RSA Security Technical Support for a resolution

  • Thread starter Thread starter KristinaBellyDancer
  • Start date Start date
K

KristinaBellyDancer

In Windows Task when Manager, the CPU's often read at
100% when I even have only 3 programs running (only one
of which is internet related; i.e. MSN internet/email.
Under SVCHost the usuage reads 70%; In searching for
help on Microsoft, I found the following info but don't
know what to do with the info and rather than mess around
on my own, I am contacting this newsgroup. Is anyone
familiar with this? Thank you. The info is as follows:

"Svchost Consumes a Lot of CPU Resources
Applies To
This article was previously published under Q324139
SYMPTOMS
After running correctly for some time, Svchost may start
to consume a lot of memory, and may cause CPU usage to
climb to 100 percent. When this occurs, you may receive
no response when you press CTRL+ALT+DELETE at the
console. Existing users remain connected to the server,
but new users cannot connect.
CAUSE
This problem seems to be related to a tight loop in
Sdras.dll, which is part of the RSA ACE Agent software.
RESOLUTION
To resolve this issue, contact RSA Security Technical
Support for a resolution.
MORE INFORMATION
The third-party products that are discussed in this
article are manufactured by companies that are
independent of Microsoft. Microsoft makes no warranty,
implied or otherwise, regarding the performance or
reliability of these products.

The information in this article applies to:
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Last Reviewed: 10/30/2003 (2.0)
Keywords: kb3rdparty kbprb KB324139 "
 
I have a labtop computer along with windows xp that i
bought with it. This morning, the computer refused to
accept my password which is my last family name. That
resulted no usage of the computer to day. I know that I
did not forget my password and I truly don't know why this
computer don't accept my password. Please help
 
There are usually several different instances of svchost running with lots
of services in some of them. It's hard to guess what's hogging the CPU.

The best advice I can offer is to make sure you have all of the most recent
fixes from Windows Update.

If you feel like doing a little sleuthing, you can see which instance of
svchost is the CPU hog (look for its PID). Then you see which services are
running in it ("tasklist /svc" at the cmd console). With any luck, it will
be one of the less-populated instances. Once you know which services could
be the guilty ones, you could try stopping or pausing the services one at a
time. WARNING: Messing with those services is probably a bad idea unless
you know what they do and what depends on them.
Anyway, if you can get more info and post it, someone here might be better
able to explain what's happening on your machine.
 
"KristinaBellyDancer" queried the Listocracy:
In Windows Task when Manager, the CPU's often read at
100% when I even have only 3 programs running (only one
of which is internet related; i.e. MSN internet/email.
Under SVCHost the usuage reads 70%;
Click to expand...

XP, like any modern OS, has a lot of services (ie. programs) running
in the background, performing functions which may have nothing to do with
the current user or the programs he/she is running. Some of those services
are stand-alone programs, some as packaged as libraries of functions (DLLs),
which require a copy of Svchost (Services Host) to execute them.

As I type this, my XP box is running five Svchost processes, several
hosting one or two DLLs, others a dozen or so. As Drew Cooper suggested, you
can see what services Svchost programs are supporting by typing
"tasklist/svc" at the XP command line, or by delving into the Control Panel,
Administrative Tools, to see the list of running services. I don't,
unfortunately, know how (or if) you can determine which services are drawing
down the CPU cycles, but maybe someone else does?

The Dancer also located a Microsoft KnowledgeBase article (KB
324139) which described similar symptoms -- high CPU usage, high SVChost
burden -- and linked them to a software conflict between the RSA ACE/Agent
that was distributed on the original Windows 2000 CD and the Win2k RRAS
server. Asked the Dancer:
Is anyone familiar with this?
Click to expand...

Yup. Not a likely cause of your problem. As a sometime consultant
to RSA, I'm familiar with the software conflict that this particular
KnowledgeBase article refers to. AFAIK, that problem only popped up when an
old version (v.1.1) of RSA's ACE/Agent for Windows was running on the same
box with an active Win2K RRAS server.

