Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Troubleshooting : Extremely slow CloseFile operation

April 4, 2017, 4:18 pm
$
0
0
Author: DaveTrenaman
Subject: Extremely slow CloseFile operation
Posted: 04 April 2017 at 11:18pm

Trouble shooting why the csc.exe (c# compiler) is slow. 

Using Process Monitor I discovered a 60 sec CloseFile operation. The compiler is invoked as part of an Asp.Net web app so is writing to "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files". The file in question is an .out file which must be some sort of intermediate compiler output. Writes to the file happen quickly but the CloseFile operation hangs up. The file is 11K in size. 

This is a customers vm running Server 2012. I have a similar in house VM that does not have this issue. From adjusting the the ProcessMontior filters it appears the only two processes that interact with the .out file are csc.exe and the aspnet_compiler.exe which spawns it. 

My immediate thought is some sort of anti virus software is interfering but the server is not running any antivirus. Any recommendations on trouble shooting steps to try next?

Thanks,

Dave


Edited by DaveTrenaman - 22 hours 45 minutes ago at 11:20pm
Search

PsTools : psexec with net share, create remote share

April 4, 2017, 9:43 pm
$
0
0
Author: shell_l_d
Subject: psexec with net share, create remote share
Posted: 05 April 2017 at 4:43am

Hi, I would like to run a 'net share' command using psexec to create a share on the remote server, however I am unable to get it to work.
 
I can put the net share command in a batch file & copy it to the remote server then use psexec to run the batch file but I want to be able to do it all via the local PC.
 
Any ideas please?
 
eg: This works, running psexec locally, when the batch file is on the remote server:
psexec \\myremoteserver "c:\mybatchfile.bat"
 
where the batch file contains:
net share mysharename$="c:\test /grant:mygroup,FULL"
 
however this doesn't:
psexec \\myremoteserver "net share mysharename$="c:\test /grant:mygroup,FULL""
 
 

Utilities Suggestions : Profiling Utility

April 4, 2017, 10:38 pm
$
0
0
Author: ThomasChr
Subject: Profiling Utility
Posted: 05 April 2017 at 5:38am

Hello Forum,

I need a tool for taking profiling events from a process.
The usage is simple:
"Get me a stack trace from process X every 0.0xxx seconds."

Afterwards these stackdumps (a few thousand) could be ordered and you can see in which function (assuming you have debugging symbols for the process, if not this is a little bit more tricky...) the process spent it's time.

So you can see what the process actually does over its lifetime:
- Process spents 60% waiting for database replies
- Process is 20% idle waiting for some Event (Input) to happen
- Process is waiting 20% of its time for a network packet to arrive

You can even drill down the stacktraces and find out which (assembly) instruction was active at the moment to see if it was a instruction involving disk io oder memory io or other...

I know "Event Tracing for Windows" can do exactly that - but for it to use you need to install the Windows SDK - which is a big impact on the system.

Would it be possible to provide a sysinternals tool that does exactly that in a single executable?
Doing such things with procdump and a scripted windbg only gets me about one stackdump every second which is not enough.
Using the profile Event in procmon also occurs one times a second and has no stackdump attached to it.

What do you think?

Thomas

PS: You can find infos about process profiling here: https://msdn.microsoft.com/en-us/library/ms930392.aspx

Of course there are a lot of tools in Linux which can do that. I would love to see them in windows, especially because windows already has all the needed profiling functions in its kernel!

Edited by ThomasChr - 15 hours 51 minutes ago at 6:14am

PsTools : psexec with net share, create remote share

April 4, 2017, 11:11 pm
$
0
0
Author: shell_l_d
Subject: psexec with net share, create remote share
Posted: 05 April 2017 at 6:11am

Finally figured it out, no quotations required... 
psexec \\myremoteserver net share mysharename$=c:\test /grant:mygroup,FULL

Site Bugs : Searching forum for "delete" produces 500 error

April 5, 2017, 12:49 am
$
0
0
Author: MikeBeaton
Subject: Searching forum for "delete" produces 500 error
Posted: 05 April 2017 at 7:49am

I have the same error today:

If I search the forums for any of these

  task manager
  sysinternals
  delete

Then I get a 500 - Internal Server Error page.

