxxxxxxxxx...



vxprint exited on xxxxxxxxxx with error code 0.


Please let me know how i can fix this issue


Edited by Laks - 22 hours 38 minutes ago at 10:45pm
Viewing all 10386 articles
Browse latest View live
Search