XP unacceptably slow suddenly after no change

  • Thread starter Thread starter setecastronomy
  • Start date Start date
S

setecastronomy

A month ago we bought some Hp workstation xw6400 with xeon 5335 and Nvidia
Quadro Fx560.
We chose windows Xp as o. s. because we have lots of other workstations with
that o.s. and we preferred avoiding to introduce a different one (Vista).

We installed some applications such as Office 2003, ArcGis and Autocad.

Everything worked fine till yesterday morning, without any modification
since prevoius day. Suddenly two of these workstations started to go
unacceptably slow.
Checking the task manager the cpu was free at 99%, but you had to wait
minutes before seeing the effect of your requests.
The logon time was very long too. After only 5 or 6 minutes you could see
your usual desktop. It was not a network problem: we tried disabling the
network interface but

we didn't regain speed. To avoid misunderstanding I want to stress I'm
complaining about having to wait minutes before seeing the effect of clicking
on the START

button in the application bar when the cpu was free and the ram was used at
20 %.
We thought it could be the consequence of a hardware failure but after we
restored the hard disk from the initial image the problem disappeared.

We are sure we install only widely used software and above all we did't
change anything immediately before the appearance of the problem.
So we are scared it can happen again and it is defitely a bad thing for the
users of those workstations.
We wonder what monitoring tools are available to analyze the problem if it
will occur again.

Thanks
Filippo
 
Filippo

How much RAM?

Try Ctrl+Alt+Delete to select Task Manager and click the Performance
Tab. Under Commit Charge what is the Total, the Limit and the Peak?

You should be able to gather more information from Task Manager. With
the Processes tab open select View, Select, Columns and check the boxes
before Peak Memory Usage and Virtual Memory size. What are the figures
for the 6 processes using the largest amounts?

Open Disk Defragmenter and click on Analyse. Select View Report and
click on Save As and Save. Now find VolumeC.txt in your My Documents
Folder and post a copy. Do this before running Disk Defragmenter as it
is more informative.

Check the System log of Event Viewer for Error Reports.

Please post copies of all Error and Warning Reports appearing in the
System log in Event Viewer for the last boot. No Information Reports or
Duplicates please. Indicate which also appear in a previous boot.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
I already wrote all useful informations task manager could give:
Cpu free at 99%
Memory used no more than 20% (400 MB of 2 GB)
Hard disk almost empty an I suppose not very fragmented due to the fact the
workstation was 15 working day old !!

The event log has gone (I recovered the o.s. from the initial image) but
only few errors were noted about the fact System account could not start the
service
D851F103-8C90-4321-AFF0-58BA5BD421C2.
 
Filippo

Your response is unhelpful as it does not provide answers to the
specific questions I asked. You are providing your interpretation of
facts rather than just giving the facts. I did not ask about CPU usage.

Restart your computer and then look in the Event Viewer System and
Application logs. Post actual copies of the Reports not bits from them.

A tip for posting copies of Error Reports! Run Event Viewer and
double click on the error you want to copy. In the window, which
appears is a button resembling two pages. Click the button and close
Event Viewer.Now start your message (email) and do a paste into the
body of the message. Make sure this is the first paste after exiting
from Event Viewer.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
It would help ME to know how to do this as I have another that it may help
to diagnose.
Derek
 
Derek

Is this what you want?

Please post copies of all Error and Warning Reports appearing in
the System and Application logs in Event Viewer for the last boot. No
Information Reports or Duplicates please. Indicate which also appear in
a previous boot.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/kb/308427/en-us

Part of the Description of the error will include a link, which you
should double click for further information. You can copy using copy
and paste. Often the link will, however, say there is no further
information.
http://go.microsoft.com/fw.link/events.asp
(Please note the hyperlink above is for illustration purposes only)

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Perhaps it is not clear but what I mean is that the hard disck was formatted
and the o.s. was reinstalled from scartch, so I cannot provide the
informations you are requesting. Before re-installing I double checked
everything and found nothing wrong in the task manager. The event log
contained some errors but they ere the same I see on other workstations which
performs well, so I thought they were not so important.
MY QUESTION is if there is a way to find out what the o.s. is waiting for
when it is doing nothing (according to task manager) and it processes windows
events only once every two minutes. I wonder if one of the sysinternals tools
can be helpful.
Do you have some tools to suggest ?

