Who… What… Where…

There are a number of threads in the Microsoft Windows Update Newsgroup and around other well known sites regarding the infamous SVCHOST Issue!

The main issue that people are reporting is the high CPU usage from the process SVCHOST.exe, generally fluctuating between 20 and 85 percent CPU usage, in some cases using all of the CPU cycles and leaving the computer un-usable.

The cause of this is the Automatic Update service during its detection process; this is where the client PC either checks in to the local WSUS server or accesses the Windows Update site and determines which MS updates are required from the update catalogue.

All of this information is very good… I hear you say, however where is the fix!

Ok, after much web crawling and some testing, below is the method I have used for my clients which has proved sucessfull:

1. Firstly stop the Automatic Update service either through services.msc or with the command line net stop “Automatic Updates”. This will ensure the update process is as quick as possible.
2. Next apply the first of two patches; an update to the Windows Update Agent, the current version is 2.0, this patch updates it to version 3.0 which is pushed out via WSUS v3.0:
   • Windows Update Agent 3.0 – x86
   • Windows Update Agent 3.0 – x64
   • Windows Update Agent 3.0 – ia64
3. Apply the hotfix for this issue, originally stated in KB916089 and then superseded by KB927891 which provides an update for the Msi31.dll (exact name depends on operating version) with basically a more efficient detection algorithm in place:
   • Hotfix KB927891 – x86
   • Hotfix KB927891 – x64
4. Finally reboot the client PC and start the Automatic Update service if it is not set to start automatically.

This article describes how to create a service on either Windows NT, 2000 or XP (untested on Vista). The service can run any application required and can be configured as any other service on the system can.

This information has been extracted from the Microsoft article KB137890, and requires two programs that can be found in the Windows NT resource kit (or here)

• SRVANY.EXE – Allows any application to run as a service
• INSTSRV.EXE – Creates the system service

Create the service

Use the INSTSRV.EXE application to create the system service, it requires two parameters; the first is the name of the service you want to create, the second is always the path to the SRVANY.EXE application.

INSTSRV.EXE Notepad c:\SRVANY.EXE

Set the application as a service

Next edit the registry and enter the path to the application that is required to run as a service. The location is the registry depends on the name of the service that was defined above; in this case Notepad

Run regedit.exe

Navigate to HKLM\SYSTEM\CurrentControlSet\Services\Notepad

Create a new key called Parameters

Under the new key create a new string value called Application and set its value to the path of the application c:\WINDOWS\NOTEPAD.EXE

Once created this service can be managed through the services mmc to set its startup type, recovery response etc.

To make this process easier, the following code can be placed into a batch file and run (with the correct parameters) to create the service and congfiure the registry. It assumes that INSTSRV.EXE is already in a search path and that SRVANY.EXE is located in the root of the C drive.

@echo off

rem #################################
rem ## This batch file created a new system service ##
rem ## ensure the correct parameters are used       ##
rem #################################

rem Parameter 1 should be the name of the service
rem Parameter 2 should be the path to the executable

echo Creating Service
INSTSRV.EXE %1 c:\SRVANY.EXE

echo Creating Registry Keys
reg add “HKLM\SYSTEM\CurrentControlSet\Services\%1\Parameters”
reg add “HKLM\SYSTEM\CurrentControlSet\Services\%1\Parameters” /v Application /d %2

I will commonly write small batch files to automate tasks that are repetitive, due to this I find myself using the for loop a lot. Below are a few examples of when and where the for loop can be used effectively.

Looping through entries in a file

This example will take a standard text file (MyTextFile.txt) and then loop through all lines until the end of the file is reached. For each of the lines the first word (represented by %%A) will be printed out to the screen and ping’ed.

FOR /F “tokens=1″ %%A IN (C:\MyTextFile.txt) DO (

echo %%A

ping %%A

)

An example of the text file is simply:

COMPUTER01
COMPUTER02
COMPUTER03
COMPUTER04

By changing the tokens value, which word on a line that is used will change. By setting the value of tokens from 1 to 1,2 both the first and second words per line will be available via the parameters %%A and %%B. When using the following input file, within the loop %%A will be the computer name and %%B will be the IP address.

