The server was unable to allocate from the system paged pool

[Guest Kelvin Ng]

One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &

suddenly server seems like freeze, i have to restart server to solve this

problem. it happend on 18/01 & 02/02

[Guest Thee Chicago Wolf]

Re: The server was unable to allocate from the system paged pool

 

>One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &

>suddenly server seems like freeze, i have to restart server to solve this

>problem. it happend on 18/01 & 02/02

 

Running service pack 2? Take a look at some of these KB articles

regarding non-paged pool exhaustion:

 

http://support.microsoft.com/kb/931311

http://support.microsoft.com/kb/918976

http://support.microsoft.com/kb/945410

http://support.microsoft.com/kb/938666

http://support.microsoft.com/kb/822219

http://support.microsoft.com/kb/940307

http://support.microsoft.com/kb/317249

 

- Thee Chicago Wolf

[Guest John John]

Re: The server was unable to allocate from the system paged pool

 

Start the Task Manager and select the option to view "Handle Count". Is

there a process there with a particularly large handle count, like in

the thousands or tens of thousands?

 

If you see nothing out of the usual with the Handle Count then you may

want to monitor the pool consumption with poolmon.exe

http://support.microsoft.com/kb/177415/ this could reveal which driver

or process is consuming all the paged pool.

 

AV programs are sometimes the culprit, NAV in particular is known to

sometimes run amuck with the paged pool, did you by any chance update

your AV software?

 

John

 

Kelvin Ng wrote:

> One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &

> suddenly server seems like freeze, i have to restart server to solve this

> problem. it happend on 18/01 & 02/02

[Guest Kerry Brown]

Re: The server was unable to allocate from the system paged pool

 

Trend Micro can also have this problem. Contact them for a fix.

 

--

Kerry Brown

Microsoft MVP - Shell/User

http://www.vistahelp.ca/phpBB2/

 

 

 

"Kelvin Ng" <KelvinNg@discussions.microsoft.com> wrote in message

news:A2AA295A-5CDA-4BAE-98B1-D05180AA0EF4@microsoft.com...

> One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &

> suddenly server seems like freeze, i have to restart server to solve this

> problem. it happend on 18/01 & 02/02

[Guest Kelvin Ng]

Re: The server was unable to allocate from the system paged pool

 

Hi John;

on Handles counter under task manager, only below three processes above

thousand;

System -> 3,093 (Memory Usage -> 356K)

csrss.exe --> 1,916 (Memory Usage -> 1,444K)

svchost.exe --> 1,802 (Memory Usage -> 30,516K)

 

Paged Pool captured using Poolmon.exe ran for few hours;

Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K

P:155512K

Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K

P:156260K

 

Tag Type Allocs Frees Diff Bytes Per Alloc

Mapped_Driver

sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0)

40 [klif]

Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0)

7785 Unknown Driver

MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024)

2793 Unknown Driver

UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0)

4198400 Unknown Drive

FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0)

1952 Unknown Driver

Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0)

174 Unknown Driver

CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0)

103765 Unknown Driver

Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712)

816 [ntfs]

R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0)

21838 Unknown Driver

NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0)

47633 [ntfs]

CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0)

4096 Unknown Driver

SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0)

667648 [klif]

Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0)

2064 Unknown Driver

Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0)

59608 Unknown Driver

CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0)

139 Unknown Driver

Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0)

2520 Unknown Driver

NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872)

936 Unknown Driver

Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0)

2599 Unknown Driver

CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0)

4355 Unknown Driver

CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0)

58 Unknown Driver

IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320)

148 Unknown Driver

Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960)

392 Unknown Driver

Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624)

656 Unknown Driver

UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0)

69632 [http]

Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0)

5439 Unknown Driver

Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0)

620 Unknown Driver

FSim Paged 2348531 ( 8) 2347153 ( 2) 1378 176384 ( 768)

128 Unknown Driver

CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0)

13548 Unknown Driver

Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0)

32768 Unknown Driver

Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0)

103 Unknown Driver

CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0)

276 Unknown Driver

ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0)

4096 [acpi][mf][pci

NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0)

13136 [ntfs]

LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0)

65536 Unknown Driver

WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0)

118784 Unknown Driver

CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0)

48 Unknown Driver

CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0)

8192 Unknown Driver

 

 

Non-Paged Pool captured using Poolmon.exe ran for few hours;

Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K

P:155484K

Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K

P:156196K

System pool information

Tag Type Allocs Frees Diff Bytes Per

Alloc Mapped_Driver

MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0)

218920 Unknown Driver

LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0)

2576384 Unknown Driver

 

VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0)

225280 Unknown Driver

File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568)

152 Unknown Driver

Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608)

624 Unknown Driver

Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0)

