toe_mas
asked on
Event ID 2020 SVR - After HP Software install, reboots needed a couple times a day
The saga, I hope not to get too lengthy, but I want to give all pertinent information! :)
I have a Windows 2000 Server, running Terminal Services that 3 users log in with.
The three locations all got three new printers (that I did not recommend), HP Officejet 5610s.
In the past I have been able to finagle the drivers on the server for other past printers to work properly through Terminal Services.
While installing the Officejet driver, I was forced to install everything from the CD, the install would not continue telling me the OS was not supported.
After physically attaching a Officejet 5610 to the server, I was able to get a Printer installed and the locations could log in and their 5610 was properly created.
The next morning, I found that when the remote and local users went to a mapped drive they received an error saying the server ( I am paraphrasing) Did not have enough space to process the request.
The event view showed tons of Event ID 2020 from source SVR, "The server was unable to allocate from the system paged pool because the pool was empty."
Rebooting the server made it OK again, but I noticed a pattern that the 2020 errors occurred not long after a remote user logged in and their printer was created.
I removed all remote printers physically and uninstalled the so they did not appear in the Printers window.
This alleviated it, but the 2020s still persisted.
I went through the server and removed every HP folder, every HP registry entry, cleaned out the c:\winnt\system32\spool\dr
An occasional Terminal Service user logged in, she has a Deskjet 3740, this set off another set of 2020 errors again. The event viewer said the printer could not be created because it couldn't find a suitable driver.
I have installed the support tools so I could use poolmon and see where the memory leak is, but I am not sure how to interpret the numbers, I see the processes and the numbers change, but nothing really shoots through the roof or anything. Also, I cannot figure out how to get a dump from poolmon to post as part of this message.
poolmon /? gives me an unknown switch error
The others I have read about to create a text file to post also give me that unknown switch
So, I am sure it is a memory leak somewhere, I am relatively sure it is HP or printer related, I just need help tracking it down!!
Thanks in advance
I have a Windows 2000 Server, running Terminal Services that 3 users log in with.
The three locations all got three new printers (that I did not recommend), HP Officejet 5610s.
In the past I have been able to finagle the drivers on the server for other past printers to work properly through Terminal Services.
While installing the Officejet driver, I was forced to install everything from the CD, the install would not continue telling me the OS was not supported.
After physically attaching a Officejet 5610 to the server, I was able to get a Printer installed and the locations could log in and their 5610 was properly created.
The next morning, I found that when the remote and local users went to a mapped drive they received an error saying the server ( I am paraphrasing) Did not have enough space to process the request.
The event view showed tons of Event ID 2020 from source SVR, "The server was unable to allocate from the system paged pool because the pool was empty."
Rebooting the server made it OK again, but I noticed a pattern that the 2020 errors occurred not long after a remote user logged in and their printer was created.
I removed all remote printers physically and uninstalled the so they did not appear in the Printers window.
This alleviated it, but the 2020s still persisted.
I went through the server and removed every HP folder, every HP registry entry, cleaned out the c:\winnt\system32\spool\dr
An occasional Terminal Service user logged in, she has a Deskjet 3740, this set off another set of 2020 errors again. The event viewer said the printer could not be created because it couldn't find a suitable driver.
I have installed the support tools so I could use poolmon and see where the memory leak is, but I am not sure how to interpret the numbers, I see the processes and the numbers change, but nothing really shoots through the roof or anything. Also, I cannot figure out how to get a dump from poolmon to post as part of this message.
poolmon /? gives me an unknown switch error
The others I have read about to create a text file to post also give me that unknown switch
So, I am sure it is a memory leak somewhere, I am relatively sure it is HP or printer related, I just need help tracking it down!!
Thanks in advance
The log you posted shows just one snapshot due to which I can't say if anything is leaking. In order to find a pool leak, we need a log taken at multiple intervals so that we can see a rising trend in the leaky driver. Furthermore, the logs here are user mode processes, but in order to find a culprit, we need to look at the kernel side. I see in these logs that smex_master is consuming the maximum paged pool memory at 513792 bytes, but since we have only one snapshot, we can't say if it's at fault. I have uploaded poolmon and memsnap at https://filedb.experts-exchange.com/incoming/ee-stuff/5018-memsnap.zip and would like you to run it on your machine for a day. It also seems that this machine is running exchange. do you have the /3gb switch enabled in the boot.ini file?
It would be good first if you could test it on a different machine and see if it works and then run it on the production machine. i would also advice to reboot the server before running it (if possible) because this way, the system pools would be at their lowest, therefore we would be able to watch the rising trend in the pool consumption more easily.
Another thing to note, as per microsoft, it is not recommended to have a 3bg switch on a windows 2000 machine. http://support.microsoft.com/default.aspx?scid=kb;en-us;328882&Product=exch2k
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I do not have the 3GB switch enabled on this machine.
I understand that memsnap just gives the initial snap, I just wanted to show the normal server running properly. Here is a memsnap from Monday morning, the Terminal Services users are all logged in, but no SVR 2020 errors yet. SMEX_Master had more than doubled, but no errors yet. I will download and use the files you provided for more detail. I have enabled pooltagging with gflagsm, that has been enabled for well over a week now.
Thanks again for the help!