However some searches work, for instance I can search for:

  any words at all

Mike

Process Explorer : CANNOT get back task manager from process explorer

April 5, 2017, 12:56 am
$
0
0
Author: MikeBeaton
Subject: CANNOT get back task manager from process explorer
Posted: 05 April 2017 at 7:56am

I believe this is a (genuine, but minor) display bug in Process Explorer.

Your option for "Replace Task Manager" has a little security shield to the left of it, right? (To indicate that it will require Administrator authorisation.)

And your option for "Confirm Kill" on the same menu probably has a little tick to the left of it, right? (To confirm that it is selected.)

Once you have selected "Replace Task Manager" then (I am almost 100% sure...!) it has a little tick next to it too. Only it's directly under the shield and you can't see it at all. So, even though the option does not appear to have changed at all (and looks like it only gives you the option to replace yet again), actually it has an (invisible) tick next to it, and clicking on it again removes the (invisible) tick and un-replaces Task Manager.

Troubleshooting : Performance issue

April 5, 2017, 3:11 am
$
0
0
Author: risingflight
Subject: Performance issue
Posted: 05 April 2017 at 10:11am

Hi experts
I am just new to windows
One of my server has performance issues.
Cpu and memory utilization is 100percent
Backups are failing.
With which sysinternal tool shud I proceed and how.
How do I check if its related to handles,
If update issue is causing this or any service account issues.experts guide me as I am new.

Miscellaneous Utilities : Handle cant view threads and process handles

April 5, 2017, 3:46 am
$
0
0
Author: KingSD
Subject: Handle cant view threads and process handles
Posted: 05 April 2017 at 10:46am

When i run Process Explorer i can see when cheatengine is attached to another process and i cant do the same thing with Handle.exe . I have tried each 32 bit and 64 bit versions of Handle.exe with administrator privileges. It doesnt show the handle type of process, it shows all other handles but processes. Anybody has got an idea about this issue?
Search

Miscellaneous Utilities : Features request: complex conditions in sysmon

April 5, 2017, 6:07 am
$
0
0
Author: ramon_garcia
Subject: Features request: complex conditions in sysmon
Posted: 05 April 2017 at 1:07pm

Hello,

We are testing Sysmon in our organization and it seems very useful.

Unfortunately, it generates too much events.

We find, that for effective filtering, we would need complex conditions, that is, testing more than one field at the same time.

For instance, connections to Kerberos port of the domain controller need not be logged. So if process is lsass.exe , destination IP is one of the domain controllers and target port is kerberos, do not log event.

That would need complex conditions, made of "and" and "or" simple conditions.

Best regards.

Troubleshooting : Extremely slow CloseFile operation

April 5, 2017, 10:42 am
$
0
0
Author: sredna
Subject: Extremely slow CloseFile operation
Posted: 05 April 2017 at 5:42pm

How busy is this server? Specifically, is there a lot of other file I/O going on in other processes or is it idle?

Process Monitor : older versions of Process Monitor

April 6, 2017, 7:13 am
$
0
0
Author: lukey2k
Subject: older versions of Process Monitor
Posted: 06 April 2017 at 2:13pm

Does any one have any of the links to the more recent ones, i am getting the  “Unable to loadProcess Monitor Device Driver” error when launching procmon.

after clicking ok  I noticed that the Procmon displays No events (Capture disabled) and therefore i am unable to capture the data.

I have also tried running as 32bit using the /run32 command  , i am then presented with "Capture requires 64-bit mode"

Any help will be appreciated.

Regards

Luke 

Troubleshooting : Best sysinternals tool for troubleshooting SMB?

April 6, 2017, 1:24 pm
$
0
0
Author: jrwalzer
Subject: Best sysinternals tool for troubleshooting SMB?
Posted: 06 April 2017 at 8:24pm

I'm troubleshooting two Windows servers in my environment in which they are trying to initiate outbound SMB traffic (ports 135, 139, 445) by the thousands per day, which is being blocked by our firewalls. 


