Search This Blog

Tuesday, September 18, 2007

Memory leak

Investigating memory leak on on of the W2003 servers.

1) Server gives error once a week since 1 month now.

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2019
Date: 8/20/2007
Time: 5:53:20 PM
User: N/A
Computer: SCHGVAIT003
Description:
The server was unable to allocate from the system nonpaged pool because the pool was empty.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 04 00 01 00 54 00 ......T.
0008: 00 00 00 00 e3 07 00 c0 ....ã..À
0010: 00 00 00 00 9a 00 00 c0 ....š..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 02 00 00 00 ....


Nonpaged pool is limited to 256K on that server.


2) Poolmon utility from Windows support tool was used to identify leaking driver:

start poolmon.exe, then press B key to sort by bytes allocated.

Driver with tag "Ddk" allocated 51820464 bytes in 3 days.

3) Identify driver
poolmon.exe /c - will create drivers tags in localtag.txt

4) Suspect- CPQCISSE.sys ver 6.2.0.32

5) Looking if newer driver is available at HP - no, I have latest one

6) Suspect Trend Micro firewall - unistalled, memory leak stopped.

No comments: