Tag Archives: Win8.1

Excessive CPU Use on Win8.1 Redux

The changes I made to solve the “Immersive Shell” DCOM errors did clear up the System event log. However, the high CPU usage persisted so I did more digging. I eventually found several references to problems with a Windows Backup scheduled task and its sdclt.exe process. I started Resource Monitor and saw many instances of sdclt.exe. Some were running and many more were recently terminated. There is a scheduled task that is designed to notify the user that Windows Backup has not been configured. For some reason the sdclt.exe process is repeatedly restarted and this ends up using considerable system resources.

The fix is to go to the task and disable it. The task is located in the Task Scheduler under Microsoft -> Windows -> WindowsBackup and is called ConfigNotification. Select it and disable it. Unfortunately a reboot is necessary to actually get the incessant sdclt.exe restarting to stop.

I have not found an official Microsoft acknowledgement that this is a problem nor have I seen any postulations as to why sdclt.exe is behaving in this fashion. The only common thread is that it occurs on Win8.1. Was this scheduled task introduced in Win8.1 or were there changes made to it with the Win8.1 upgrade? As far as I can tell the high CPU usage started after I installed the 2013-12-13 Windows Updates but I’ve no idea what those updates may have changed.

Regardless, I have a hunch as to what’s going on. I am one of what is certainly a very small number of people who run with User Account Control turned off. A few people turn UAC off because they don’t want to be nagged about running programs with full admin privileges. My reasons are more pragmatic. I have a home (Documents) folder that is redirected to a UNC share. I also run Visual Studio with Administrator privilege because that is the only way to enable debugging. Unfortunately folder redirection does not play nicely with UAC. This was causing all sorts of weird errors in Visual Studio. Thus I turned UAC off. There is a major Win8/Win8.1 consequence to turning UAC off: modern apps won’t run. This didn’t seem to me like much of an issue because I couldn’t stand them anyway. The reason they won’t run is they are configured to only run in a partially trusted application domain. With UAC off you can only run managed code in full trust mode. I’m guessing that the Windows Backup notification was written in partial-trust managed code. If this is the case, it certainly won’t run with UAC turned off. Apparently running the system with UAC off is not part of the Microsoft test matrix.

This brings up an old beef of mine. Why doesn’t the redirector have better support for UAC? It is a total pain that a redirection made as ordinary (limited privilege) user can’t be accessed by that same user with a full local administrator token. I’m sure there is some use case that I’m being protected against but I can’t figure out what it is since the file system ACLs will still be applied. Yeah, I know I am in the extreme minority of power users who push the system to its limits. That’s the standard argument for not accommodating corner cases.

At any rate, I’m sure glad I got the CPU usage issue sorted out. Boy I can’t wait to see what surprises are in the next round of updates!


Excessive CPU use on Windows 8.1

I upgraded my work desktop from Windows 7 to Win8 because of the new Hyper-V features. I am a software developer so it is a real asset to have the ability to run multiple virtual machines simultaneously which was not possible with Win7. I was unhappy with the new Win8 “modern” UI, so I upgraded to Win8.1 as soon as it was available. Things seemed OK for a while until I installed the last round of updates from Microsoft on 2013/12/13. My keyboard stopped working after I installed the “Keyboard and Mouse Control Center” (or whatever it was called). I had to log in remotely to uninstall that thing. Then I noticed my CPU usage creeping up unexpectedly. It finally got so bad I was rebooting every few days. I looked at the running processes and tried stopping a few that looked suspicious, but found no real relief. I decided to look into the Event Log. I saw that the System log was absolutely full of the same event.

Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 1/13/2014 9:24:44 AM
Event ID: 10016
Level: Error
The machine-default permission settings do not grant Local Activation permission
for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NT AUTHORITY\LOCAL
SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the
application container Unavailable SID (Unavailable). This security permission can
be modified using the Component Services administrative tool.

I found the CLSID in the registry and found that it was assigned to something called “Immersive Shell”. Did some searching and discovered a couple of MS articles. In a nutshell, you need to grant local Administrators ownership and full control of the CLSID key and the AppID key in the registry. Once that is done you can go to the Component Services tool, navigate to the DCOM config for the local computer, and then find the Immersive Shell object. Open its properties and under the Security tab choose to Customize the Launch and Activation Permissions. Click the Edit button, add Local Service and grant it Local Launch. Click OK, close everything and reboot. Voila, the Event Log messages stop.

I gleaned some of the above from this post: Weather Application.

I’m not certain this cured all of the excessive CPU consumption. It is still at around 25% with nothing going on other than typing into this WordPress window. I’ll post a follow up if I discover more Win8.1 CPU-eating culprits.