What Sysinternals tool would I use to determine what services or processes would be initiating this SMB traffic?

Thx

Troubleshooting : Extremely slow CloseFile operation

April 6, 2017, 2:25 pm
$
0
0
Author: DaveTrenaman
Subject: Extremely slow CloseFile operation
Posted: 06 April 2017 at 9:25pm

Work load is pretty light. I tried moving the temp asp.net folder to a different drive but it didn't help. Because it is on a VM though perhaps the underlying hardware is taxed. I don't have access to the physical infrastructure but that may be where the problem lies.

Process Monitor : older versions of Process Monitor

April 6, 2017, 3:56 pm
$
0
0
Author: sredna
Subject: older versions of Process Monitor
Posted: 06 April 2017 at 10:56pm

Originally posted by lukey2k lukey2k wrote:

Does any one have any of the links to the more recent ones, i am getting the  “Unable to loadProcess Monitor Device Driver” error when launching procmon.
Target Windows version?

Process Explorer : procexp64 crashing

April 6, 2017, 9:42 pm
$
0
0
Author: fpefpe
Subject: procexp64 crashing
Posted: 07 April 2017 at 4:42am

I can't get proceexp64 to start/run --  I just downloaded the latest version  and  it crashed -- this is from the event log 

Faulting application name: procexp64.exe, version: 16.20.0.0, time stamp: 0x5892a9b5
Faulting module name: procexp64.exe, version: 16.20.0.0, time stamp: 0x5892a9b5
Exception code: 0xc000041d
Fault offset: 0x00000000000635bf
Faulting process id: 0x1e38
Faulting application start time: 0x01d2af54e2a79312
Faulting application path: E:\Work2\procexp64.exe
Faulting module path: E:\Work2\procexp64.exe
Report Id: 30e5c0f6-1b48-11e7-a34f-005056c00008

Any info would be appreciated 
Search

Development : Programatically get the list of Microsoft Updates

April 6, 2017, 11:48 pm
$
0
0
Author: itsprasadg
Subject: Programatically get the list of Microsoft Updates
Posted: 07 April 2017 at 6:48am

I like to know  how one can programmatically get the list of Microsoft Updates as shown in "Control Panel->ARP->View installed updates"


I used WUA (windows update agent API) to get list of installed windows updates, however, the list is not exactly matching to what the "Control panel->ARP->View installed updates"  shows, say, the product details for which the update is installed (i.e. column "Program"). The update details were obtained using ISearchResults interface of WUA API.

I want to know how (what api, method) Control panel shows the list of installed windows updates.
  

Process Monitor : older versions of Process Monitor

April 7, 2017, 12:16 am
$
0
0
Author: lukey2k
Subject: older versions of Process Monitor
Posted: 07 April 2017 at 7:16am

i managed to find a the version 3.2 back from 2015 on my computer , all is good now.

The archived links i could find for this version did not work.

Troubleshooting : Excel data lost for work.

April 7, 2017, 12:48 am

Process Monitor : Issue with File System Activity

April 7, 2017, 1:38 am
$
0
0
Author: alerosmile
Subject: Issue with File System Activity
Posted: 07 April 2017 at 8:38am

I have an issue where Process Monitor (v3.32) stops capturing file system activity.
 
Steps to reproduce it:
-set filter to show file system activity only
-set filter to include Explorer.exe (Process Name) only
-hammer on the Clear (Ctrl-X) button
 
Soon Process Monitor stops capturing file system activity on drive C. On all other drives or network folders capturing still works as expected.
 
I can reproduce this on:
-Win8.1 x86
-Win8.1 x64
-Win10 x86
-Win10 x64

but not on older systems.

Can anybody reproduce this as well?

Thanks!

Process Monitor : Not able to view help / chm file again

April 7, 2017, 1:41 am
$
0
0
Author: alerosmile
Subject: Not able to view help / chm file again
Posted: 07 April 2017 at 8:41am

On x64 Systems it's still not possible to open the help file. That's because a x64 of Procmon is extracted to the temp folder and the help file is search from there.
Viewing all 10386 articles
Browse latest View live
Search