Troubleshooting High Bandwidth or CPU Usage of a Windows ECS
If your Windows ECS runs slowly or is inaccessible unexpectedly, the bandwidth or CPU usage of the ECS may be excessively high. If you have created an alarm rule using Cloud Eye, the system automatically sends an alarm to you when the bandwidth or CPU usage reaches the threshold specified in the rule.
To handle this issue, perform the following operations:
- Fault locating: identifies the processes leading to high bandwidth or CPU usage.
Windows OSs offer multiple tools to locate faults, including Task Manager, Performance Monitor, Resource Monitor, Process Explorer, Xperf (supported by versions later than Windows Server 2008), and obtained full memory dump.
- Troubleshooting: Check whether the processes are malicious and handle the issue accordingly.
- If the processes are not malicious, optimize their programs or modify ECS specifications.
- If the processes are malicious, use a third-party tool to automatically stop the processes.
Locating the Fault
- In the lower left corner of the ECS desktop, choose Start > Run.
- In the Open dialog box, enter perfmon -res.
- On the Resource Monitor page, click the CPU or Network tab to view the CPU or bandwidth usage.
- Obtain the IDs and names of the processes with high CPU or bandwidth usage.
- Press Ctrl+Alt+Delete to start Windows Task Manager.
The following describes how to display PIDs in Task Manager, locate a process, and check whether it is malicious.
- Click the Processes tab.
- Choose View > Select Columns.
- Select PID (Process Identifier).
- Click OK.
On the Processes tab, the PID column is displayed.
- Click PID to sort the data.
- Right-click the process with high CPU or bandwidth usage and choose Open File Location from the shortcut menu.
- Check whether the process is malicious.
Before troubleshooting, determine whether the process leading to the high CPU or bandwidth usage is malicious, and then take measure accordingly.
Suggestions for non-malicious processes
- If your ECS runs Windows Server 2008 or 2012, ensure that the available memory capacity is 2 GB or higher.
- Check whether Windows Update is running on the backend.
- Check whether the antivirus software is scanning on the backend.
- Check whether there are applications running on the ECS with strict requirements on CPU or bandwidth usage. If so, modify ECS specifications or enlarge bandwidth.
- If the ECS configuration meets application requirements, deploy applications separately. For example, deploy the database and applications separately.
Suggestions for malicious processes
If the high CPU or bandwidth usage is due to viruses or Trojan horses, manually stop the affected processes. The recommended processing sequence is as follows:
- Use the commercial-edition antivirus software or install Microsoft Safety Scanner to scan for viruses in security mode.
- Install the latest patches for Windows.
- Run MSconfig to disable all drivers that are not delivered with Microsoft and check whether the fault is rectified. For details, see How to perform a clean boot in Windows.
- If the ECS or site encounters a DDoS or CC attack, which leads to a large number of access requests within in a short period of time, log in to the management console and perform the following operations:
- Check whether Anti-DDoS has been enabled and whether the protection rules are proper. To configure a protection rule, see Enabling Anti-DDoS.
- Check whether CC attack protection has been enabled and whether the protection rules are proper. To configure a protection rule, see Configuring CC Attack Protection Rules.