lsass.exe - memory leak using poolmon
Hi all,
Im trying to understand poolmon output to determine any memory leak for lsass.exe since lsass.exe memory usage keeps increasing.
From doing some research, my understanding is i have to examine the Diff (allocations minus frees) and Bytes (number of bytes allocated minus number of bytes freed) values for each tag, and note any that continually increase.
When i checked the result, why it does have negative value? (see the attached). What does it mean?
Thank you
253.txt
Im trying to understand poolmon output to determine any memory leak for lsass.exe since lsass.exe memory usage keeps increasing.
From doing some research, my understanding is i have to examine the Diff (allocations minus frees) and Bytes (number of bytes allocated minus number of bytes freed) values for each tag, and note any that continually increase.
When i checked the result, why it does have negative value? (see the attached). What does it mean?
Thank you
253.txt
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi Bawer,
The system has crashed :( ..It has been restarted and lsass.exe is 45 MB now..
The system is windows 2003 32, running DC and exchange.
Will let you know more next week.
See attached for the msconfig.. I dont know what is regsvr32 /s mqrt for..
msconfig.PNG
The system has crashed :( ..It has been restarted and lsass.exe is 45 MB now..
The system is windows 2003 32, running DC and exchange.
Will let you know more next week.
See attached for the msconfig.. I dont know what is regsvr32 /s mqrt for..
msconfig.PNG
What was the reason of the crash ?
from the MSCONFIG, remove the Re-Rite6 and the Schedhlp.
"regsvr32 /s mqrt.dll
This command is used to register Microsoft Message Queue
DLL. MSMQ is installed as part of Microsoft Personal Web Server.
Accept this change. "
I do not consider this to be running in the startup , you may un-tick the same and restart the machine. Make sure you have the latest backups since the crash is not a good sign.
from the MSCONFIG, remove the Re-Rite6 and the Schedhlp.
"regsvr32 /s mqrt.dll
This command is used to register Microsoft Message Queue
DLL. MSMQ is installed as part of Microsoft Personal Web Server.
Accept this change. "
I do not consider this to be running in the startup , you may un-tick the same and restart the machine. Make sure you have the latest backups since the crash is not a good sign.
ASKER
The lsass.exe has gone over 1.5GB. We have 8 GB physical RAM and running windows 2003 32 bits.
Have you checked on my previous note
ASKER
Hi Bawer,<br /><br />I'm closing the forum without finding problem/solution since the server has migrated to different hardware. <br />I will assign the full points to you for helping me.<br /><br />Thank you
Windows Server 2003
Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
I have run AVG antivirus but nothing found. At the moment, the lsass.exe memory usage is over 1GB. When i checked yesterday, it was around 950MB.
I'm a bit concerned since the lsass.exe memory usage keeps increasing. And today is saturday and nobody working in the office.