首先描述该问题的场景和遇到的症状
问题场景:
- 远程访问Windows server 2016
- 远程用户数同时在线数量至少在30+
问题现象:
- 已经成功远程登陆服务器用户操作卡顿
- VM 后台查看该主机CPU 资源消耗持续高位
- VM 后台本地登录黑屏
- 新的远程登录请求可以完成, 但是进入用户桌面黑屏
问题排查:
微软通过dump 日志分析发现本地服务wlidsvc (Microsoft Account Sign-in Assistant)等待了太长时间, 可能是由于某些外接设备导致了这个服务的请求异常, 所以暂时先把该服务禁用即可, 关于wlidsvc 服务简单描述可参考链接:
# Child-SP Return Call Site Info
0 ffff8681d3434750 fffff80246cf415d nt!KiSwapContext+0x76
1 ffff8681d3434890 fffff80246cf3bff nt!KiSwapThread+0x17d
2 ffff8681d3434940 fffff80246cf59d7 nt!KiCommitThreadWait+0x14f
3 ffff8681d34349e0 fffff80247082518 nt!KeWaitForSingleObject+0x377
4 ffff8681d3434a90 fffff80246df4103 nt!NtWaitForSingleObject+0xf8
5 ffff8681d3434b00 00007ff9fba65cf4 nt!KiSystemServiceCopyEnd+0x13
6 0000005f42d7d018 00007ff9f80c4daf ntdll!ZwWaitForSingleObject+0x14
7 0000005f42d7d020 00007ff9f4171017 KERNELBASE!WaitForSingleObjectEx+0x8f
8 0000005f42d7d0c0 00007ff9f4171df8 WINHTTP!HTTP_USER_REQUEST::_HandleSyncPending+0x5b
9 0000005f42d7d140 00007ff9f4173f0d WINHTTP!HTTP_USER_REQUEST::SendRequest+0x618
a 0000005f42d7d1e0 00007ff9e8a6dbc0 WINHTTP!WinHttpSendRequest+0x77d
b 0000005f42d7d360 00007ff9e8a6d419 wlidsvc!ServiceWinApi::WinHttpSendRequest+0x40
c 0000005f42d7d3b0 00007ff9e8a6bf72 wlidsvc!CProxyHandler::SendReceiveWithProxyFailOver+0x109
d 0000005f42d7d460 00007ff9e8a6c2a5 wlidsvc!CTransport::SendImplementation+0x922
e 0000005f42d7d670 00007ff9e8a6c790 wlidsvc!CTransport::SendInternalHelper+0x291
f 0000005f42d7da50 00007ff9e8a6ca1c wlidsvc!CTransport::SendInternal+0xdc
10 0000005f42d7db20 00007ff9e8b4a95b wlidsvc!CTransport::SendRequest+0x148
11 0000005f42d7dc80 00007ff9e8b51afe wlidsvc!CManagementBaseRequest::Send+0xa7
12 0000005f42d7dd60 00007ff9e8b7b569 wlidsvc!CSingleIdentity::ProvisionIdentity+0xf2
13 0000005f42d7de90 00007ff9e8b6480d wlidsvc!CDeviceIdentityBase::Provision+0x1f9
14 0000005f42d7e0b0 00007ff9e8b660e9 wlidsvc!DeviceIdHelpers::CreateNewDeviceIdentity+0x46d
15 0000005f42d7e300 00007ff9e8aec529 wlidsvc!DeviceIdHelpers::ProvisionDeviceId+0x155
16 0000005f42d7e3e0 00007ff9e8b12c0f wlidsvc!DeviceIdHelpers::RetrieveDeviceID+0x52f75
17 0000005f42d7e620 00007ff9e8aea211 wlidsvc!GetDeviceIdInternal+0x1b7
18 0000005f42d7e7d0 00007ff9e8a65bc6 wlidsvc!CIdentityStore::GetNewIdentityHandle+0x53c55
19 0000005f42d7e9d0 00007ff9e8a653bf wlidsvc!HandleCreateContext+0x176
1a 0000005f42d7eae0 00007ff9f93aa593 wlidsvc!WLIDCreateContext+0xaf
1b 0000005f42d7eb70 00007ff9f9352b4b RPCRT4!Invoke+0x73
1c 0000005f42d7ebe0 00007ff9f93953fa RPCRT4!NdrStubCall2+0x46b
1d 0000005f42d7f270 00007ff9f937a274 RPCRT4!NdrServerCall2+0x1a
1e 0000005f42d7f2a0 00007ff9f937918d RPCRT4!DispatchToStubInCNoAvrf+0x24
1f 0000005f42d7f2f0 00007ff9f9379a3b RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x1bd
20 0000005f42d7f3c0 00007ff9f93610ac RPCRT4!RPC_INTERFACE::DispatchToStub+0xcb
21 (Inline) ---------------- RPCRT4!LRPC_SBINDING::DispatchToStub+0x1d5
22 0000005f42d7f420 00007ff9f936152c RPCRT4!LRPC_SCALL::DispatchRequest+0x34c
23 (Inline) ---------------- RPCRT4!LRPC_SCALL::QueueOrDispatchCall+0x37
24 0000005f42d7f500 00007ff9f934ae1c RPCRT4!LRPC_SCALL::HandleRequest+0x2bc Request from explorer.exe (ffffd685ef0003c0) PID: 0x6f38 TID: 0x19e4
25 (Inline) ---------------- RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x1f5
26 0000005f42d7f620 00007ff9f934c67b RPCRT4!LRPC_ADDRESS::HandleRequest+0x36c
27 0000005f42d7f6d0 00007ff9f9373a2a RPCRT4!LRPC_ADDRESS::ProcessIO+0x91b
28 (Inline) ---------------- RPCRT4!LrpcServerIoHandler+0x18
29 0000005f42d7f810 00007ff9fb9dd34e RPCRT4!LrpcIoComplete+0xaa
2a 0000005f42d7f8b0 00007ff9fb9decb9 ntdll!TppAlpcpExecuteCallback+0x25e
2b 0000005f42d7f960 00007ff9f96a84d4 ntdll!TppWorkerThread+0x8d9
2c 0000005f42d7fd60 00007ff9fba11781 KERNEL32!BaseThreadInitThunk+0x14
2d 0000005f42d7fd90 0000000000000000 ntdll!RtlUserThreadStart+0x21
This thread has been waiting 36m:53.984 on a usermode request