Thanks
Filippo
 
Just answer my questions. If you have formatted the hard drive and
reinstalled Windows XP all the logs etc start afresh. Provide the
answers from the system as it is now. I am not interested in what were
the problems before you reinstalled.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
Cannot understand the sense of what you are asking, anyway I will do it for
exercise and I will post the results soon.
Now the workstation performs well, so I think there will be nothing
interesting in the event log or the task manager, but I could be wrong and I
will check.

Bye
Filippo
 
As previously anticipated I checked the event log but I found no error or
warning for the last two working days. The error I hinted to in my previous
posts was about file and printer sharing which now is not enabled.
The workstation has two GB of ram and here are the task manager results:

Administrator logged:
Process Memory Virtual mem Peak mem
System Idle Process 28672 0 0
System 241664 1945600 4751360
smss.exe 409600 3915776 1232896
csrss.exe 1273856 27262976 6033408
winlogon.exe 5169152 62390272 17829888
services.exe 5664768 45916160 8110080
lsass.exe 1449984 42962944 7249920
svchost.exe 4923392 62738432 4972544
svchost.exe 4476928 39235584 4493312
svchost.exe 31145984 143056896 122761216
svchost.exe 3407872 31182848 3473408
svchost.exe 4583424 38699008 4591616
spoolsv.exe 6008832 48308224 6008832
LSSrvc.exe 2564096 24322048 2572288
NTRtScan.exe 32632832 75177984 36990976
nvsvc32.exe 3706880 26566656 4694016
TmListen.exe 10178560 64446464 10788864
OfcPfwSvc.exe 5935104 50266112 5943296
alg.exe 3624960 34242560 3624960
ZQ1C89.EXE 2744320 16736256 2752512
explorer.exe 10936320 86237184 28569600
RTHDCPL.exe 16080896 72290304 16080896
Scheduler.exe 6766592 35098624 9990144
PccNTMon.exe 4960256 36192256 4968448
ctfmon.exe 3063808 30511104 3088384
LightScribeContr.exe 7757824 39440384 7757824
IEXPLORE.EXE 20086784 80478208 20094976
taskmgr.exe 2170880 33472512 4657152
cmd.exe 884736 31064064 2748416
IEXPLORE.EXE 28323840 122253312 36528128
cscript.exe 6111232 56729600 6111232
wmiprvse.exe 5718016 40427520 5718016


User logged:

Process Memory Virtual mem Peak mem
System Idle Proc 28672 0 0
System 241664 1945600 4751360
smss.exe 409600 3915776 1232896
csrss.exe 2371584 26533888 6033408
winlogon.exe 3014656 63447040 17829888
services.exe 5672960 45916160 8110080
lsass.exe 3801088 44011520 7249920
svchost.exe 4943872 63000576 4993024
svchost.exe 4476928 39235584 4501504
svchost.exe 31371264 144613376 122761216
svchost.exe 3407872 31182848 3473408
svchost.exe 4583424 38699008 4591616
spoolsv.exe 6045696 48832512 6053888
LSSrvc.exe 2564096 24322048 2572288
NTRtScan.exe 32636928 75177984 36990976
nvsvc32.exe 3706880 26566656 4694016
TmListen.exe 10199040 65495040 10788864
OfcPfwSvc.exe 5935104 50266112 5943296
alg.exe 3624960 34242560 3633152
ZQ1C89.EXE 2744320 16736256 2752512
explorer.exe 20848640 75460608 21311488
RTHDCPL.exe 15867904 72290304 15867904
PccNTMon.exe 4956160 36192256 4964352
ctfmon.exe 3117056 30511104 3137536
LightScribeControlPanel.exe 7815168 39440384 7815168
userinit.exe 3379200 34930688 3379200
cmd.exe 2752512 31064064 2764800
cscript.exe 6139904 56729600 6139904
wmiprvse.exe 5713920 40427520 5713920

That's all folks
(Seen at the end of a cartoon)
 
Derek

All glad to be able to help.


--
Regards.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
After the restore of the O.S. the workstations worked well for a week then
the 2 minutes timeout on every action explorer wanted to do was experienced
again.
After long days of monitoring, thanks to Mark's tools it was possible to
detect the root cause. It was process svchost -rcpss ( rpc ) which got an
access denied trying to read the hkcr\clsid\some key. The workaround is to
give network service read access on all hkcr\clsid explicity, but all other
computers can work well without the need of this workaround.
Probably the problem was born when explicit write access was given to a
domain user on hkcr\clsid to let him change some configuration option of a
Gis application.
Still cannot find an explanation and cannot see a reasonable link between
what was done and the problem itself.

Any suggestion ?

Thanks again

Filippo
 
Back
Top