关于Windows Server 远程卡死/黑屏问题排查记录

关于Windows Server 远程卡死/黑屏问题排查记录

首先描述该问题的场景和遇到的症状

问题场景:

远程访问Windows server 2016 远程用户数同时在线数量至少在30+

问题现象:

已经成功远程登陆服务器用户操作卡顿VM 后台查看该主机CPU 资源消耗持续高位VM 后台本地登录黑屏新的远程登录请求可以完成, 但是进入用户桌面黑屏

问题排查:

微软通过dump 日志分析发现本地服务wlidsvc (Microsoft Account Sign-in Assistant)等待了太长时间, 可能是由于某些外接设备导致了这个服务的请求异常, 所以暂时先把该服务禁用即可, 关于wlidsvc 服务简单描述可参考​​链接​​:

# Child-SP Return Call Site Info0 ffff8681d3434750 fffff80246cf415d nt!KiSwapContext+0x76 1 ffff8681d3434890 fffff80246cf3bff nt!KiSwapThread+0x17d 2 ffff8681d3434940 fffff80246cf59d7 nt!KiCommitThreadWait+0x14f 3 ffff8681d34349e0 fffff80247082518 nt!KeWaitForSingleObject+0x377 4 ffff8681d3434a90 fffff80246df4103 nt!NtWaitForSingleObject+0xf8 5 ffff8681d3434b00 00007ff9fba65cf4 nt!KiSystemServiceCopyEnd+0x13 6 0000005f42d7d018 00007ff9f80c4daf ntdll!ZwWaitForSingleObject+0x14 7 0000005f42d7d020 00007ff9f4171017 KERNELBASE!WaitForSingleObjectEx+0x8f8 0000005f42d7d0c0 00007ff9f4171df8 WINHTTP!HTTP_USER_REQUEST::_HandleSyncPending+0x5b9 0000005f42d7d140 00007ff9f4173f0d WINHTTP!HTTP_USER_REQUEST::SendRequest+0x618a 0000005f42d7d1e0 00007ff9e8a6dbc0 WINHTTP!WinHttpSendRequest+0x77d b 0000005f42d7d360 00007ff9e8a6d419 wlidsvc!ServiceWinApi::WinHttpSendRequest+0x40c 0000005f42d7d3b0 00007ff9e8a6bf72 wlidsvc!CProxyHandler::SendReceiveWithProxyFailOver+0x109d 0000005f42d7d460 00007ff9e8a6c2a5 wlidsvc!CTransport::SendImplementation+0x922e 0000005f42d7d670 00007ff9e8a6c790 wlidsvc!CTransport::SendInternalHelper+0x291f 0000005f42d7da50 00007ff9e8a6ca1c wlidsvc!CTransport::SendInternal+0xdc10 0000005f42d7db20 00007ff9e8b4a95b wlidsvc!CTransport::SendRequest+0x14811 0000005f42d7dc80 00007ff9e8b51afe wlidsvc!CManagementBaseRequest::Send+0xa712 0000005f42d7dd60 00007ff9e8b7b569 wlidsvc!CSingleIdentity::ProvisionIdentity+0xf213 0000005f42d7de90 00007ff9e8b6480d wlidsvc!CDeviceIdentityBase::Provision+0x1f914 0000005f42d7e0b0 00007ff9e8b660e9 wlidsvc!DeviceIdHelpers::CreateNewDeviceIdentity+0x46d15 0000005f42d7e300 00007ff9e8aec529 wlidsvc!DeviceIdHelpers::ProvisionDeviceId+0x15516 0000005f42d7e3e0 00007ff9e8b12c0f wlidsvc!DeviceIdHelpers::RetrieveDeviceID+0x52f7517 0000005f42d7e620 00007ff9e8aea211 wlidsvc!GetDeviceIdInternal+0x1b718 0000005f42d7e7d0 00007ff9e8a65bc6 wlidsvc!CIdentityStore::GetNewIdentityHandle+0x53c5519 0000005f42d7e9d0 00007ff9e8a653bf wlidsvc!HandleCreateContext+0x1761a 0000005f42d7eae0 00007ff9f93aa593 wlidsvc!WLIDCreateContext+0xaf 1b 0000005f42d7eb70 00007ff9f9352b4b RPCRT4!Invoke+0x73 1c 0000005f42d7ebe0 00007ff9f93953fa RPCRT4!NdrStubCall2+0x46b 1d 0000005f42d7f270 00007ff9f937a274 RPCRT4!NdrServerCall2+0x1a 1e 0000005f42d7f2a0 00007ff9f937918d RPCRT4!DispatchToStubInCNoAvrf+0x241f 0000005f42d7f2f0 00007ff9f9379a3b RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x1bd20 0000005f42d7f3c0 00007ff9f93610ac RPCRT4!RPC_INTERFACE::DispatchToStub+0xcb21 (Inline) ---------------- RPCRT4!LRPC_SBINDING::DispatchToStub+0x1d522 0000005f42d7f420 00007ff9f936152c RPCRT4!LRPC_SCALL::DispatchRequest+0x34c23 (Inline) ---------------- RPCRT4!LRPC_SCALL::QueueOrDispatchCall+0x3724 0000005f42d7f500 00007ff9f934ae1c RPCRT4!LRPC_SCALL::HandleRequest+0x2bc Request from explorer.exe (ffffd685ef0003c0) PID: 0x6f38 TID: 0x19e425 (Inline) ---------------- RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x1f526 0000005f42d7f620 00007ff9f934c67b RPCRT4!LRPC_ADDRESS::HandleRequest+0x36c27 0000005f42d7f6d0 00007ff9f9373a2a RPCRT4!LRPC_ADDRESS::ProcessIO+0x91b28 (Inline) ---------------- RPCRT4!LrpcServerIoHandler+0x18 29 0000005f42d7f810 00007ff9fb9dd34e RPCRT4!LrpcIoComplete+0xaa 2a 0000005f42d7f8b0 00007ff9fb9decb9 ntdll!TppAlpcpExecuteCallback+0x25e2b 0000005f42d7f960 00007ff9f96a84d4 ntdll!TppWorkerThread+0x8d9 2c 0000005f42d7fd60 00007ff9fba11781 KERNEL32!BaseThreadInitThunk+0x142d 0000005f42d7fd90 0000000000000000 ntdll!RtlUserThreadStart+0x21 This thread has been waiting 36m:53.984 on a usermode request

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。