Solved

How to identify which application/driver/process is causing the non paged pool leak

Posted on 2008-06-17
5
783 Views
Last Modified: 2008-07-01
Hi Experts,

One of my  servers is having a non paged memory leak (in the event viewer I can find errors source:srv eventid 2019  The server was unable to allocate from the system non paged pool because the pool was empty).
The server is running windows server 2003 SP1 (IBM hardware  Xseries366) I have already used the poolmon utility to capture the poolsnap and I identify that there is a leak in the following tags :  AFDC,AFDE and FILE

Anyone have more knowledge about those tags (whats the application/etc..)? And I will appreciate if you can guide me on how to solve the leaking in those tags (installing the latest firmware?)

I appreciate any help,

Regards,
Boaz Galil:
0
Comment
Question by:dpatel_team
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:dpatel_team
ID: 21819614
any idea on this issue?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21820576
0
 

Author Comment

by:dpatel_team
ID: 21837777
Yes ofcourse I used Poolmon - with Poolmon I identify that I have a leak at the following pools - AFDC/AFDE/FILE , but what is the next step ?
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 500 total points
ID: 21838253
According to this article the AFDC and AFDE files might be a Heuristic virus. Heuristic, by definition, is a loose practice to a solution. So, this may be a viru in its infantcy, (a trial and error method to create a virus if you will). If your AV software is set to scan for Heuristic viruses, your AV software may be chewing on those files that and causing a memory leak.

http://gordano.biz/kb.htm?q=3161

How is this important?
http://www.claymania.com/virus-specific.html
I love this article that is real and to the point. No AV package is 100%. Scanning for Heuristic viruses can warn you, but most likely a AV product will not delete the suspected file until it becomes a full blown virus. What I like about this article is that it points out best met computing practices is the best tool to prevent viruses while a AV/AS package is still important.

In your case, I would look at a cleaning tool for w32\downloader and its variants. This might be a good start.
http://www.spywareguide.com/product_show.php?id=3510

It is not uncommon that a Heuristic scan causes a memory leak because the AV package doesn't know what to do with it.
0
 

Accepted Solution

by:
dpatel_team earned 0 total points
ID: 21846418
The problem was solved by updating the IBM drivers,

I guess thats the first thing you need (updating drivers) to do whenver you bump into a non-page pool leak...

Thanks guys for your help.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
corrupt Databases 9 79
new laptop new users 8 67
Run Server 2012 on PowerEdge 2950 13 27
GPS For Commercial Vehicles 10 20
Monitor input from a computer is usually nothing special.  In this instance it prevented anyone from using the computer.  This was a preconfiguration that didn't work.
Stuck in voice control mode on your Amazon Firestick?  Here is how to turn it off!!!
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question