Process ID Proc.Name Wrkng.Set PagedPool NonPgdPl Pagefile Commit Handles Threads
00000000 (null) 16384 0 0 0 0 0 2
00000008 System 217088 0 0 24576 24576 241 59
000000C8 SMSS.EXE 401408 5740 1252 1110016 1110016 57 6
000000E0 CSRSS.EXE 2863104 33744 6816 1490944 1490944 1283 13
000000F8 WINLOGON.EXE 3010560 30968 42224 7544832 7544832 428 17
00000114 SERVICES.EXE 9248768 35484 758108 4161536 4161536 869 44
00000120 LSASS.EXE 49283072 34928 188214 50749440 50749440 1180 45
00000180 termsrv.exe 6066176 18980 16144 2740224 2740224 213 20
00000204 svchost.exe 4853760 21816 32552 2060288 2060288 433 12
00000230 svchost.exe 9871360 34828 77696 4808704 4808704 427 22
00000260 LEXBCES.EXE 2707456 18200 11680 1069056 1069056 149 9
00000278 spoolsv.exe 11341824 35452 23620 7200768 7200768 283 22
00000280 LEXPPS.EXE 3727360 21468 46016 1368064 1368064 139 11
00000420 msdtc.exe 6115328 22912 22820 2019328 2019328 208 26
0000049C beremote.exe 7180288 29080 16400 4358144 4358144 126 7
000004AC benetns.exe 2752512 17584 11576 835584 835584 51 3
000004BC benser.exe 3002368 17540 11680 851968 851968 55 5
000004D8 dfssvc.exe 3780608 16608 13672 1245184 1245184 116 6
00000500 EUQMonitor.exe 6823936 28052 8496 2850816 2850816 175 16
00000528 svchost.exe 8798208 32680 8800 4878336 4878336 188 12
00000534 inetinfo.exe 33583104 110424 388681 28549120 28549120 3237 101
00000558 pds.exe 3731456 19368 5120 1490944 1490944 109 5
00000598 ismserv.exe 8253440 34036 11924 3788800 3788800 339 13
000005C0 sqlservr.exe 59011072 33632 36760 45371392 45371392 374 29
000005E4 ntfrs.exe 1179648 23568 12164 5734400 5734400 527 19
0000068C OfcService.exe 44056576 72144 23172 24739840 24739840 452 47
0000071C svchost.exe 2174976 13056 2760 598016 598016 60 2
00000730 regsvc.exe 1085440 8036 9652 294912 294912 35 3
00000740 wdsvc.exe 4886528 24228 4476 1388544 1388544 64 3
00000760 LOCATOR.EXE 2027520 13256 10900 638976 638976 44 3
00000778 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
0000070C DbServer.exe 29106176 21212 6888 26390528 26390528 145 9
000007F4 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
00000810 SMEX_Master.exe 125091840 513792 31556 122728448 122728448 888 95
00000808 mstask.exe 5193728 22964 15460 1433600 1433600 133 7
00000818 SMEX_SystemWatc 16896000 39160 10300 9359360 9359360 297 13
00000858 stisvc.exe 1855488 14492 2084 495616 495616 58 4
00000890 svchost.exe 3866624 16924 13448 1699840 1699840 193 12
000008A8 lserver.exe 7376896 26636 20892 4329472 4329472 235 15
000009F0 WinMgmt.exe 8351744 86508 106680 16723968 16723968 1044 28
000009FC svchost.exe 8032256 32604 6940 5173248 5173248 233 5
00000A08 pvlsvr.exe 9719808 32700 8116 2875392 2875392 220 10
00000A80 DNS.EXE 4698112 16744 38655 2138112 2138112 168 16
00000AC8 XFR.EXE 2842624 15780 5744 1024000 1024000 86 6
00000B88 EXMGMT.EXE 5193728 18668 70620 10801152 10801152 94 3
00000B90 MSGSYS.EXE 3739648 19000 22128 1699840 1699840 132 13
00000C24 MAD.EXE 17985536 47416 171212 15474688 15474688 878 45
00000C40 mssearch.exe 1306624 28136 9836 13418496 13418496 216 8
00000CE8 FXSSVC.exe 4001792 22384 13188 3911680 3911680 88 14
00000DAC STORE.EXE 37412864 116552 158680 29769728 29769728 3125 112
00000E38 EMSMTA.EXE 5832704 40148 115240 18124800 18124800 837 38
00000ECC MSPADMIN.EXE 7385088 32780 30452 2711552 2711552 391 18
00000FA0 WSPSRV.EXE 9211904 42452 156496 4280320 4280320 1293 27
00001008 W3PROXY.EXE 70606848 35312 272300 208437248 208437248 881 18
00001084 W3PREFCH.EXE 4657152 23828 4580 1290240 1290240 156 7
000000B4 explorer.exe 8404992 42000 26308 2646016 2646016 264 10
00000E94 VxTaskbarMgr.ex 1581056 16532 3108 425984 425984 25 2
00000E64 GoogleToolbarNo 413696 26448 4632 2908160 2908160 158 5
000014E4 svcGenericHost. 2301952 12036 2292 712704 712704 43 3
000014F8 SMEX_RemoteConf 4448256 17020 12616 1433600 1433600 49 4
00000CB8 CSRSS.EXE 2117632 14932 3852 696320 696320 144 11
00000110 WINLOGON.EXE 17420288 26176 32264 18755584 18755584 154 12
000011E0 CSRSS.EXE 933888 9092 2032 290816 290816 50 6
0000151C WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
00001568 PccNTUpd.exe 1429504 14416 1720 307200 307200 24 1
000013C4 CSRSS.EXE 933888 9092 2032 290816 290816 49 6
000010B8 WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
000011A4 rdpclip.exe 1236992 13008 1824 356352 356352 33 2
00001344 explorer.exe 3186688 44432 15580 4116480 4116480 319 11
00000E24 PccNTMon.exe 3874816 19272 5796 2015232 2015232 60 3
00000E84 GoogleToolbarNo 331776 26448 4632 2904064 2904064 160 5
000002D8 mmc.exe 10674176 38680 6504 5611520 5611520 145 4
00001460 CMD.EXE 1241088 13192 1564 319488 319488 22 1
0000143C memsnap.exe 966656 12084 1512 331776 331776 17 1
00000000 (null) 16384 0 0 0 0 0 2
00000008 System 217088 0 0 24576 24576 240 60
000000C8 SMSS.EXE 401408 5740 1252 1110016 1110016 57 6
000000E0 CSRSS.EXE 2863104 33744 6816 1490944 1490944 1283 13
000000F8 WINLOGON.EXE 3072000 30968 42224 7544832 7544832 432 17
00000114 SERVICES.EXE 9252864 35484 758108 4149248 4149248 869 44
00000120 LSASS.EXE 49389568 34928 194745 50823168 50823168 1183 45
00000180 termsrv.exe 6119424 18980 16248 2797568 2797568 215 21
00000204 svchost.exe 4853760 21816 32552 2060288 2060288 436 12
00000230 svchost.exe 9883648 34828 77800 4825088 4825088 427 23
00000260 LEXBCES.EXE 2707456 18200 11680 1069056 1069056 149 9
00000278 spoolsv.exe 11333632 35452 23516 7188480 7188480 288 21
00000280 LEXPPS.EXE 3727360 21468 46016 1368064 1368064 139 11
00000420 msdtc.exe 6115328 22912 22820 2019328 2019328 208 26
0000049C beremote.exe 7180288 29080 16400 4358144 4358144 126 7
000004AC benetns.exe 2752512 17584 11576 835584 835584 51 3
000004BC benser.exe 3002368 17540 11680 851968 851968 55 5
000004D8 dfssvc.exe 3780608 16608 13672 1245184 1245184 116 6
00000500 EUQMonitor.exe 6823936 28052 8496 2850816 2850816 175 16
