WMI Process Consumes High RAM, Makes Your Site Slow

Troubleshooting a Slow Site Due to High RAM Use

The WMIPrvSe.exe, AKA Windows Management Instrumentation, is a Windows service that is used for essential error reporting and monitoring purposes. Other applications make use of this process to perform these tasks. In my case, this application was SCCM, otherwise known as System Center Configuration Manager.

In my scenario, I was running a Windows Server 2008 R2 which was being monitored by a Separate Server running SCCM. Over time, WMI process balloons consuming RAM until the server begins killing or slowing processes and services or potentially slowing down an IIS based Web Site until it is extremely slow to load. In some cases, I would find that sites would take 3-4 minutes to fully load.

What Microsoft has to say about the issue:

“On a computer that is running Windows Server 2008 R2 or Windows 7, you use the Windows Management Instrumentation (WMI) service to run some queries. Then, you notice that the memory usage of the WMI service keeps increasing and that system performance decreases. Additionally, you cannot restart the WMI service if other services that depend on the WMI service are currently in a running state.”
http://support.microsoft.com/kb/977357

My first step was to install the Hotfix from the link above (a reboot was required). This appeared to have temporarily solved the issue, but after a few weeks, I did find the WMI Process creeping high on RAM. Clearly, I needed to investigate further.

I found that restarting the service fixed the issue.

Follow these steps to restart the service:

  1. Open Task Manager
  2. Locate WMIPrvSe.exe (Note: wmiprvsw.exe is the Sasser worm!)
  3. Click End Task on any instance over 20 MB of RAM usage
  4. Open Services.msc
  5. Locate Windows Management Instrumentation
  6. Right Click and choose ‘Restart

I still noticed after a few days that WMI would be right back at it and causing slowness. You should still try this as it may solve your issue intermittently until you have time and resources to commit to a reboot required for either the Hotfix from Microsoft or the steps I will outline below.

Finally, I found an amazing Technet blog by CC Hameed. This blog outlined many important steps you can take for troubleshooting, but more specifically to my issue, I performed the following steps:

1. Capture a WMIDiag report for and search for any WMI related issues. Below are a few scenarios/errors that indicate repository corruption:

  • Unable to connect to root\default or root\cimv2 namespaces thru wbemtest. Fails returning error code 0x80041002 pointing to WBEM_E_NOT_FOUND
  • When we open Computer Management and Right Click on Computer Management(Local) and select Properties, you get the following error: “WMI: Not Found” or it hangs trying connect
  • 0x80041010 WBEM_E_INVALID_CLASS
  • Trying to use wbemtest, it hangs

2. From and elevated Command Prompt, Run ‘winmgmt /verifyrepository

  • It should return the result ‘WMI repository is Consistent’. If it returns as inconsistent, read CC Hameed’s Blog further on Rebuilding the Repository.

WMI repository is consistent

 

3. Re-register all of the dlls and recompile the .mofs in the wbem folder and re-registering WMI Service and Provider. You can accomplish this by creating a Batch File with the following lines:

CD C:\Windows\System32\Wbem
@echo off
sc config winmgmt start= disabled
net stop winmgmt /y
%systemdrive%
cd %windir%\system32\wbem
for /f %%s in ('dir /b *.dll') do regsvr32 /s %%s
wmiprvse /regserver
winmgmt /regserver
sc config winmgmt start= auto
net start winmgmt
for /f %%s in ('dir /s /b *.mof *.mfl') do mofcomp %%s

4. Run the batch file with Elevated Rights and wait for it to complete (~4-5 minutes for me)

5. Reboot the Server.

6. Check for consistency again by running the ‘winmgmt /verifyrepository’ command. If this fails, then a rebuild is still required.

Now the fun part: Testing for success!

My goal was to prevent WMI from interfering with the loading times of hosted sites on this affected server.

  1. I waited about one hour and checked the WMI process in Task Manager – it wasn’t ballooning.
  2. I opened Developer Tools (F12 in most Browsers, I used Chrome) and used the Network Tab to watch GET requests.  To do this, load the site.

    Use the Network Tab to watch GET requests

    18ms would have been fantastic, but that is our Site!

  3. The site was still taking more than 30 seconds to load, sometimes upwards of one minute, depending on the library I viewed. Noticing that it was loading from Cache, I cleared the cache and attempted again.
  4. The new results were much better:SL-WMI-NetworkResults

Since performing these steps, I have not had any issues with the speed of any sites that were affected on that particular server. If you have any additional suggestions, please sound off in the comments below!

Also, here is a Joe Knows Support episode that also covers what to do when your RAM use runs high:

VN:F [1.9.22_1171]
Rating: 8.9/10 (8 votes cast)

About Fpweb.net Crew

Our business is centered on bringing enterprise-class strategy, support, and security to your hosted or managed platforms no matter where you choose to deploy your environment. We specialize in providing managed services, cyber security, and expert, USA-based, 24/7 Absolute Support® on-premises, or in any cloud.
This entry was posted in Network Administration and tagged , , , , , , , , . Bookmark the permalink.

2 Responses to WMI Process Consumes High RAM, Makes Your Site Slow

  1. Andy Milsark says:

    Nice article!

  2. Rohit says:

    Thanks, your article is very useful and informative. You may like to visit Om Nanotech in case you want to have more information on SDR manufacturer

Leave a Reply

Your email address will not be published. Required fields are marked *

Let's make sure you're human first: *