Windows Update Agent Service + High Memory Utilization

Are you using a network server using Labtech,
see link,
https://docs.labtechsoftware.com/kno...e/article/6504

could you also run/paste the results from this
http://go.microsoft.com/fwlink/?LinkID=52012

Roy

Hi GDP,
the article i linked states that it does cause high usage.

Roy

"LabTech Agent on Windows Server 2012 R2 shows high memory usage after Remote Session or Tunnel commands executed."

That is only after a remote session or tunnel. We dont make sure of this feature because we use something else. Also I have other workstations setup with this and the behavior is not the same.

Hi GDP,
From WU log,
compare the service ID's to a working comp, All 0's ?????

016-05-13 02:47:29:974 5656 f2c Agent * Criteria = "(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '8c3fcc84-7410-4a95-8b89-a166a0190486' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b')"
2016-05-13 02:47:29:974 5656 f2c Agent * ServiceID = {00000000-0000-0000-0000-000000000000} Third party service

Roy

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-FBCKQ-HQK9X-W7HJV
Windows Product Key Hash: Z3VHq7PXzk9HbMvXAJYG30qNv1M=
Windows Product ID: 00371-OEM-9046196-72901
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {283EC215-EF48-4E1D-B82E-E42462AB93A9}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150722-0600
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{283EC215-EF48-4E1D-B82E-E42462AB93A9}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-W7HJV</PKey><PID>00371-OEM-9046196-72901</PID><PIDType>3</PIDType><SID>S-1-5-21-822429819-420199823-2234441562</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite L55-A</Model></SYSTEM><BIOS><Manufacturer>Insyde Corp.</Manufacturer><Version>1.40</Version><SMBIOSVersion major="2" minor="7"/><Date>20140428000000.000000+000</Date></BIOS><HWID>EFF63D07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>1</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>TOSINV</OEMID><OEMTableID>TOSINV00</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: e120e868-3df2-464a-95a0-b52fa5ada4bf
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00180-461-972901-02-1033-7600.0000-0202014
Installation ID: 015226190571858764027741836225173945564755593330211994
Processor Certificate URL: SpcService Web Service
Machine Certificate URL: RacService Web Service
Use License URL: UseLicenseService Web Service
Product Key Certificate URL: PkcService Web Service
Partial Product Key: W7HJV
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 5/23/2016 10:10:02 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 3:25:2016 16:49
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAEAAAACAAAAAwABAAEAonZirI4OWPjeSoAiCowA3DLxrFp0KpZj

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC TOSINV TOSINV00
FACP TOSINV TOSINV00
DBGP TOSINV TOSINV00
HPET TOSINV TOSINV00
BOOT TOSINV TOSINV00
MCFG TOSINV TOSINV00
WDAT TOSINV TOSINV00
UEFI TOSINV TOSINV00
ASF! TOSINV TOSINV00
SLIC TOSINV TOSINV00
SSDT INSYDE CR CRB
ASPT TOSINV TOSINV00
SSDT INSYDE CR CRB
FPDT TOSINV TOSINV00
MSDM TOSINV TOSINV00
SSDT INSYDE CR CRB
SSDT INSYDE CR CRB

What does the service IDs do? Here is the output from the program as you requested. Do you have any ideas?

Hi GDP,
in my previous post i asked about the 3rd party service id,
i suspect its the licencing code you should get from Labtech.

From your Mgadiag
Processor Certificate URL: SpcService Web Service
Machine Certificate URL: RacService Web Service
Use License URL: UseLicenseService Web Service
Product Key Certificate URL: PkcService Web Service

Standard Mgadiag (mine actually)
Processor Certificate URL go.microsoft.com/fwlink/?LinkID 88338
Machine Certificate URL: go.microsoft.com/fwlink/?LinkID 88339
Use License URL: go.microsoft.com/fwlink/?LinkID 88341
Product Key Certificate URL: go.microsoft.com/fwlink/?LinkID 88340


the link ID's at the end of mine are for MS servers
those zero's in the your report are sending it to the web service
(did you check/compare on a working one)
My guess, (as i know nothing about how labtech is set up to update
it should be labtechs ID server, or your domain computer,
Its going round and round in a loop causing the high usage

Note if Labtech provided you with an MS activation key >>>DO NOT<<< post it

Roy

My processor certificate URL is the same as your. Mine says SPCservice web service but redirects to the same link you have. Same with the other certificates/urls. Could you explain some more about this please?

All labtech does is it tells the workstation to check for updates/install certain updates. It doesn't push updates or install updates.

i ran the tool again and I actually get the same output as your machine. I think for whatever reason when I copy/paste it formatted the URL into a hyperlink.