00000528 svchost.exe 8798208 32680 8800 4878336 4878336 188 12
00000534 inetinfo.exe 36466688 110424 393111 28749824 28749824 3233 104
00000558 pds.exe 3731456 19368 5120 1490944 1490944 109 5
00000598 ismserv.exe 8253440 34036 11924 3788800 3788800 339 13
000005C0 sqlservr.exe 59027456 33632 36760 45371392 45371392 374 29
000005E4 ntfrs.exe 925696 23568 12164 5734400 5734400 527 19
0000068C OfcService.exe 44040192 72144 23068 24719360 24719360 452 46
0000071C svchost.exe 2174976 13056 2760 598016 598016 60 2
00000730 regsvc.exe 1077248 8036 9548 282624 282624 33 2
00000740 wdsvc.exe 4886528 24228 4476 1388544 1388544 64 3
00000760 LOCATOR.EXE 2027520 13256 10900 638976 638976 44 3
00000778 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
0000070C DbServer.exe 29106176 21212 6888 26390528 26390528 145 9
000007F4 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
00000810 SMEX_Master.exe 127959040 513792 31660 122896384 122896384 889 95
00000808 mstask.exe 5193728 22964 15460 1433600 1433600 133 7
00000818 SMEX_SystemWatc 17076224 39160 10300 9547776 9547776 297 13
00000858 stisvc.exe 1855488 14492 2084 495616 495616 58 4
00000890 svchost.exe 3866624 16924 13448 1699840 1699840 193 12
000008A8 lserver.exe 7385088 26636 20996 4341760 4341760 240 16
000009F0 WinMgmt.exe 5246976 86508 106576 16977920 16977920 1044 27
000009FC svchost.exe 8032256 32604 6940 5173248 5173248 233 5
00000A08 pvlsvr.exe 9719808 32700 8116 2875392 2875392 220 10
00000A80 DNS.EXE 4710400 16744 38655 2138112 2138112 168 16
00000AC8 XFR.EXE 2842624 15780 5744 1024000 1024000 86 6
00000B88 EXMGMT.EXE 5193728 18668 70620 10801152 10801152 94 3
00000B90 MSGSYS.EXE 3739648 19000 22128 1699840 1699840 132 13
00000C24 MAD.EXE 18206720 47416 171108 15560704 15560704 880 44
00000C40 mssearch.exe 1306624 28136 9836 13418496 13418496 216 8
00000CE8 FXSSVC.exe 4001792 22384 13188 3911680 3911680 88 14
00000DAC STORE.EXE 40235008 116552 158576 30076928 30076928 3129 111
00000E38 EMSMTA.EXE 5902336 40148 115240 17608704 17608704 837 38
00000ECC MSPADMIN.EXE 7098368 31716 30296 2666496 2666496 384 18
00000FA0 WSPSRV.EXE 9211904 42452 156496 4280320 4280320 1293 27
00001008 W3PROXY.EXE 70606848 35312 272300 208437248 208437248 881 18
00001084 W3PREFCH.EXE 4657152 23828 4580 1290240 1290240 156 7
000000B4 explorer.exe 8404992 42000 26308 2646016 2646016 264 10
00000E94 VxTaskbarMgr.ex 1581056 16532 3108 425984 425984 25 2
00000E64 GoogleToolbarNo 413696 26448 4632 2908160 2908160 158 5
000014E4 svcGenericHost. 2301952 12036 2292 712704 712704 43 3
000014F8 SMEX_RemoteConf 4448256 17020 12616 1433600 1433600 49 4
00000CB8 CSRSS.EXE 2191360 14976 3800 708608 708608 144 11
00000110 WINLOGON.EXE 17420288 26176 32264 18755584 18755584 154 12
000011E0 CSRSS.EXE 933888 9092 2032 290816 290816 50 6
0000151C WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
00001568 PccNTUpd.exe 1429504 14416 1720 307200 307200 24 1
000013C4 CSRSS.EXE 933888 9092 2032 290816 290816 49 6
000010B8 WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
000011A4 rdpclip.exe 1261568 13008 1824 389120 389120 33 2
00001344 explorer.exe 1515520 45156 16672 4644864 4644864 351 14
00000E24 PccNTMon.exe 3874816 19272 5796 2015232 2015232 60 3
00000E84 GoogleToolbarNo 409600 26448 4632 2904064 2904064 160 5
000002D8 mmc.exe 10694656 39276 6660 5627904 5627904 148 5
0000148C memsnap.exe 970752 12084 1512 331776 331776 17 1
00000000 (null) 16384 0 0 0 0 0 2
00000008 System 24576 0 0 24576 24576 260 60
000000C8 SMSS.EXE 28672 5740 1252 1110016 1110016 78 6
000000E0 CSRSS.EXE 466944 33744 6816 1495040 1495040 1286 13
000000F8 WINLOGON.EXE 2560000 30968 42328 7680000 7680000 432 17
00000114 SERVICES.EXE 4526080 35484 799016 4169728 4169728 985 43
00000120 LSASS.EXE 46100480 34928 161186 54489088 54489088 1254 43
00000180 termsrv.exe 3174400 23092 16716 2932736 2932736 271 26
00000204 svchost.exe 2469888 24652 32604 2248704 2248704 545 12
00000230 svchost.exe 2838528 34828 85888 4841472 4841472 445 22
00000260 LEXBCES.EXE 331776 18200 11680 1064960 1064960 148 9
00000278 spoolsv.exe 3031040 35452 23516 7229440 7229440 306 21
00000280 LEXPPS.EXE 98304 21468 46016 1368064 1368064 139 11
00000420 msdtc.exe 536576 22912 22820 2019328 2019328 208 26
0000049C beremote.exe 299008 29080 16400 4358144 4358144 126 7
000004AC benetns.exe 311296 17584 11576 835584 835584 51 3
000004BC benser.exe 253952 17540 11680 851968 851968 55 5
000004D8 dfssvc.exe 1642496 16608 13724 1331200 1331200 116 6
00000500 EUQMonitor.exe 6057984 35020 16470 4653056 4653056 246 17
00000528 svchost.exe 2887680 32680 8800 4878336 4878336 188 12
00000534 inetinfo.exe 31096832 110808 397743 30035968 30035968 3271 102
00000558 pds.exe 262144 19368 5120 1490944 1490944 109 5
00000598 ismserv.exe 1261568 34036 11924 3784704 3784704 338 13
000005C0 sqlservr.exe 7794688 33632 36760 45502464 45502464 376 29
000005E4 ntfrs.exe 1155072 23568 12164 5750784 5750784 529 19
0000068C OfcService.exe 54751232 72144 23744 41836544 41836544 468 46
0000071C svchost.exe 249856 13056 2760 598016 598016 60 2
00000730 regsvc.exe 442368 8036 9548 286720 286720 33 2
00000740 wdsvc.exe 376832 24228 4476 1388544 1388544 64 3
00000760 LOCATOR.EXE 258048 13256 10900 638976 638976 44 3
00000778 svcGenericHost. 249856 11708 2136 643072 643072 42 3
0000070C DbServer.exe 3231744 21212 6888 26390528 26390528 145 9
000007F4 svcGenericHost. 249856 11708 2136 643072 643072 42 3
00000810 SMEX_Master.exe 120913920 484296 31868 129478656 129478656 927 96
00000808 mstask.exe 335872 22964 15460 1433600 1433600 133 7
00000818 SMEX_SystemWatc 11476992 39160 10300 9486336 9486336 297 13
00000858 stisvc.exe 237568 14492 2084 495616 495616 58 4
00000890 svchost.exe 516096 16924 13448 1695744 1695744 196 12
000008A8 lserver.exe 2072576 26636 20892 4304896 4304896 235 15
