Monday, January 14, 2013

SCCM 2012 Agent and high CPU utilization

When using Automatic Deployment Rules (ADR) in ConfigMgr 2012 you have a choice at "Each time the rule runs and finds new updates" on the General tab. The choice is about "Add to an existing Software Update Group" and "Create a new Software Update Group". An Software Update Group will be named SUG from now on.

Not sure why this choice can be made, but with monthly Windows updates it can be handy to create a new SUG every month. That way you know which updates are deployed every month. When using an ADR for Endpoint Protection (SCEP) definition updates it's recommended to use an existing SUG. Otherwise every 8 hours or day (as configured) a new SUG will be created. The old SUGs will be kept with expired definition updates in it. Not that it's not a good configuration, but WBEM cannot deal with lots of SUGs, with expired definition updates in it.

Here's the trick. When having lots of SUGs, with expired definition updates in it make WBEM run wild and unstable. WBEM is a sub component of WMI, which in turn is contained in svchost.exe. To stop this, remove all software update deployments especially those for Endpoint Protection; the WBEM should calm down in an hour or so. If the WBEM repository is corrupt, it may take hours for WBEM to calm down. WBEM needs to detect the corruption and run a repair. Deleting the WBEM repository should be avoided.

Looking on MS TechNet I found the following post: SCCM 2012 Agent and high CPU utilization. Deleting the SUGs indeed did the trick in my case. It seems to be a known Microsoft bug and may be solved later.


  1. Hi,
    I must say you have posted rich information.

    Can you suggest me on the following:
    I have SCCM Setup on my office which is working fine etc etc.
    Now I want to connect this our office located in different country and managing the OSD from here.
    The other side has also the same setup (assume I have just deployed the Backup of original setup).

    Now question is how to get remote access on SCCM server located on other country?

    I know about Public IP and Remote Desktop Connection, but do you have even better suggestion.

    1. Maybe Direct Access is an solution or TeamViewer? I use both solutions a lot for this! Hope it helps.