I have this issue where this file server goes to 100% CPU utilisation and eventually freezes over. During one of its high utilizations I managed to get a Xperf trace on it and according to it , its ntoskrnl.exe that is using the maximum CPU. The function is RtLookupFunctionTable. ProcMon reported that its srv.sys that is using the maximum resources. Not sure which one is the real deal. Anyone got any ideas ?

Try enabling the PID column in the Processes tab of taskmgr. Then you can find out the PID of the instance of srv.sys that is the hog. In the Services tab, you can sort by PID to see which services are being launched by that PID.You may be able do similar things in ProcMon but I have not used it very much. There is also Process Explorer from SysInternals. It allows you to trace the DLLs.

Try enabling the PID column in the Processes tab of taskmgr. Then you can find out the PID of the instance of srv.sys that is the hog. In the Services tab, you can sort by PID to see which services are being launched by that PID.You may be able do similar things in ProcMon but I have not used it very much. There is also Process Explorer from SysInternals. It allows you to trace the DLLs. It comes up as System with a PID of 4. In the services tab there is no PID with that id.

Hi, Thanks for the post. From your description, I understand that ntoskrnl.exe uses the maximum CPU. Now please check if this issue occurs in Clean Boot Mode. Clean Boot =============Let's disable all startup items and third party services when booting. This method will help us determine if this issue is caused by a loading program or service. Please perform the following steps: 1. Click "Start", go to "Run", and type "msconfig" (without the quotation marks) in the open box to start the System Configuration Utility. 2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click "Disable All" (if it is not gray). 3. Click the "Startup" tab, click "Disable All" and click "OK". 4. Click "OK" to restart your computer to Selective Startup environment. 5. When the "System Configuration Utility" window appears, please check the "Don't show this message or launch the System Configuration Utility when Windows starts" box and click OK.6. Check whether or not the issue still appears in this environment. Note: Temporarily disabling the Startup Group only prevents the startup programs from loading at startup. This shouldn't affect the system or other programs. We may still manually run these programs later. Does it work? Meanwhile, you could use Process Explorer to check what causes the hangs issue. Please note, we may have to analyze memory dump file to narrow down the cause of this issue, forum is not the best place for analyzing dump. It’s suggested to contact Microsoft Customer Support Services (CSS) so that a dedicated Support Professional can help you on this issue. To obtain the phone numbers for specific technology request please take a look at the web site listed below. http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS If you are outside the US please see http://support.microsoft.com for regional support phone numbers. Hope this helps.

Hi Rajan,You can use process explorer as Brain mentioned and identify the root cause of the problem. The above statement seems very simple, but you will end up having tons of questions as to what to monitor , how to view , how to determine a) segregate the process from the list of running processes b) you will now get the applicaiton / microsoft process which is eating up the memory c) As Miles suggested , test this behavior in safe mode. If the service is 3rd party service , there is no way that it is going to get loaded during safe mode d) So you have to fall back to normal mode and check for the consistency of the problem, you can go to the properites of the process --> check for the memory consumption . you have to know enough about the virtual memory and the physical memory allocation if not you will be bumped with teh terms on in the PE or task manager such as commit charge , virtual memory ( VM is simple word but when it comes to understanding of the process allocation you would require to do lot of math ) e) if it is a private application / 3rd party app , then you see the private bytes getting increased, all that you can do is to contact the application vendor and tell them the behavior f) you can use poolmon to test if there is memory leak , which requires you to analyze the poolmon tags ( you can use strings utility from sysinternals suite to analyze the poolmon tags) The other option is to open up a case with microsoft for anlayzing the memory dump

It comes up as System with a PID of 4. In the services tab there is no PID with that id. The System process launches just about everything else.You said that srv.sys was the resource hog. See if you can tell which instance of srv.sys that seems to be the culprit. Then look in the Services tab to see which services are launched under that PID.See if you can disable any of these services using Configuration\Services in Server Manager. You can also find the Services console in Administrative Tools.You can check each service to see which services it depends on, and which depend on it. For default settings, see: http://technet.microsoft.com/en-us/library/cc785922(WS.10).aspx. Even though it is in the Library under Server 2003, it is linked to from the Server 2008 Library and Help files.

Hi ,Did you get a chance to go through the troubleshooting steps to narrow down the problem ?

Hi ,Did you get a chance to go through the troubleshooting steps to narrow down the problem ? yes finally found it to be HP OVO.