How to Spike CPU to 100% in Windows

1)     Open Notepad

2)    Type below commands and save the file as loop.vbs

While True

Wend

3)    Now run that vbs file 4 times to reach 100 % CPU usage.

4)    Once done, kill the script process in task manager.

WPR/Xperf - Steps to collect logs

 Collect X-perf logs : 

Please capture traces while the issue is happening. Please note, we would need time stamp and details of what was done while capture of trace. Also, a PSR while the trace is being captured or a recording of screen with a running Timer could be captured.

WPR capture should be started once the issue is observed, please run it for 3 – 5 minutes and stop.

X-perf is an intensive tool and collect huge amount of data. So, collecting it continuously for a long duration would cause performance issues on the machine so I don’t recommend running it more than 2-3 minutes.

If needed, you can run it for few minutes, stop it if the issue not reproduced/ or reoccurs, wait for some time and try another attempt. Follow this until you capture the trace covering the issue.

Important Note: While collecting data for performance issues, we need a detailed and clear description that explains what exactly we should analyze or which delay is noticed in the situation and when?

1.What were the symptoms observed during the time of capture of Xperf for the issue?

2.Any abnormal machine behavior observed, or alerts generated on or during the issue?

3.What components were slow?

4.For how long were the observed components slow?

5.How did the system recover?

 We need this detail with the .etl file to backtrace the issue.

=> Here is an example of collecting the details: Starting X-perf trace with Windows Performance Toolkit at the time of issue and describe what is the slowness that have been noticed with time stamps, example below:

13:48:10 X-perf started.

13:49:17 Tried opening notepad by typing notepad.exe from run

13:59:55 Notepad opened ~10 sec delay (you can note down any other component which is facing slowness)

PID of the notepad instance is 12345

 Collect X-perf logs

1.     Download the latest version of the Windows Performance Tools Kit from the link below.

Download and install the Windows ADK | Microsoft Docs . 

1.     Create an elevated command prompt window.

a.    Navigate to the Start menu, then All Programs, then Accessories.

b.    Find the Command Prompt entry in Accessories.

c.     Right mouse click on the Command Prompt item and select “Run as administrator”.

2.     In the new command prompt window, Change the path to point to the folder containing xperf.exe. Type in the following command line : 

o   cd C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit

·        Xperf -on Latency+DISPATCHER -stackWalk CSwitch+ReadyThread+ThreadCreate+Profile -BufferSize 64 -MaxBuffers 1024 -MaxFile 1024 -FileMode Circular

 After 2- 3 minutes, please run:

 ·       Xperf -d WaitAnalysis.etl  

 The trace file (.etl file) should be available in the same folder where the executable is present for further investigation.

 

Steps to collect Perfmon logs

 Collect Perfmon logs

 In order to troubleshoot the issue we need to capture a Performance Monitor log.

·    Click on Start

·         In the start/search/run box, type  "CMD.exe" w/o the quotation marks and then press Enter.

·         Copy and paste the following commands into the command prompt window:

 

Logman.exe create counter PerfLog-Long -o "c:\perflogs\\%computername%_PerfLog-Long.blg" -f bincirc -v mmddhhmm -max 500 -c "\LogicalDisk(*)\*" "\Memory\*" "\Cache\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\PhysicalDisk(*)\*" "\Processor(*)\*" "\Processor Information(*)\*" "\Process(*)\*" "\Redirector\*" "\Server\*" "\System\*" "\Server Work Queues(*)\*" "\Terminal Services\*" -si 00:00:30

 

Logman.exe create counter PerfLog-Short -o "c:\perflogs\\%computername%_PerfLog-Short.blg" -f bincirc -v mmddhhmm -max 500 -c "\LogicalDisk(*)\*" "\Memory\*" "\Cache\*" "\Network Interface(*)\*" "\Paging File(*)\*" "\PhysicalDisk(*)\*" "\Processor(*)\*" "\Processor Information(*)\*" "\Process(*)\*" "\Redirector\*" "\Server\*" "\System\*" "\Server Work Queues(*)\*" "\Terminal Services\*" -si 00:00:01

 

·        Start the logs with the following commands:

Logman.exe start PerfLog-Long

Logman.exe start PerfLog-Short

 

·        Please stop the performance logs with the following commands:

Logman.exe stop PerfLog-Long

Logman.exe stop PerfLog-Short

 

Share the logs with me for analysis.: (C:\perflogs)

Note: Please make sure that we keep this tool running till the time the issue is reproduced and then upload the logs. These performance logs will need to be started again if the machine is rebooted as they do not automatically restart on boot.

How to configure complete memory Dump, also how to crash using keyboard

 Complete memory dump:

Please make sure that the machine is setup to get a complete memory dump: 

1) In Control Panel...double click the System Applet

2) Select the Advanced tab

3) Click the "Startup and Recovery" button

4) Under the "Write Debugging Information" section select:

"Complete Memory Dump" from the pulldown menu

If you don’t have complete memory dump option available in the list then please change the registry entry as below.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl

CrashDumpEnabled REG_DWORD 0x1 = Complete memory dump

5) Make sure a check mark is placed on:

"Overwrite any existing file"

6) Make sure you uncheck the options: Send an administrative alert and Automatically restart

7) Disable the option “Automatic Server Recovery (ASR)” feature in BIOS settings

8) Make sure that there is a paging file (pagefile.sys) on the System Drive and that it is at least 200MB more than the total RAM size (please have the initial and maximum size for pagefile set to same size and reboot).

