WinRM load CPU 100% RRS feed

  • Question

  • I have 9 Domain Controllers 2012 (not R2) and one DC 2008R2 in one Domain. Damain has 5 sites. There are some trusted domains. All DCs are VirtualMachines on VmWare. Damain and Forest tevel - 2008R2. 

    All 2012 DCs have the same problem. WinRM load CPU on 100% and DC doesn't answer on requests, ping works, RDP try connecting but can't sign-in. The problem appear randomly (not simultaneously) on all DCs. DC 2008R2 works good.

    I dasabled WinRM on all DCs and users can works but I need WinRM.


    Monday, October 20, 2014 7:33 AM


All replies

  • Hi,

    Here is an article below about how to troubleshoot high CPU usage on a Domain Controller:

    Troubleshooting High CPU Usage on a Domain Controller


    If there are many client computers connecting to the DC when the issue occurs, please apply this hotfix below:

    High CPU usage on a Windows Server 2012-based server when many client computers connect to the server


    In addition, here is a thread below which has a similar issue, please follow Elad’s reply to see if it works for you:

    SVCHOST - DNS Client High CPU Utilization


    Best Regards,


    • Marked as answer by Amy Wang_ Tuesday, October 28, 2014 8:01 AM
    Tuesday, October 21, 2014 3:42 AM
  • We have exactly the same issue (WinRM load CPU on 100% and DC doesn't answer anymore) on all our Win2012R2 Domain Controllers.

    Latest rollup updates did not solve the issue.

    Is there a solution for this problem?

    Friday, November 28, 2014 7:27 PM
  • Hi,

    Please inform us.


    Saturday, November 29, 2014 4:59 PM
  • Hi,

    Please inform us.


    We have a Microsoft support incident 114112012068721 open.

    If we have useful info to share I let you know.

    Sunday, November 30, 2014 10:19 AM
  • Thanks again,


    Sunday, November 30, 2014 3:09 PM
  • The culprit is found and issue solved !

    Resolution: create Domain Local security group "WinRMRemoteWMIUsers__" in your AD.

    After creating the group setting up a WinRM connection to your DC or adding the DC in Server Manager on your remote mgmt server, it will just take a few seconds instead of minutes without a significant CPU increase of 100% on the DC.

    More info:

    During setup, WinRM creates the local group WinRMRemoteWMIUsers__

    WinRM then restricts remote access to any user that is not a member of either the local administration group or the WinRMRemoteWMIUsers__ group.

    WinRM was installed on a member server and the local group created - then the server was promoted and the local group was lost as it became a DC.

    Which will then cause the delay and 100% CPU because it fails to find it in the local domain and proceeds to try all the trusted domains.

    Thanks to SteveP & MarcS

    • Proposed as answer by TontonLud Thursday, January 17, 2019 9:14 AM
    Friday, December 5, 2014 11:46 PM
  • Thank you very much, D4NP4N, that did it for me!!

    Just added the Group "WinRMRemoteWMIUsers__" just somewhere in the domain and killed the svchost-Process, that hosted the WinRM. Then restarted WinRM with no issue anymore.

    You safed my life :D

    Monday, August 10, 2015 1:00 PM
  • Thanks, I had the same issue on DC on AWS cloud services.

    It solved my issue too

    Monday, June 13, 2016 5:12 PM