000009F0 WinMgmt.exe 9285632 86716 123272 23048192 23048192 1070 29
000009FC svchost.exe 1183744 32604 6940 5165056 5165056 232 5
00000A08 pvlsvr.exe 532480 32700 8116 2875392 2875392 220 10
00000A80 DNS.EXE 1945600 16744 22868 2191360 2191360 168 16
00000AC8 XFR.EXE 274432 15780 5744 1024000 1024000 86 6
00000B88 EXMGMT.EXE 122880 18668 70620 10801152 10801152 94 3
00000B90 MSGSYS.EXE 204800 19000 22128 1699840 1699840 132 13
00000C24 MAD.EXE 13115392 49972 149268 16478208 16478208 916 45
00000C40 mssearch.exe 532480 28136 9836 13418496 13418496 216 8
00000CE8 FXSSVC.exe 700416 22384 13188 3911680 3911680 88 14
00000DAC STORE.EXE 965038080 1014408 186050 46981120 46981120 3226 112
00000E38 EMSMTA.EXE 4300800 40328 115344 17723392 17723392 845 39
00000ECC MSPADMIN.EXE 1384448 31716 46680 2666496 2666496 392 18
00000FA0 WSPSRV.EXE 1589248 42452 156496 4280320 4280320 1293 27
00001008 W3PROXY.EXE 9572352 35312 272300 208437248 208437248 881 18
00001084 W3PREFCH.EXE 524288 23828 4580 1290240 1290240 156 7
000000B4 explorer.exe 2039808 42024 42848 2641920 2641920 272 11
00000E94 VxTaskbarMgr.ex 0 16532 3108 425984 425984 25 2
00000E64 GoogleToolbarNo 270336 26448 4632 2908160 2908160 158 5
000014E4 svcGenericHost. 258048 12036 2292 712704 712704 43 3
000014F8 SMEX_RemoteConf 102400 17020 12616 1433600 1433600 49 4
00000CB8 CSRSS.EXE 1105920 15036 3852 835584 835584 154 11
00000110 WINLOGON.EXE 741376 26176 32264 18755584 18755584 158 12
000011E0 CSRSS.EXE 765952 15960 4008 667648 667648 149 12
0000151C WINLOGON.EXE 942080 26176 32264 4038656 4038656 159 12
00001568 PccNTUpd.exe 0 14416 1720 307200 307200 24 1
000011A4 rdpclip.exe 0 13008 1824 389120 389120 33 2
00001344 explorer.exe 1781760 47664 46592 5287936 5287936 420 14
00000E24 PccNTMon.exe 1339392 19272 5796 2015232 2015232 61 3
00000E84 GoogleToolbarNo 270336 26448 4632 2904064 2904064 160 5
000003A8 poolmon.exe 294912 7392 1148 348160 348160 12 1
000010A8 CSRSS.EXE 970752 38728 3488 659456 659456 116 11
00000A68 WINLOGON.EXE 1294336 26176 32264 4419584 4419584 156 12
000001A0 rdpclip.exe 53248 13008 1824 356352 356352 33 2
0000155C explorer.exe 6426624 37052 41196 4354048 4354048 349 13
000002D0 PccNTMon.exe 1413120 19272 5796 2015232 2015232 61 3
00000404 CSRSS.EXE 1507328 16096 4008 638976 638976 151 11
00001578 WINLOGON.EXE 3088384 26176 32264 4321280 4321280 158 12
00001600 rdpclip.exe 110592 13008 1824 356352 356352 33 2
00001618 explorer.exe 5652480 57824 37672 4722688 4722688 389 11
0000165C PccNTMon.exe 1413120 19272 5796 2015232 2015232 62 3
000014BC OUTLOOK.EXE 3780608 88428 29566 5697536 5697536 495 13
000015B8 WINWORD.EXE 2977792 100832 13824 20529152 20529152 326 4
0000132C EXCEL.EXE 3358720 86516 17268 22343680 22343680 185 3
000013D4 CSRSS.EXE 40960 9092 2032 290816 290816 49 6
0000158C WINLOGON.EXE 65536 12524 2344 1425408 1425408 26 1
00000568 CSRSS.EXE 40960 9092 2032 290816 290816 49 6
00001710 WINLOGON.EXE 65536 12524 2344 1425408 1425408 26 1
00000E68 rdpclip.exe 53248 13008 1824 356352 356352 33 2
0000036C explorer.exe 7323648 43776 27192 2760704 2760704 283 11
000011E4 PccNTMon.exe 2138112 19272 5796 2015232 2015232 61 3
0000164C OUTLOOK.EXE 18681856 87724 28816 8749056 8749056 579 17
000015D0 mdm.exe 1576960 16320 2916 794624 794624 89 3
000017D8 WINWORD.EXE 1966080 55876 5620 4825088 4825088 172 4
00001780 EXCEL.EXE 32387072 58492 20440 29351936 29351936 180 3
000003B4 mmc.exe 10547200 38924 6504 5574656 5574656 141 3
000016F8 memsnap.exe 966656 12084 1512 331776 331776 17 1
I understand that memsnap just gives the initial snap, I just wanted to show the normal server running properly. Here is a memsnap from Monday morning, the Terminal Services users are all logged in, but no SVR 2020 errors yet. SMEX_Master had more than doubled, but no errors yet. I will download and use the files you provided for more detail. I have enabled pooltagging with gflagsm, that has been enabled for well over a week now.
Thanks again for the help!
Process ID Proc.Name Wrkng.Set PagedPool NonPgdPl Pagefile Commit Handles Threads
00000000 (null) 16384 0 0 0 0 0 2
00000008 System 217088 0 0 24576 24576 241 59
000000C8 SMSS.EXE 401408 5740 1252 1110016 1110016 57 6
000000E0 CSRSS.EXE 2863104 33744 6816 1490944 1490944 1283 13
000000F8 WINLOGON.EXE 3010560 30968 42224 7544832 7544832 428 17
00000114 SERVICES.EXE 9248768 35484 758108 4161536 4161536 869 44
00000120 LSASS.EXE 49283072 34928 188214 50749440 50749440 1180 45
00000180 termsrv.exe 6066176 18980 16144 2740224 2740224 213 20
00000204 svchost.exe 4853760 21816 32552 2060288 2060288 433 12
00000230 svchost.exe 9871360 34828 77696 4808704 4808704 427 22
00000260 LEXBCES.EXE 2707456 18200 11680 1069056 1069056 149 9
00000278 spoolsv.exe 11341824 35452 23620 7200768 7200768 283 22
00000280 LEXPPS.EXE 3727360 21468 46016 1368064 1368064 139 11
00000420 msdtc.exe 6115328 22912 22820 2019328 2019328 208 26
0000049C beremote.exe 7180288 29080 16400 4358144 4358144 126 7
000004AC benetns.exe 2752512 17584 11576 835584 835584 51 3
000004BC benser.exe 3002368 17540 11680 851968 851968 55 5
000004D8 dfssvc.exe 3780608 16608 13672 1245184 1245184 116 6
00000500 EUQMonitor.exe 6823936 28052 8496 2850816 2850816 175 16
00000528 svchost.exe 8798208 32680 8800 4878336 4878336 188 12
00000534 inetinfo.exe 33583104 110424 388681 28549120 28549120 3237 101
00000558 pds.exe 3731456 19368 5120 1490944 1490944 109 5
00000598 ismserv.exe 8253440 34036 11924 3788800 3788800 339 13
000005C0 sqlservr.exe 59011072 33632 36760 45371392 45371392 374 29
000005E4 ntfrs.exe 1179648 23568 12164 5734400 5734400 527 19
0000068C OfcService.exe 44056576 72144 23172 24739840 24739840 452 47
0000071C svchost.exe 2174976 13056 2760 598016 598016 60 2
00000730 regsvc.exe 1085440 8036 9652 294912 294912 35 3
00000740 wdsvc.exe 4886528 24228 4476 1388544 1388544 64 3
00000760 LOCATOR.EXE 2027520 13256 10900 638976 638976 44 3