44525 Unknown Driver

LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0)

3256 Unknown Driver

AfdC Nonp 1338724 ( 7) 1336424 ( 18) 2300 368000 ( -1760)

160 [afd]

Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648)

326 Unknown Driver

Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0)

42192 Unknown Driver

Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0)

924 Unknown Driver

Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128)

48 Unknown Driver

TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400)

84 [tcpip]

Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0)

72362 Unknown Driver

Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0)

28267 Unknown Driver

Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0)

1544 [klif]

Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0)

65536 [ntfs]

UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0)

608 [http]

Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0)

48 Unknown Driver

Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952)

138 Unknown Driver

Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0)

64 [ntfs]

TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432)

48 [tcpip]

MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0)

234 Unknown Driver

RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0)

131072 [tcpip]

Mdl Nonp 613296 ( 28) 612315 ( 17) 981 125568 ( 1408)

128 Unknown Driver

R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0)

7601 Unknown Driver

CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936)

312 Unknown Driver

FSfm Nonp 2296640 ( 68) 2293700 ( 84) 2940 117600 ( -640)

40 Unknown Driver

usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0)

3994 [usbport]

MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336)

103 Unknown Driver

NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0)

8771 [ntfs]

VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608)

32 Unknown Driver

UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0)

7563 Unknown Driver

CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040)

660 Unknown Driver

brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0)

13029 [b57xp32]

Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152)

64 Unknown Driver

AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144)

535 [afd]

Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720)

272 Unknown Driver

NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0)

3048 Unknown Driver

 

we are running Kaspersky File Server 6.0.2.690 on all our servers &

monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -->

6.0.3.837

 

Thanks,

Kelvin

 

 

"John John" wrote:

> Start the Task Manager and select the option to view "Handle Count". Is

> there a process there with a particularly large handle count, like in

> the thousands or tens of thousands?

>

> If you see nothing out of the usual with the Handle Count then you may

> want to monitor the pool consumption with poolmon.exe

> http://support.microsoft.com/kb/177415/ this could reveal which driver

> or process is consuming all the paged pool.

>

> AV programs are sometimes the culprit, NAV in particular is known to

> sometimes run amuck with the paged pool, did you by any chance update

> your AV software?

>

> John

>

> Kelvin Ng wrote:

> > One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &

> > suddenly server seems like freeze, i have to restart server to solve this

> > problem. it happend on 18/01 & 02/02

>

>

[Guest John John]

Re: The server was unable to allocate from the system paged pool

 

Could you attach that to your reply as a csv file? I'll try to take a

look at it and see if I can see anything unusual. As it is in the body

of the post it is a bit hard to arrange the information in an easily

readable format, as a .csv file it can easily be opened with a

spreadsheet program and it is much easier to decipher.

 

John

 

Kelvin Ng wrote:

> Hi John;

> on Handles counter under task manager, only below three processes above

> thousand;

> System -> 3,093 (Memory Usage -> 356K)

> csrss.exe --> 1,916 (Memory Usage -> 1,444K)

> svchost.exe --> 1,802 (Memory Usage -> 30,516K)

>

> Paged Pool captured using Poolmon.exe ran for few hours;

> Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K

> P:155512K

> Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K

> P:156260K

>

> Tag Type Allocs Frees Diff Bytes Per Alloc

> Mapped_Driver

> sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0)

> 40 [klif]

> Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0)

> 7785 Unknown Driver

> MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024)

> 2793 Unknown Driver

> UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0)

> 4198400 Unknown Drive

> FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0)

> 1952 Unknown Driver

> Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0)

> 174 Unknown Driver

> CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0)

> 103765 Unknown Driver

> Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712)

> 816 [ntfs]

> R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0)

> 21838 Unknown Driver

> NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0)

> 47633 [ntfs]

> CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0)

> 4096 Unknown Driver

> SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0)

> 667648 [klif]

> Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0)

> 2064 Unknown Driver

> Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0)

> 59608 Unknown Driver

> CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0)

> 139 Unknown Driver

> Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0)

> 2520 Unknown Driver

> NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872)

> 936 Unknown Driver

> Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0)

> 2599 Unknown Driver

> CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0)

> 4355 Unknown Driver

> CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0)

> 58 Unknown Driver

> IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320)

> 148 Unknown Driver

> Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960)

> 392 Unknown Driver

> Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624)

> 656 Unknown Driver

> UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0)

> 69632 [http]

> Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0)

> 5439 Unknown Driver

> Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0)

> 620 Unknown Driver

> FSim Paged 2348531 ( 8) 2347153 ( 2) 1378 176384 ( 768)

> 128 Unknown Driver

> CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0)

> 13548 Unknown Driver

> Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0)

> 32768 Unknown Driver

> Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0)

