CSA 4.5.1(657) high cpu usage on windows 2003 sp1

Unanswered Question
Feb 22nd, 2007

Hi,

We have experiancing high cpu usage on windows 2003 sp1, when somebody logs in remotely. The server has 1gb of ram and the cpu is 2ghz. The Cisco Trust Agent (1.0.55) is installed also.

When somebody logs in remotely the process okclient goes to 100% cpu and eats all the available RAM and the machine starts to swap, the pagefile has grown to 1gb. This is not all the time though, only in some cases like this one.

Could this be due to some specigic policies associated with this machine be the cause of such behaviour?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tsteger1 Thu, 02/22/2007 - 09:55

Hi Rossen,

It could be due to some @remote rule but first some questions:

What is the server function?

What groups is it in?

Does it have 2 enabled NICS?

Is it sharing anything other than admin shares?

Is it a member of AD\Domain or standalone?

Why is the CTA installed?

Why is your page file dynamic and not static and why is it only 1GB (should be 1.5x physical RAM)? Growing a page file is a slow and painful process.

You can try some things right away:

Either remove if from the groups that have @remote rules or put the server in a group with no rules\policies at all. That will tell you if it's the agent or the rules causing the problem.

Good luck!

Tom

rnaydenov Fri, 03/02/2007 - 03:41

The server function was file and print, part of domain, with two NICs

I found a bug in Cisco saying that for file servers the module in Application Classification - Untrusted content module gives that behavior, so I went ahead and removed that, so far no complaints, will report back later

TradeSecrets Thu, 03/08/2007 - 12:43

Don't use Cisco's min Ram requirement. You need 3 gigs for it to run effectly.

Also. disable unused services that take up alot of resources.

Here are a few you can shut off.

Print Spooling

Indexing services

Messenger

Telnet

help + support

Remote access Connection Manager

Routing and Remote access

Themes

Here is a few tips

++++ only turn of the service you need.

+++++++ Do not install other applications on the server

+++++++++++ Have a separate SQL server.

I usually disable the services for 3 months then later remove the services. We have a very strict harding policy.

pmccubbin Thu, 03/08/2007 - 13:28

I usually recommend 4 to 6 gigs of DRAM and that the server have dual gig processors. This allows for growth in the number of agents and for the inevitable increase in the complexity of the policies as more testing, tuning, and customization takes place.

I don't have any hard and fast numbers but my guess is that if you use an extensive amount of System State functionality you'll probably need all the horsepower you can get on the Management Console, not to mention on the end user machines.

The above suggestion about disabling services is a good idea, too.

Actions

This Discussion