WMI + "System Idle Process" eating up CPU causing it to go to 100% when running.

Well, we have a server, running Windows.


We have noticed that for some time, our dedicated servers CPU has been using up in the area of 95% to 100% usage on both "System Idle Process" and "WMI" or "Windows Management Instrumentation".  Oddly, when I disable or stop/pause) WMI, the CPU use drops to around 10% - this is with some 200 game servers running on it at the same time I might add and appears to be more normal - considering we have 8 cores and 16 threads!  We also had a lag issue that seems to have been caused by two Trojans and a pair of PUAs ("Potentially Unwanted Apps") that we found and removed using AVG Business on a free trial (I plan to register it moving forward for our protection).  The screenshot below shows that the "System Idle Process is eating CPU cycles!




I have been in communication with our hosts for a few days now trying to resolve this matter and so far, we have managed to eliminate 2 of our three issues.  We still have the high CPU issue which appears to be caused by WMI and "System Idle Process".


I also found that Internet Explorer had some sort of proxy configured, which I have now removed and asked it to "auto detect" settings and now that is working as well.


I have done a lot of research that in total over the last two days, I have spent a total 21 hours trying to work out what is going on, and although I did find two issues which I have managed to resolve, I am still at a loss as to what could be causing the WMI high CPU use on our dedicated server.  I have tried everything I can think of!


Our server specs listed below for reference...


Intel Xeon E5530 x 2 (yes, I do mean a pair of pysical CPU's) with 4 cores and 8 threads on each

72GB DDR3 1333MHz (18 x 4GB)

120GB SSD (running Windows only)

Three 2TB drives one is a WD Black with 64MB cache and 7200rpm that is "hosting" all of our game servers only although I may have to get a second smaller drive when we start hosting ArmA servers for =DN=.  A second WD Black and a Toshiba.

1Gbps port


What else you need to know?


I have tried everything I can think of to resolve this and have got nowhere but more frustrated and annoyed with it refusing to stop eating up CPU cycles.  It causes some major lag in our game servers and even causes people to be kicked because of this one issue.  I don't know what I am missing, can anyone help me out here?  I am a wits end!


Let me know if you need further information...


Thanks again...

System Idle Process is nothing to be concerned about. To quote the top google result: 



"Idle" means "not doing anything." When the "System Idle Process" is at 100%, that means nothing is using your CPU resources.


WMI is a service that is used by other processes. If it's hogging your system some other process probably isn't working well with it. You could either install something like CCleaner and use it's startup tool to eliminate basically all startup processes, and then manually start programs until it triggers the program. Or just boot into safe mode and do the same thing from there. Start services and programs until something triggers the problem and then you'll have your culprit.

Kavawuvi: one of these days these glutes are gonna squawk all over you

Booting in to safe mode is an absolute no no!  The server is thousands of miles away in another country and it would be silly to travel there when I cant get access anyway.


I have emailed our hosts with a full breakdown of what is happening to see what they can do since they are actually there in the data centre where our server is located.


Lets see what they say...


Thanks for your suggestion Sunstriker7, I cannot get to the server to do what you are suggesting...  Sorry.

I'm not sure if they would be totally willing to help you in this case. There is the high likelihood the source of the problem falls outside of the things that they are responsible for, and so they have every justification to tell you they won't help you and for you to figure it out yourself. Of course there is still no harm in trying though.


What I would do is to still attempt to resolve the problem on my own. Something to keep in mind is that computers don't often break all by themselves. Try thinking of every change you made to your system around the time the problem first occurred. Did you install something? Uninstall something? Delete a bunch of stuff? Fiddle with some settings? Odds are that one of those changes that were made is the source of this problem. Restoring a backup from a time before this problem occurred could also prove useful, if one exists. Then as you reinstall programs that were lost, take note of the order that you install them in and pay careful attention to any odd behavior the system makes afterwards. That could identity the culprit.


The last thing I would recommend is just having your server fully reinstalled and start over. If it's only a host for dedicated gaming servers, it's probably not going to take that much time set back up again. And again, as you set it up, take note of the changes you make to the system.


I'm pretty positive the issue is some process not handling it's WMI calls very well. It's possible to find out what that process is, but I'll let you do the research on how to find that out if you really want to go that far.

Kavawuvi: one of these days these glutes are gonna squawk all over you

Is your server hosted on bare metal or a VM? If it's a VM you should have the capability to connect to the guest remotely and control the startup/shutdown depending on how the host has their hypervisor set up. (ie, connecting to Virtual Box on 3389 (RDP) via Remote Desktop)


If it's bare metal you will NOT be able to start into Safe Mode (Networking) and connect remotely since it does not start up the Remote Desktop Services service on boot. This would require physical intervention and manual start of the Remote Desktop Services service on the Windows Server.


In relation to your WMI query. It's not the most efficient way of seeing what's causing the WMI bottleneck, but it'll definitely pinpoint the source. It may be a poorly coded game server/netcode trying to talk with the NIC driver on the OS, it could be a virus, it could be any number of things.


Edit: You can also find these things under Event Viewer and filtering for WMI Provider Host Warnings, Errors and Criticals. These should be more human-readable.

Grumpy UNIX and Cloud Administrator | 90's Boomer

