XP slowdowns and network problems
What causes this?:
XP SP2 system abruptly slows down. Initiating outbound network
connections no longer connects, although pre-existing connections remain
functional -- rendering every internet-using app largely nonfunctional.
Task manager shows a svchost.exe (one of six, and one of two belonging
to NETWORK SERVICES) using 100% of a 1.5GHz CPU(!) and event viewer
shows an ESENT 100, 101, 102, or 103 message from about the time the
problem started which says something about "wuauclt", "wuaueng.dll", or
something similar having started or stopped a database or an "instance"
(of what, it doesn't say). After several MINUTES (despite the
aforementioned 1.5GHz CPU and a commit charge well below the 1GB
*physical* RAM in the machine) the symptoms (slowdown and network
problems) go away, Task Manager shows the svchosts behaving themselves
and not using much CPU, and the event log shows a second ESENT event
associated with one Windows Update component or another.
I suppose this is it checking for updates? But I doubt that's supposed
to pre-empt all other apps' ability to open new network connections or
saturate a reasonably fast CPU for several entire minutes...
The event log for the category "Application" shows almost nothing but
quadruplets of ESENT events, with the event numbers 102, 100, 101, and
103, respectively; the first two have identical time stamps and the next
two have identical time stamps a little over five minutes afterward; the
timings of these groups seem to be random aside from being spaced hours
apart. (The most recent gaps as of this writing are 3, 6.5, 7.5, and
then 1.5 hours, roughly.)
Here's the last few incidents (slightly abridged):
Information 31/03/2005 5:08:27 PM ESENT General 103
Information 31/03/2005 5:08:27 PM ESENT General 101
Information 31/03/2005 5:03:26 PM ESENT General 100
Information 31/03/2005 5:03:26 PM ESENT General 102
Information 31/03/2005 3:21:17 PM ESENT General 103
Information 31/03/2005 3:21:17 PM ESENT General 101
Information 31/03/2005 3:16:06 PM ESENT General 100
Information 31/03/2005 3:16:06 PM ESENT General 102
Information 31/03/2005 7:45:45 AM ESENT General 103
Information 31/03/2005 7:45:45 AM ESENT General 101
Information 31/03/2005 7:40:43 AM ESENT General 100
Information 31/03/2005 7:40:43 AM ESENT General 102
Information 31/03/2005 1:13:56 AM ESENT General 103
Information 31/03/2005 1:13:56 AM ESENT General 101
Information 31/03/2005 1:08:48 AM ESENT General 100
Information 31/03/2005 1:08:48 AM ESENT General 102
Information 30/03/2005 10:04:31 PM ESENT General 103
Information 30/03/2005 10:04:31 PM ESENT General 101
Information 30/03/2005 9:59:31 PM ESENT General 100
Information 30/03/2005 9:59:31 PM ESENT General 102
All the 102 events say "wuaueng.dll (3632) SUS20ClientDataStore: The
database engine started a new instance (0).", differing only in the
first parenthesized number. All the 100 events say "wuauclt (3632) The
database engine 5.01.2600.2180 started." (The parenthesized number is
the same as the first parenthesized number in the immediately preceding
102 event.) The 101 events say "wuauclt (3632) The database engine
stopped." and the 103 events say "wuaueng.dll (3632)
SUS20ClientDataStore: The database engine stopped the instance (0)."
(same number again). To clarify: all four in a given cluster have the
same number in parentheses (ignoring the "(0)"s in the first and last of
each cluster, at the end). Each cluster has a different number there
however. Everything else is completely constant.
Web researching this issue draws a blank, except that the frequent
appearances of these event groups in the event log apparently is normal.
On the other hand, a massive system slowdown and most network apps
turning into pumpkins for the five minutes between the first pair and
the second pair of each quad is patently *not* normal.
The Services control panel does not show anything unusual happening
during these incidents. No services start or stop, nor does anything
else change, in the services monitor. (I paid particular attention to
the network services, RPC and DNS, but I'm pretty sure none of them do
anything visible in that control panel.) Most Web hits for people with
problems involving a svchost process using 100% CPU have the problem
turn out to be a service starting or stopping. The funny thing is,
although the services panel doesn't show anything of the sort happening
in my case, the event viewer *does* -- databases starting and stopping,
apparently. Yet these same databases apparently do so on most (all?) XP
machines without causing the symptoms I am experiencing.
What the **** is going on?
Palladium? Trusted Computing? DRM? Microsoft? Sauron.
"One ring to rule them all, one ring to find them
One ring to bring them all, and in the darkness bind them."