00000778 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
0000070C DbServer.exe 29106176 21212 6888 26390528 26390528 145 9
000007F4 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
00000810 SMEX_Master.exe 125091840 513792 31556 122728448 122728448 888 95
00000808 mstask.exe 5193728 22964 15460 1433600 1433600 133 7
00000818 SMEX_SystemWatc 16896000 39160 10300 9359360 9359360 297 13
00000858 stisvc.exe 1855488 14492 2084 495616 495616 58 4
00000890 svchost.exe 3866624 16924 13448 1699840 1699840 193 12
000008A8 lserver.exe 7376896 26636 20892 4329472 4329472 235 15
000009F0 WinMgmt.exe 8351744 86508 106680 16723968 16723968 1044 28
000009FC svchost.exe 8032256 32604 6940 5173248 5173248 233 5
00000A08 pvlsvr.exe 9719808 32700 8116 2875392 2875392 220 10
00000A80 DNS.EXE 4698112 16744 38655 2138112 2138112 168 16
00000AC8 XFR.EXE 2842624 15780 5744 1024000 1024000 86 6
00000B88 EXMGMT.EXE 5193728 18668 70620 10801152 10801152 94 3
00000B90 MSGSYS.EXE 3739648 19000 22128 1699840 1699840 132 13
00000C24 MAD.EXE 17985536 47416 171212 15474688 15474688 878 45
00000C40 mssearch.exe 1306624 28136 9836 13418496 13418496 216 8
00000CE8 FXSSVC.exe 4001792 22384 13188 3911680 3911680 88 14
00000DAC STORE.EXE 37412864 116552 158680 29769728 29769728 3125 112
00000E38 EMSMTA.EXE 5832704 40148 115240 18124800 18124800 837 38
00000ECC MSPADMIN.EXE 7385088 32780 30452 2711552 2711552 391 18
00000FA0 WSPSRV.EXE 9211904 42452 156496 4280320 4280320 1293 27
00001008 W3PROXY.EXE 70606848 35312 272300 208437248 208437248 881 18
00001084 W3PREFCH.EXE 4657152 23828 4580 1290240 1290240 156 7
000000B4 explorer.exe 8404992 42000 26308 2646016 2646016 264 10
00000E94 VxTaskbarMgr.ex 1581056 16532 3108 425984 425984 25 2
00000E64 GoogleToolbarNo 413696 26448 4632 2908160 2908160 158 5
000014E4 svcGenericHost. 2301952 12036 2292 712704 712704 43 3
000014F8 SMEX_RemoteConf 4448256 17020 12616 1433600 1433600 49 4
00000CB8 CSRSS.EXE 2117632 14932 3852 696320 696320 144 11
00000110 WINLOGON.EXE 17420288 26176 32264 18755584 18755584 154 12
000011E0 CSRSS.EXE 933888 9092 2032 290816 290816 50 6
0000151C WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
00001568 PccNTUpd.exe 1429504 14416 1720 307200 307200 24 1
000013C4 CSRSS.EXE 933888 9092 2032 290816 290816 49 6
000010B8 WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
000011A4 rdpclip.exe 1236992 13008 1824 356352 356352 33 2
00001344 explorer.exe 3186688 44432 15580 4116480 4116480 319 11
00000E24 PccNTMon.exe 3874816 19272 5796 2015232 2015232 60 3
00000E84 GoogleToolbarNo 331776 26448 4632 2904064 2904064 160 5
000002D8 mmc.exe 10674176 38680 6504 5611520 5611520 145 4
00001460 CMD.EXE 1241088 13192 1564 319488 319488 22 1
0000143C memsnap.exe 966656 12084 1512 331776 331776 17 1
00000000 (null) 16384 0 0 0 0 0 2
00000008 System 217088 0 0 24576 24576 240 60
000000C8 SMSS.EXE 401408 5740 1252 1110016 1110016 57 6
000000E0 CSRSS.EXE 2863104 33744 6816 1490944 1490944 1283 13
000000F8 WINLOGON.EXE 3072000 30968 42224 7544832 7544832 432 17
00000114 SERVICES.EXE 9252864 35484 758108 4149248 4149248 869 44
00000120 LSASS.EXE 49389568 34928 194745 50823168 50823168 1183 45
00000180 termsrv.exe 6119424 18980 16248 2797568 2797568 215 21
00000204 svchost.exe 4853760 21816 32552 2060288 2060288 436 12
00000230 svchost.exe 9883648 34828 77800 4825088 4825088 427 23
00000260 LEXBCES.EXE 2707456 18200 11680 1069056 1069056 149 9
00000278 spoolsv.exe 11333632 35452 23516 7188480 7188480 288 21
00000280 LEXPPS.EXE 3727360 21468 46016 1368064 1368064 139 11
00000420 msdtc.exe 6115328 22912 22820 2019328 2019328 208 26
0000049C beremote.exe 7180288 29080 16400 4358144 4358144 126 7
000004AC benetns.exe 2752512 17584 11576 835584 835584 51 3
000004BC benser.exe 3002368 17540 11680 851968 851968 55 5
000004D8 dfssvc.exe 3780608 16608 13672 1245184 1245184 116 6
00000500 EUQMonitor.exe 6823936 28052 8496 2850816 2850816 175 16
00000528 svchost.exe 8798208 32680 8800 4878336 4878336 188 12
00000534 inetinfo.exe 36466688 110424 393111 28749824 28749824 3233 104
00000558 pds.exe 3731456 19368 5120 1490944 1490944 109 5
00000598 ismserv.exe 8253440 34036 11924 3788800 3788800 339 13
000005C0 sqlservr.exe 59027456 33632 36760 45371392 45371392 374 29
000005E4 ntfrs.exe 925696 23568 12164 5734400 5734400 527 19
0000068C OfcService.exe 44040192 72144 23068 24719360 24719360 452 46
0000071C svchost.exe 2174976 13056 2760 598016 598016 60 2
00000730 regsvc.exe 1077248 8036 9548 282624 282624 33 2
00000740 wdsvc.exe 4886528 24228 4476 1388544 1388544 64 3
00000760 LOCATOR.EXE 2027520 13256 10900 638976 638976 44 3
00000778 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
0000070C DbServer.exe 29106176 21212 6888 26390528 26390528 145 9
000007F4 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
00000810 SMEX_Master.exe 127959040 513792 31660 122896384 122896384 889 95
00000808 mstask.exe 5193728 22964 15460 1433600 1433600 133 7
00000818 SMEX_SystemWatc 17076224 39160 10300 9547776 9547776 297 13
00000858 stisvc.exe 1855488 14492 2084 495616 495616 58 4
00000890 svchost.exe 3866624 16924 13448 1699840 1699840 193 12
000008A8 lserver.exe 7385088 26636 20996 4341760 4341760 240 16
000009F0 WinMgmt.exe 5246976 86508 106576 16977920 16977920 1044 27
000009FC svchost.exe 8032256 32604 6940 5173248 5173248 233 5
00000A08 pvlsvr.exe 9719808 32700 8116 2875392 2875392 220 10
00000A80 DNS.EXE 4710400 16744 38655 2138112 2138112 168 16
00000AC8 XFR.EXE 2842624 15780 5744 1024000 1024000 86 6
00000B88 EXMGMT.EXE 5193728 18668 70620 10801152 10801152 94 3
00000B90 MSGSYS.EXE 3739648 19000 22128 1699840 1699840 132 13
00000C24 MAD.EXE 18206720 47416 171108 15560704 15560704 880 44
00000C40 mssearch.exe 1306624 28136 9836 13418496 13418496 216 8
00000CE8 FXSSVC.exe 4001792 22384 13188 3911680 3911680 88 14
00000DAC STORE.EXE 40235008 116552 158576 30076928 30076928 3129 111
00000E38 EMSMTA.EXE 5902336 40148 115240 17608704 17608704 837 38
00000ECC MSPADMIN.EXE 7098368 31716 30296 2666496 2666496 384 18
00000FA0 WSPSRV.EXE 9211904 42452 156496 4280320 4280320 1293 27
00001008 W3PROXY.EXE 70606848 35312 272300 208437248 208437248 881 18
00001084 W3PREFCH.EXE 4657152 23828 4580 1290240 1290240 156 7
000000B4 explorer.exe 8404992 42000 26308 2646016 2646016 264 10
00000E94 VxTaskbarMgr.ex 1581056 16532 3108 425984 425984 25 2
00000E64 GoogleToolbarNo 413696 26448 4632 2908160 2908160 158 5
000014E4 svcGenericHost. 2301952 12036 2292 712704 712704 43 3
000014F8 SMEX_RemoteConf 4448256 17020 12616 1433600 1433600 49 4
00000CB8 CSRSS.EXE 2191360 14976 3800 708608 708608 144 11
00000110 WINLOGON.EXE 17420288 26176 32264 18755584 18755584 154 12
000011E0 CSRSS.EXE 933888 9092 2032 290816 290816 50 6
0000151C WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
00001568 PccNTUpd.exe 1429504 14416 1720 307200 307200 24 1
000013C4 CSRSS.EXE 933888 9092 2032 290816 290816 49 6
000010B8 WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
000011A4 rdpclip.exe 1261568 13008 1824 389120 389120 33 2
00001344 explorer.exe 1515520 45156 16672 4644864 4644864 351 14
00000E24 PccNTMon.exe 3874816 19272 5796 2015232 2015232 60 3
00000E84 GoogleToolbarNo 409600 26448 4632 2904064 2904064 160 5
000002D8 mmc.exe 10694656 39276 6660 5627904 5627904 148 5
0000148C memsnap.exe 970752 12084 1512 331776 331776 17 1
00000000 (null) 16384 0 0 0 0 0 2
00000008 System 24576 0 0 24576 24576 260 60
000000C8 SMSS.EXE 28672 5740 1252 1110016 1110016 78 6
000000E0 CSRSS.EXE 466944 33744 6816 1495040 1495040 1286 13
000000F8 WINLOGON.EXE 2560000 30968 42328 7680000 7680000 432 17
00000114 SERVICES.EXE 4526080 35484 799016 4169728 4169728 985 43
00000120 LSASS.EXE 46100480 34928 161186 54489088 54489088 1254 43
00000180 termsrv.exe 3174400 23092 16716 2932736 2932736 271 26
00000204 svchost.exe 2469888 24652 32604 2248704 2248704 545 12
00000230 svchost.exe 2838528 34828 85888 4841472 4841472 445 22
00000260 LEXBCES.EXE 331776 18200 11680 1064960 1064960 148 9
00000278 spoolsv.exe 3031040 35452 23516 7229440 7229440 306 21
00000280 LEXPPS.EXE 98304 21468 46016 1368064 1368064 139 11
00000420 msdtc.exe 536576 22912 22820 2019328 2019328 208 26
0000049C beremote.exe 299008 29080 16400 4358144 4358144 126 7
000004AC benetns.exe 311296 17584 11576 835584 835584 51 3
000004BC benser.exe 253952 17540 11680 851968 851968 55 5
000004D8 dfssvc.exe 1642496 16608 13724 1331200 1331200 116 6
00000500 EUQMonitor.exe 6057984 35020 16470 4653056 4653056 246 17
00000528 svchost.exe 2887680 32680 8800 4878336 4878336 188 12
00000534 inetinfo.exe 31096832 110808 397743 30035968 30035968 3271 102
00000558 pds.exe 262144 19368 5120 1490944 1490944 109 5
00000598 ismserv.exe 1261568 34036 11924 3784704 3784704 338 13
000005C0 sqlservr.exe 7794688 33632 36760 45502464 45502464 376 29
000005E4 ntfrs.exe 1155072 23568 12164 5750784 5750784 529 19
0000068C OfcService.exe 54751232 72144 23744 41836544 41836544 468 46
0000071C svchost.exe 249856 13056 2760 598016 598016 60 2
00000730 regsvc.exe 442368 8036 9548 286720 286720 33 2
00000740 wdsvc.exe 376832 24228 4476 1388544 1388544 64 3
00000760 LOCATOR.EXE 258048 13256 10900 638976 638976 44 3
00000778 svcGenericHost. 249856 11708 2136 643072 643072 42 3
0000070C DbServer.exe 3231744 21212 6888 26390528 26390528 145 9
000007F4 svcGenericHost. 249856 11708 2136 643072 643072 42 3
00000810 SMEX_Master.exe 120913920 484296 31868 129478656 129478656 927 96
00000808 mstask.exe 335872 22964 15460 1433600 1433600 133 7
00000818 SMEX_SystemWatc 11476992 39160 10300 9486336 9486336 297 13
00000858 stisvc.exe 237568 14492 2084 495616 495616 58 4
00000890 svchost.exe 516096 16924 13448 1695744 1695744 196 12
000008A8 lserver.exe 2072576 26636 20892 4304896 4304896 235 15
000009F0 WinMgmt.exe 9285632 86716 123272 23048192 23048192 1070 29
000009FC svchost.exe 1183744 32604 6940 5165056 5165056 232 5
00000A08 pvlsvr.exe 532480 32700 8116 2875392 2875392 220 10
00000A80 DNS.EXE 1945600 16744 22868 2191360 2191360 168 16
00000AC8 XFR.EXE 274432 15780 5744 1024000 1024000 86 6
00000B88 EXMGMT.EXE 122880 18668 70620 10801152 10801152 94 3
00000B90 MSGSYS.EXE 204800 19000 22128 1699840 1699840 132 13
00000C24 MAD.EXE 13115392 49972 149268 16478208 16478208 916 45
00000C40 mssearch.exe 532480 28136 9836 13418496 13418496 216 8
00000CE8 FXSSVC.exe 700416 22384 13188 3911680 3911680 88 14
00000DAC STORE.EXE 965038080 1014408 186050 46981120 46981120 3226 112
00000E38 EMSMTA.EXE 4300800 40328 115344 17723392 17723392 845 39
00000ECC MSPADMIN.EXE 1384448 31716 46680 2666496 2666496 392 18
00000FA0 WSPSRV.EXE 1589248 42452 156496 4280320 4280320 1293 27
00001008 W3PROXY.EXE 9572352 35312 272300 208437248 208437248 881 18
00001084 W3PREFCH.EXE 524288 23828 4580 1290240 1290240 156 7
000000B4 explorer.exe 2039808 42024 42848 2641920 2641920 272 11
00000E94 VxTaskbarMgr.ex 0 16532 3108 425984 425984 25 2
00000E64 GoogleToolbarNo 270336 26448 4632 2908160 2908160 158 5
000014E4 svcGenericHost. 258048 12036 2292 712704 712704 43 3
000014F8 SMEX_RemoteConf 102400 17020 12616 1433600 1433600 49 4
00000CB8 CSRSS.EXE 1105920 15036 3852 835584 835584 154 11
00000110 WINLOGON.EXE 741376 26176 32264 18755584 18755584 158 12
000011E0 CSRSS.EXE 765952 15960 4008 667648 667648 149 12
0000151C WINLOGON.EXE 942080 26176 32264 4038656 4038656 159 12
00001568 PccNTUpd.exe 0 14416 1720 307200 307200 24 1
000011A4 rdpclip.exe 0 13008 1824 389120 389120 33 2
00001344 explorer.exe 1781760 47664 46592 5287936 5287936 420 14
00000E24 PccNTMon.exe 1339392 19272 5796 2015232 2015232 61 3
00000E84 GoogleToolbarNo 270336 26448 4632 2904064 2904064 160 5
000003A8 poolmon.exe 294912 7392 1148 348160 348160 12 1