9) Make sure you have enough space available on C:\ to accommodate Paging File size and Memory Dump. Else, change to location to another LOCAL drive where we have enough space. This can be done by specifying the dump location under System Properties – Advanced – Startup and Recovery Settings – “Dump File”

Second, configure the system to dump memory:

 

Option 1:

With PS/2 keyboards ATTACHED DIRECTLY TO THE SERVER (WITHOUT KVM), you must enable the keyboard-initiated crash in the registry. In the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters, create a value named CrashOnCtrlScroll , and set it equal to a REG_DWORD value of 0x01.

  

Option 2:

With USB keyboards, you must enable the keyboard-initiated crash in the registry. In the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters, create a value named CrashOnCtrlScroll, and set it equal to a REG_DWORD value of 0x01.

 

Steps to configure the system to crash using keyboard (for keyboard which does not have Scroll Lock Key):

================================================

Open registry and navigate to registry location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt

Note: If keyboard type is USB, then navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdhid

 

Create a registry key under this called CrashDump

Select HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\CrashDump

(or HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdhid\CrashDump if keyboard type is USB)

Create following entries

Name: Dump1Keys

Data: REG_DWORD

Value: 20 (hexa decimal) (this is for Left CTRL Key in place of right CTRL key)

Name: Dump2Key

Data: REG_DWORD

Value: 3d (Hexadecimal)( this is for Space Bar in place of scroll lock)

 Once we configure this we need to restart the machine to apply the changes. (unplug and plug back in if the Keyboard is USB)

To trigger the system crash with above configurations, hold down Left CTRL key and press Space Bar key two times.

The system will bugcheck with following code.

       *** STOP: 0x000000E2 (0x00000000,0x00000000,0x00000000,0x00000000)

If the system is configured for memory dump, memory.dmp will be generated with Bugcheck code E2 as above.

UXtrace - how to collect UXtrace with Procmon

 UXTrace:

Download UXTrace

 

1. Login using a affected user account and check if issue reproduces. If yes, then follow the below steps to capture logs.
2. Download the Procmon tool from this hyper link and extract it to a C:\Temp folder.
3. Download the UXTrace powershell script file from the file transfer link and place the UXTrace.ps1 file in the same C:\Temp folder.
4. Open Powershell as admin from Taskmanager.
5. Navigate to C:\Temp folder.
6. Run the below command to start tracing:

 .\UXTrace.ps1 -Start -AppX -Shell -COM -Procmon -ProcmonPath C:\temp

 

If you get any error that script cannot be run and permissions required. Then to grant the trace permissions to run below Powershell command

Set-ExecutionPolicy Bypass

 Type Y for yes

 Then run the above Powershell command for script again.

 

7. You will the prompt to start reproducing the issue.
8. From here, left click on the Start menu, Action center date/time, Right click on taskbar, action center 2 times each with 2 seconds interval in between.
9. Now, Go back to the Powershell window where script is executing.
10. Press "Enter" to stop the log capture.
11. The script will now start saving the logs. It will take 10 mins.
12. The logs will be saved on Desktop with the name MSLOGS folder.
13. Compress the folder to zip for further analysis.

Procdump - How to collect dumps of any process

There are different ways to collect procudmp depending upon scenario.

In case the system is freezed and you want to collect dump of a specific process, for example explorer.exe: 

• Download Procdump first only from below link
• https://learn.microsoft.com/en-us/sysinternals/downloads/procdump
• Extract it to C:\Temp before the issue repro.
• When the issue occurs, follow the below steps to trigger dump of Explorer process
• Send Ctrl+AltDel and click on Task manager
• In Task manager > File > Run new task > CMD (Check run as admin) > Navigate to C:\temp using CD C:\temp
• Type below command and enter. Right-click on Task bar and enter.
• Procdump.exe -ma -s 3 -n 5 Explorer.exe
•  It will generate complete dump of explorer exe 

______________________

 

1. Run the procdump (Download from: https://docs.microsoft.com/en-gb/sysinternals/downloads/procdump)  with following parameter. Make sure you run it from the directory where you have copied the procdump.exe and also open the command prompt as an “Administrator”
2. command will look like following:

procdump –ma <PID of worker process(w3wp.exe)> -C 60 -s 5 -n 3

• c is CPU usage (in this case 60%)
• s is the time it stays high (in this example 5 seconds)
• n is number of dumps (in this example 3)

 Therefore, this command simply means If CPU consumption is 60% (or more) for 5 seconds (or more), then capture 3 Full user dumps 

3. The dump file will be created in the same location as procdump.exe

How to find Activation Key in Windows OS

There are 3 easy ways to find the Activation Key in Windows.

 1) Open CMD as Administrator > Type below command:

wmic path softwareLicensingService get OA3xOriginalProductKey

2) Open Powershell as administrator > Type below command:

powershell "(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey"

3) Open registry and go to this path:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform