Solved

Identifying process that is consuming kernel memory

Posted on 2011-03-02
6
424 Views
Last Modified: 2012-05-11
Hello,
I need assistance identifying specifically what process/program is consuming resources until, ultimately, the multiple failures occur due to "insufficient resources".

I have generated tracking logs of memory usage using Performance Monitor and here is what I have learned so far.  On boot the system is fine and paged kernel memory usage will run in the 60 MB range.  During the evening the pooled paged memory usage will ramp up to about 120 MB and plateau there.  Each evening in which I do a backup the memory usage ramps up to a new plateau. It never goes back down.   Ultimately if I do not reboot the memory usage will hit the mid 300s and things go very bad quickly!

The ramping up appears to coincide with the period when the backup program is backing up local files on the server.  It does not appear to occur when the backup program is backing up files from client servers over the network.  Some testing I have done seems to indicate this problem is related to the antivirus program but this is not conclusive and I need to test further.  The antivirus is supposedly configured to trust the backup program and I believe this is to prevent it from scanning all the files while they were being backed up.  I will be contacting support representatives for the backup and antivirus programs but my gut experience tells me the better evidence I have in hand, the better chance I have of getting satisfaction from them.  Due to my experience with these vendors I am not looking forward to either call.

I am going to continue monitoring and testing but am hoping that someone out there can point me to a tool or method that will identify what specifically has claimed all that memory and won't give it back.

I should mention that this is a Windows 2003 Server file and mail server running Exchange Server 2003, Retrospect Server backup software and McAfee Security as a Service antivirus software.  The memory consumption does not begin when the Exchange store is backup up but rather when the files are being backed up.

Thanks,
Frank
0
Comment
Question by:fakaul
  • 3
  • 2
6 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 35019994
You can try to monitor with perfmon the process you suspect.
For each process, look at paged memory, non-paged memory, or others counters.
I think you will find the one where the memory grow but is never free.

0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35021542
Try Process Hacker:
http://processhacker.sourceforge.net/

Sudeep
0
 

Assisted Solution

by:fakaul
fakaul earned 0 total points
ID: 35021907

I do not see counters for the Anti-virus software or the backup software listed in PerfMon.  I will see if I can find some that can be installed.  I have also just learned about a tool called POOLMON that looks promising.  I will check it and Process Hacker out.

http://support.microsoft.com/kb/177415 
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 11

Accepted Solution

by:
Tasmant earned 250 total points
ID: 35025396
there is no special counters for your programs, but there is "processus" counter, on which you can choose what you want to monitor, and choose for which instance you want monitor (ie antivirus process, or backup process ...). You just have to identify the process, or if they don't run the time you choose counter, you will have to run the process to add it.
0
 

Author Comment

by:fakaul
ID: 35062587
I am following up on using the process counters and will let you know how it works out.
0
 

Author Closing Comment

by:fakaul
ID: 35331341
This information was helpful, especially combined with the PoolMon tool I located independently
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Backup image 3 38
Backup Exec & Exchange 2 32
Acronis True Image HD 5 72
Connecting two servers 30 76
Learn about cloud computing and its benefits for small business owners.
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now