COMPUTER01 192.168.1.100
COMPUTER02 192.168.1.101
COMPUTER03 192.168.1.102

To ignore selected lines, i.e. lines that are actually comments use the eol parameter, the following for loop will ignore all lines that start with a colon:

FOR /F “tokens=1 eol=:” %%A IN (C:\MyTextFile.txt) DO (

echo %%A

)

If the input file has a number of header lines that should not be included the skip parameter should be used, for following will exclude the first 3 files of the input file:

FOR /F “tokens=1 eol=: skip=3″ %%A IN (C:\MyTextFile.txt) DO (

echo %%A

)

To override the default delimiters (space and tab) the delims parameter should be used. The following will ignore the space delimiter and instead delimiter by comma:

FOR /F “tokens=1 delims=,” %%A IN (C:\MyTextFile.txt) DO (

echo %%A

)

Cygwin is a Windows program that emulates a Linux like environment for your Windows PC, it is easy to install and provides modular approach to adding tools to the environment. The key to Cygwin working is the cygwin1.dll that gets installed, it provides a Linux API emulation layer for the applications that are specifically compiled for the Cygwin environment.

For more in-depth information into how the Cygwin application works see Cygwin

This article some key setup tips and how to configure what I find one the the most useful aspects; the SSH server with Cygwin.

Cygwin Tools in Windows Command Prompt

All of the default tools provided with Cygwin are very useful, however I did find my self trying to use Windows tools whilst in Cygwin and Linux tools whilst in Windows!

To solve this simply add the Cygwin bin folder (C:\cygwin\bin) into your Windows Path environment variable and there you go. From a command prompt you can use both the dir or ls commands depending on your mood.

Right Click on My Computer then select Properties

Choose Advanced then Environment Variables

Under System variables edit the variable Path and add the Cygwin bin folder,
i.e. ;c:\cygwin\bin

Setting-up SSH Access

When accessing you Windows PC remotely, it only supports full GUI access or unencrypted Telnet traffic. With Cygwin you can install the OpenSSH server which is an open source SSH connectivity tool supporting various well known featured including both SSH1 and SSH2 protocols.

The implementation below explains how to setup OpenSSH through Cygwin which will run a service on your Windows PC called CYGWIN sshd

Re-requisites required

When authenticating to your PC via SSH it will use the existing Windows user accounts to authenticate, the user account that you want to use must have a password set.
Ensure that Cygwin is installed along with the package called openssh

Add Environment Variables

Right Click on My Computer then select Properties

Choose Advanced then Environment Variables

Under System variables click New with the name of CYGWIN and a value of ntsec

Under System variables edit the variable Path and add the Cygwin bin folder, i.e. ;c:\cygwin\bin NB do not do this part again if you have already in the previous post.

SSH Host config

Open a Cgywin console and run command

ssh-host-config

When prompted, answer the following:

Privilege Separation answer yes

Create local user sshd answer yes

Install SSHD as a service answer yes

CYGWIN= answer ntsec

NB: The ntesc answer tells Cygwin to authenticate using the local Windows accounts

Start the SSH service to allow connections

The Windows service will default to start automatically every-time Windows starts, to start the service manually run one of the two commands

net start sshd
or
cygrunsrv –start sshd

Synchronise local Windows user information with Cygwin

Run the two commands from within Cygwin

mkpasswd –local > /etc/passwd

mkpasswd –group > /etc/group

Testing SSH Works

Use a SSH client such as PuTTy and then connect to localhost on port 22 (SSH Port)
Alternatively use the Cygwin SSH client:

cygwin# SSH user@localhost

NB: The port used by OpenSSH can be changed in the file c:\cygwin\ssh-host-config under port_number. After changing the port number you must re-start the CYGWIN sshd serivce for changes to come into effect.