How prevent CPU usage 100% because of worker process in iis

SilverLight picture SilverLight · Feb 21, 2013 · Viewed 207.9k times · Source

My CPU usage is 100% most of the the time in Windows Server 2008-R2 with my own vps, vmware, quad core, and 4GB Ram. When I open windows Task Manager and go to the resource monitor I see that 100% usage is because of workerprocess.exe. I have 3 websites in my IIS.

  • How can I figure out which web site causes that usage
  • How can I limit it to 80% usage of CPU?
  • Could it be a DDOS attack?
  • Is there any way to prevent DDOS?

I installed eset-nod32 on my vps, but it doesn't show any attack in the logs. I've tried searching about IIS and preventing DDOS, and just found an extension for banning IP addresses, but how can I find which IP address are generating traffic?

The web site is written in ASP.NET and C#. How can I determine what is happening on that web site and which lines of codes are causing that cpu usage?

Also, one of my web sites should access administrator's desktop and read and write some files. So because of that I changed its application pool -> identity (Process Model) to local system, and I don't know if it is related with the CPU usage or not.

Answer

KyleMit picture KyleMit · Aug 4, 2015

Diagnosing

In terms of diagnosing what App Pool is causing trouble, you can:

  1. Select the server
  2. Go to IIS > Worker Processes

Server Settings

This should bring up a menu like this so you can determine which App Pool is running amok.

Worker Processes

From there you can simply restart the the app pool and 9 times out of 10 that will fix any immediate issues you're having.

Treating

Unless you run some sort of controversial business, this is probably not a DDOS attack. It's likely that some code is just hanging because it couldn't get through to another server or got stuck in a loop or mis-allocated resources or your app pool just hasn't been recycled in a while.

You can deal with this problem programmatically without having to manually identify, log in, and recycle the app pool. Just configure the CPU property on your App Pool. You can have it kill (and automatically restart) your process anytime you reach a CPU threshold for a certain amount of time.

In your case, if you want it to restart at 80%, you can right click on the app pool and go to Advanced Settings and apply the following configurations:

App Pool Advanced Settings

NOTE: As kraken101 pointed out, different IIS GUIs have treated this differently over time. While the config value is always in 1/1000 of a %, sometimes the GUI takes the whole percent.

You can add this to your config section like this:

<applicationPools>
   <add name="DefaultAppPool">
     <cpu limit="80000" action="KillW3wp" resetInterval="00:01:00" />
   </add>
</applicationPools>

Alternatively, you could script it with Powershell's WebAdministration Module like this:
(*make sure web-scripting-tools is enabled)

Import-Module WebAdministration

$appPoolName = "DefaultAppPool"
$appPool = Get-Item "IIS:\AppPools\$appPoolName"
$appPool.cpu.limit = 80000
$appPool.cpu.action = "KillW3wp"
$appPool.cpu.resetInterval = "00:01:00"
$appPool | Set-Item

Preventing

The steps above will help fix some things once they've broken, but won't really solve any underlying issues you have.

Here are some resources on doing performance monitoring: