samba - Jun 2016 - Samba High CPU

Hello

I'm having a issue in samba with high cpu. We have a production environment
with 3 DCs and all of them samba process is at 100%. Sometimes on
fileserver, winbind goes offline and only return to online after restart
all DCs process (and we suspect the cause is high cpu on DCs)
On DCs, there are many clients with continuous traffic on port 445.

Now we have a test environment with 1 DC and 6 Windows clients, and when
one of this clients powered on, samba process goes 100%. Investigating, we
discovered a continuous traffic from this client on port 445. On windows
client, the process originator this traffic is "WMI Provider Host".
There
is no virus detected. I searched a lot on google, but not found any
probably causes for this.

Apparently, the problem isn't on DC, but on windows client.

Someone have any ideia ??

Regards
Fernando

On Wed, Jun 08, 2016 at 09:54:22AM -0300, Fernando Favero
wrote:
> Hello
> 
> I'm having a issue in samba with high cpu. We have a production
environment
> with 3 DCs and all of them samba process is at 100%. Sometimes on
> fileserver, winbind goes offline and only return to online after restart
> all DCs process (and we suspect the cause is high cpu on DCs)
> On DCs, there are many clients with continuous traffic on port 445.
> 
> Now we have a test environment with 1 DC and 6 Windows clients, and when
> one of this clients powered on, samba process goes 100%. Investigating, we
> discovered a continuous traffic from this client on port 445. On windows
> client, the process originator this traffic is "WMI Provider
Host". There
> is no virus detected. I searched a lot on google, but not found any
> probably causes for this.
> 
> Apparently, the problem isn't on DC, but on windows client.
> 
> Someone have any ideia ??
Can you get and post a wireshark trace of the traffic
from this client ? Sounds like this client is forcing
the server into 100% CPU serving its requests.