Performance Impact when IIS Settings Are Changed on Exchange Server

mitja.kolsek -

We're aware of a possible performance impact on Exchange Server computers with 0patch Agent installed when some Internet Information Server (IIS) settings are changed. This manifests itself in various IIS Worker processes (w3wp.exe) consuming a lot of CPU resources for an extended period of time (longer than normal), during which other functions can be impacted, such as serving web content to remote users.

The root cause of this is in 0patch Agent performing an internal "update" operation every time a new executable module (DLL) is loaded in a process, and w3wp.exe seems to load hundreds of DLLs during the process following an IIS settings change. These DLLs are being loaded many times, sometimes totaling in 0patch Agent performing an internal update thousands of times. We are planning a fix for this issue in the next Agent version.

The overwhelmed IIS Worker Processes eventually stop consuming excessive CPU resources but this could cause timeouts in applications and scripts waiting for changes to be completed.

Note that high CPU usage is not uncommon for w3wp.exe processes in Exchange, and not all changes result in the described symptoms, so it may be difficult to determine whether, or how much, 0patch is contributing to the problem in any particular case. These are the confirmed problematic cases we're aware of so far:

  1. Configuring Windows Extended Protection in Exchange Server, either manually of using a script
  2. Running the "Reconstruct Server Website" operation offered by Trend Micro Worry-Free Advanced product


The easiest workaround for this issue is to temporarily remove 0patch Loader DLLs from running processes. To do this, launch Registry Editor (regedit.exe) as admin, and change the value HKEY_LOCAL_MACHINE\SOFTWARE\0patch\CallbackKeys\UnloadLoaderDll\Counter to any other value than its current one. This immediately removes our DLL from all running processes, including any problematic w3wp.exe processes, and can be done either before performing the IIS changes or during. Once IIS changes have been completed, you need to re-inject 0patch DLLs in running processes, which is done by restarting the "0patch Service" service.



Have more questions? Submit a request


Please sign in to leave a comment.