000010A8 CSRSS.EXE 970752 38728 3488 659456 659456 116 11
00000A68 WINLOGON.EXE 1294336 26176 32264 4419584 4419584 156 12
000001A0 rdpclip.exe 53248 13008 1824 356352 356352 33 2
0000155C explorer.exe 6426624 37052 41196 4354048 4354048 349 13
000002D0 PccNTMon.exe 1413120 19272 5796 2015232 2015232 61 3
00000404 CSRSS.EXE 1507328 16096 4008 638976 638976 151 11
00001578 WINLOGON.EXE 3088384 26176 32264 4321280 4321280 158 12
00001600 rdpclip.exe 110592 13008 1824 356352 356352 33 2
00001618 explorer.exe 5652480 57824 37672 4722688 4722688 389 11
0000165C PccNTMon.exe 1413120 19272 5796 2015232 2015232 62 3
000014BC OUTLOOK.EXE 3780608 88428 29566 5697536 5697536 495 13
000015B8 WINWORD.EXE 2977792 100832 13824 20529152 20529152 326 4
0000132C EXCEL.EXE 3358720 86516 17268 22343680 22343680 185 3
000013D4 CSRSS.EXE 40960 9092 2032 290816 290816 49 6
0000158C WINLOGON.EXE 65536 12524 2344 1425408 1425408 26 1
00000568 CSRSS.EXE 40960 9092 2032 290816 290816 49 6
00001710 WINLOGON.EXE 65536 12524 2344 1425408 1425408 26 1
00000E68 rdpclip.exe 53248 13008 1824 356352 356352 33 2
0000036C explorer.exe 7323648 43776 27192 2760704 2760704 283 11
000011E4 PccNTMon.exe 2138112 19272 5796 2015232 2015232 61 3
0000164C OUTLOOK.EXE 18681856 87724 28816 8749056 8749056 579 17
000015D0 mdm.exe 1576960 16320 2916 794624 794624 89 3
000017D8 WINWORD.EXE 1966080 55876 5620 4825088 4825088 172 4
00001780 EXCEL.EXE 32387072 58492 20440 29351936 29351936 180 3
000003B4 mmc.exe 10547200 38924 6504 5574656 5574656 141 3
000016F8 memsnap.exe 966656 12084 1512 331776 331776 17 1
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Both of the above answers were partly right.
I have been waiting to post back until I was sure the problem was fixed.
This was a pretty important server, and they did not have time for me to track down this elusive little bug... so I gave in and called Microsoft and paid for the $249.00 phone call!
I got two techs on the phone and got them logged in with the Microsoft Live Assist.
One tech changed the IRPStackSize registry entry to a higher number (I had done this also) and he added a registry key I hadn't seen before:
hklm\system\ControlSet001\
DWORD XactMemSize and set it to 1000000 Hex
This key helps the server to better manage the memory.
The other tech played in the printers area of the registry, comparing HP drivers, but really didn't change much.
He installed pmlc.msi, the PoolMon Log Creator.
He installed the Performance Monitor. perfwiz.exe. Then in perfmon, under Counter Logs, there is a PerfWiz entry.
These are all just monitoring tools to help analyze a crash, but I haven't had a crash since.
Thanks for the input
I have been waiting to post back until I was sure the problem was fixed.
This was a pretty important server, and they did not have time for me to track down this elusive little bug... so I gave in and called Microsoft and paid for the $249.00 phone call!
I got two techs on the phone and got them logged in with the Microsoft Live Assist.
One tech changed the IRPStackSize registry entry to a higher number (I had done this also) and he added a registry key I hadn't seen before:
hklm\system\ControlSet001\
DWORD XactMemSize and set it to 1000000 Hex
This key helps the server to better manage the memory.
The other tech played in the printers area of the registry, comparing HP drivers, but really didn't change much.
He installed pmlc.msi, the PoolMon Log Creator.
He installed the Performance Monitor. perfwiz.exe. Then in perfmon, under Counter Logs, there is a PerfWiz entry.
These are all just monitoring tools to help analyze a crash, but I haven't had a crash since.
Thanks for the input
They will find the culprit. Watching poolmon is a productive task only when the problem is pretty obvious (lets say the suspect component is fast doing its evil job and the computer hangs after a few hours or minutes). With a scheduled capture they will have a much better view.
Please, let us know how they solved your problem.
Please, let us know how they solved your problem.
You can also use this article to find out the driver of a suspect pool tag
support.microsoft.com/kb/2
The capture interval in poolmon log creator has to be set according to the frequency of the issue.
Once you have the poolmon logs, you may also share the link to it so that even we analyze it.
support.microsoft.com/kb/2
The capture interval in poolmon log creator has to be set according to the frequency of the issue.
Once you have the poolmon logs, you may also share the link to it so that even we analyze it.
The articles that are generally followed for 2020 and 2019 issues are the registry tweaks mentioend in MS KB's 312362 and 324446
http://support.microsoft.com/kb/312362 - Server is unable to allocate memory from the system paged pool
http://support.microsoft.com/kb/324446 - Terminal Server and connected Terminal Services clients pause when a Terminal Services client logs on or logs off
http://support.microsoft.com/kb/312362 - Server is unable to allocate memory from the system paged pool
http://support.microsoft.com/kb/324446 - Terminal Server and connected Terminal Services clients pause when a Terminal Services client logs on or logs off
ASKER
One tech removed HP*.dll entries and the other guy made the two registry changes. I am not sure which was the thing that repaired the error.
you can ask them for a complete case documentation/summary just so that you know what to do in case the issue re-occurs.
if you were to remove all hp*.dll entries from the system, then all your hp printers would become dysfunctional.
if you were to remove all hp*.dll entries from the system, then all your hp printers would become dysfunctional.
ASKER
Exactly, I will post the email when I get it from MS.
Do you have the link for pmlc? I couldnt find it anywhere. Can you post that too?