If that *were* your problem, the fix would be quick, obvious, and
free -- download RSA's latest and greatest ACE/Agent (v. 5.5) from the RSA
website and upgrade! Would that life were so simple, huh?

(For those unfamiliar with nomenclature: RSA's SecurID architecture
requires an ACE/Agent, or a similar proxy, embedded in some accessible IT
resource that can demand and enforce an authentication check -- an
application server, webserver, firewall, RRAS, whatever -- to grab every
incoming authentication call and flip them to the stand-alone authentication
server, what RSA calls an ACE/Server.

(A SecurID is a small hand-held personal authenticator, a token that
continuously generates a series of 6-8 digit one-time passwords, and
displays a new one every 60 seconds. A user submits oth a SecurID
token-code, and a user-memorized PIN, so the ACE/Server will receive two
[out of three] independent factors required in any "strong authentication"
standard: something held and something known.


Suerte,
_Vin


* Vin McLellan + The Privacy Guild + <[email protected]> *
 
How to determine which service is the CPU hog - 3 main ways (off the top of
my head), none of which are ideal:
- Experiment with pausing or stopping services in the offending service
host.
- If this is a reproducible problem, it's possible to run each service in
its own service host. This involves a registry edit and using sc to config,
stop, and then restart each service.
- Using some kind of tracing tool that injects itself into the process or
using a debugger to track the service that's making the calls that take so
long.

Unfortunately none of those are for the faint of heart. And all of them
change the system state in some way, so the problem might disappear.
--
Drew Cooper [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.


Vin McLellan said:
"KristinaBellyDancer" queried the Listocracy:
In Windows Task when Manager, the CPU's often read at
100% when I even have only 3 programs running (only one
of which is internet related; i.e. MSN internet/email.
Under SVCHost the usuage reads 70%;
Click to expand...

XP, like any modern OS, has a lot of services (ie. programs) running
in the background, performing functions which may have nothing to do with
the current user or the programs he/she is running. Some of those services
are stand-alone programs, some as packaged as libraries of functions (DLLs),
which require a copy of Svchost (Services Host) to execute them.

As I type this, my XP box is running five Svchost processes, several
hosting one or two DLLs, others a dozen or so. As Drew Cooper suggested, you
can see what services Svchost programs are supporting by typing
"tasklist/svc" at the XP command line, or by delving into the Control Panel,
Administrative Tools, to see the list of running services. I don't,
unfortunately, know how (or if) you can determine which services are drawing
down the CPU cycles, but maybe someone else does?

The Dancer also located a Microsoft KnowledgeBase article (KB
324139) which described similar symptoms -- high CPU usage, high SVChost
burden -- and linked them to a software conflict between the RSA ACE/Agent
that was distributed on the original Windows 2000 CD and the Win2k RRAS
server. Asked the Dancer:
Is anyone familiar with this?
Click to expand...

Yup. Not a likely cause of your problem. As a sometime consultant
to RSA, I'm familiar with the software conflict that this particular
KnowledgeBase article refers to. AFAIK, that problem only popped up when an
old version (v.1.1) of RSA's ACE/Agent for Windows was running on the same
box with an active Win2K RRAS server.

If that *were* your problem, the fix would be quick, obvious, and
free -- download RSA's latest and greatest ACE/Agent (v. 5.5) from the RSA
website and upgrade! Would that life were so simple, huh?

(For those unfamiliar with nomenclature: RSA's SecurID architecture
requires an ACE/Agent, or a similar proxy, embedded in some accessible IT
resource that can demand and enforce an authentication check -- an
application server, webserver, firewall, RRAS, whatever -- to grab every
incoming authentication call and flip them to the stand-alone authentication
server, what RSA calls an ACE/Server.

(A SecurID is a small hand-held personal authenticator, a token that
continuously generates a series of 6-8 digit one-time passwords, and
displays a new one every 60 seconds. A user submits oth a SecurID
token-code, and a user-memorized PIN, so the ACE/Server will receive two
[out of three] independent factors required in any "strong authentication"
standard: something held and something known.


Suerte,
_Vin


* Vin McLellan + The Privacy Guild + <[email protected]> *
Click to expand...
 
Back
Top