It's an internal MS tool and not available publicly.
I use a script along with memsnap as an alternative.
it's not as good but it does the trick for me and besides, it does not require any installation.
a lot of admins have to go through RFC'S (request for change) in order to install software on a server hence this approach is more preferable in some scenarios.
https://filedb.experts-exchange.com/incoming/ee-stuff/5198-memsnap.zip <--here's the link to it along with the instructions on how to use.
I use a script along with memsnap as an alternative.
it's not as good but it does the trick for me and besides, it does not require any installation.
a lot of admins have to go through RFC'S (request for change) in order to install software on a server hence this approach is more preferable in some scenarios.
https://filedb.experts-exchange.com/incoming/ee-stuff/5198-memsnap.zip <--here's the link to it along with the instructions on how to use.
ASKER
Process ID Proc.Name Wrkng.Set PagedPool NonPgdPl Pagefile Commit Handles Threads
00000000 (null) 16384 0 0 0 0 0 2
00000008 System 217088 0 0 24576 24576 241 59
000000C8 SMSS.EXE 401408 5740 1252 1110016 1110016 57 6
000000E0 CSRSS.EXE 2863104 33744 6816 1490944 1490944 1283 13
000000F8 WINLOGON.EXE 3010560 30968 42224 7544832 7544832 428 17
00000114 SERVICES.EXE 9248768 35484 758108 4161536 4161536 869 44
00000120 LSASS.EXE 49283072 34928 188214 50749440 50749440 1180 45
00000180 termsrv.exe 6066176 18980 16144 2740224 2740224 213 20
00000204 svchost.exe 4853760 21816 32552 2060288 2060288 433 12
00000230 svchost.exe 9871360 34828 77696 4808704 4808704 427 22
00000260 LEXBCES.EXE 2707456 18200 11680 1069056 1069056 149 9
00000278 spoolsv.exe 11341824 35452 23620 7200768 7200768 283 22
00000280 LEXPPS.EXE 3727360 21468 46016 1368064 1368064 139 11
00000420 msdtc.exe 6115328 22912 22820 2019328 2019328 208 26
0000049C beremote.exe 7180288 29080 16400 4358144 4358144 126 7
000004AC benetns.exe 2752512 17584 11576 835584 835584 51 3
000004BC benser.exe 3002368 17540 11680 851968 851968 55 5
000004D8 dfssvc.exe 3780608 16608 13672 1245184 1245184 116 6
00000500 EUQMonitor.exe 6823936 28052 8496 2850816 2850816 175 16
00000528 svchost.exe 8798208 32680 8800 4878336 4878336 188 12
00000534 inetinfo.exe 33583104 110424 388681 28549120 28549120 3237 101
00000558 pds.exe 3731456 19368 5120 1490944 1490944 109 5
00000598 ismserv.exe 8253440 34036 11924 3788800 3788800 339 13
000005C0 sqlservr.exe 59011072 33632 36760 45371392 45371392 374 29
000005E4 ntfrs.exe 1179648 23568 12164 5734400 5734400 527 19
0000068C OfcService.exe 44056576 72144 23172 24739840 24739840 452 47
0000071C svchost.exe 2174976 13056 2760 598016 598016 60 2
00000730 regsvc.exe 1085440 8036 9652 294912 294912 35 3
00000740 wdsvc.exe 4886528 24228 4476 1388544 1388544 64 3
00000760 LOCATOR.EXE 2027520 13256 10900 638976 638976 44 3
00000778 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
0000070C DbServer.exe 29106176 21212 6888 26390528 26390528 145 9
000007F4 svcGenericHost. 2183168 11708 2136 643072 643072 42 3
00000810 SMEX_Master.exe 125091840 513792 31556 122728448 122728448 888 95
00000808 mstask.exe 5193728 22964 15460 1433600 1433600 133 7
00000818 SMEX_SystemWatc 16896000 39160 10300 9359360 9359360 297 13
00000858 stisvc.exe 1855488 14492 2084 495616 495616 58 4
00000890 svchost.exe 3866624 16924 13448 1699840 1699840 193 12
000008A8 lserver.exe 7376896 26636 20892 4329472 4329472 235 15
000009F0 WinMgmt.exe 8351744 86508 106680 16723968 16723968 1044 28
000009FC svchost.exe 8032256 32604 6940 5173248 5173248 233 5
00000A08 pvlsvr.exe 9719808 32700 8116 2875392 2875392 220 10
00000A80 DNS.EXE 4698112 16744 38655 2138112 2138112 168 16
00000AC8 XFR.EXE 2842624 15780 5744 1024000 1024000 86 6
00000B88 EXMGMT.EXE 5193728 18668 70620 10801152 10801152 94 3
00000B90 MSGSYS.EXE 3739648 19000 22128 1699840 1699840 132 13
00000C24 MAD.EXE 17985536 47416 171212 15474688 15474688 878 45
00000C40 mssearch.exe 1306624 28136 9836 13418496 13418496 216 8
00000CE8 FXSSVC.exe 4001792 22384 13188 3911680 3911680 88 14
00000DAC STORE.EXE 37412864 116552 158680 29769728 29769728 3125 112
00000E38 EMSMTA.EXE 5832704 40148 115240 18124800 18124800 837 38
00000ECC MSPADMIN.EXE 7385088 32780 30452 2711552 2711552 391 18
00000FA0 WSPSRV.EXE 9211904 42452 156496 4280320 4280320 1293 27
00001008 W3PROXY.EXE 70606848 35312 272300 208437248 208437248 881 18
00001084 W3PREFCH.EXE 4657152 23828 4580 1290240 1290240 156 7
000000B4 explorer.exe 8404992 42000 26308 2646016 2646016 264 10
00000E94 VxTaskbarMgr.ex 1581056 16532 3108 425984 425984 25 2
00000E64 GoogleToolbarNo 413696 26448 4632 2908160 2908160 158 5
000014E4 svcGenericHost. 2301952 12036 2292 712704 712704 43 3
000014F8 SMEX_RemoteConf 4448256 17020 12616 1433600 1433600 49 4
00000CB8 CSRSS.EXE 2117632 14932 3852 696320 696320 144 11
00000110 WINLOGON.EXE 17420288 26176 32264 18755584 18755584 154 12
000011E0 CSRSS.EXE 933888 9092 2032 290816 290816 50 6
0000151C WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
00001568 PccNTUpd.exe 1429504 14416 1720 307200 307200 24 1
000013C4 CSRSS.EXE 933888 9092 2032 290816 290816 49 6
000010B8 WINLOGON.EXE 1609728 12524 2344 1425408 1425408 26 1
000011A4 rdpclip.exe 1236992 13008 1824 356352 356352 33 2
00001344 explorer.exe 3186688 44432 15580 4116480 4116480 319 11
00000E24 PccNTMon.exe 3874816 19272 5796 2015232 2015232 60 3
00000E84 GoogleToolbarNo 331776 26448 4632 2904064 2904064 160 5
000002D8 mmc.exe 10674176 38680 6504 5611520 5611520 145 4
00001460 CMD.EXE 1241088 13192 1564 319488 319488 22 1
0000143C memsnap.exe 966656 12084 1512 331776 331776 17 1