> 103 Unknown Driver

> CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0)

> 276 Unknown Driver

> ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0)

> 4096 [acpi][mf][pci

> NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0)

> 13136 [ntfs]

> LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0)

> 65536 Unknown Driver

> WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0)

> 118784 Unknown Driver

> CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0)

> 48 Unknown Driver

> CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0)

> 8192 Unknown Driver

>

>

> Non-Paged Pool captured using Poolmon.exe ran for few hours;

> Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K

> P:155484K

> Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K

> P:156196K

> System pool information

> Tag Type Allocs Frees Diff Bytes Per

> Alloc Mapped_Driver

> MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0)

> 218920 Unknown Driver

> LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0)

> 2576384 Unknown Driver

>

> VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0)

> 225280 Unknown Driver

> File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568)

> 152 Unknown Driver

> Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608)

> 624 Unknown Driver

> Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0)

> 44525 Unknown Driver

> LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0)

> 3256 Unknown Driver

> AfdC Nonp 1338724 ( 7) 1336424 ( 18) 2300 368000 ( -1760)

> 160 [afd]

> Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648)

> 326 Unknown Driver

> Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0)

> 42192 Unknown Driver

> Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0)

> 924 Unknown Driver

> Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128)

> 48 Unknown Driver

> TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400)

> 84 [tcpip]

> Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0)

> 72362 Unknown Driver

> Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0)

> 28267 Unknown Driver

> Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0)

> 1544 [klif]

> Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0)

> 65536 [ntfs]

> UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0)

> 608 [http]

> Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0)

> 48 Unknown Driver

> Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952)

> 138 Unknown Driver

> Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0)

> 64 [ntfs]

> TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432)

> 48 [tcpip]

> MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0)

> 234 Unknown Driver

> RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0)

> 131072 [tcpip]

> Mdl Nonp 613296 ( 28) 612315 ( 17) 981 125568 ( 1408)

> 128 Unknown Driver

> R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0)

> 7601 Unknown Driver

> CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936)

> 312 Unknown Driver

> FSfm Nonp 2296640 ( 68) 2293700 ( 84) 2940 117600 ( -640)

> 40 Unknown Driver

> usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0)

> 3994 [usbport]

> MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336)

> 103 Unknown Driver

> NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0)

> 8771 [ntfs]

> VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608)

> 32 Unknown Driver

> UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0)

> 7563 Unknown Driver

> CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040)

> 660 Unknown Driver

> brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0)

> 13029 [b57xp32]

> Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152)

> 64 Unknown Driver

> AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144)

> 535 [afd]

> Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720)

> 272 Unknown Driver

> NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0)

> 3048 Unknown Driver

>

> we are running Kaspersky File Server 6.0.2.690 on all our servers &

> monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -->

> 6.0.3.837

>

> Thanks,

> Kelvin

>

>

> "John John" wrote:

>

>

>>Start the Task Manager and select the option to view "Handle Count". Is

>>there a process there with a particularly large handle count, like in

>>the thousands or tens of thousands?

>>

>>If you see nothing out of the usual with the Handle Count then you may

>>want to monitor the pool consumption with poolmon.exe

>>http://support.microsoft.com/kb/177415/ this could reveal which driver

>>or process is consuming all the paged pool.

>>

>>AV programs are sometimes the culprit, NAV in particular is known to

>>sometimes run amuck with the paged pool, did you by any chance update

>>your AV software?

>>

>>John

>>

>>Kelvin Ng wrote:

>>

>>>One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &

>>>suddenly server seems like freeze, i have to restart server to solve this

>>>problem. it happend on 18/01 & 02/02

>>

>>

[Guest Kelvin Ng]

Re: The server was unable to allocate from the system paged pool

 

Hi John John,

i have sent the attachment files to your audetweld@nbnet.nb.ca email account

via my guyncp@hotmail.com as i wouldn't know how attach as csv file in reply

to you.

 

Thanks & Regards

 

"John John" wrote:

> Could you attach that to your reply as a csv file? I'll try to take a

> look at it and see if I can see anything unusual. As it is in the body

> of the post it is a bit hard to arrange the information in an easily

> readable format, as a .csv file it can easily be opened with a

> spreadsheet program and it is much easier to decipher.

>

> John

>

> Kelvin Ng wrote:

>

> > Hi John;

> > on Handles counter under task manager, only below three processes above

> > thousand;

> > System -> 3,093 (Memory Usage -> 356K)

> > csrss.exe --> 1,916 (Memory Usage -> 1,444K)

> > svchost.exe --> 1,802 (Memory Usage -> 30,516K)

> >

> > Paged Pool captured using Poolmon.exe ran for few hours;

> > Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K

> > P:155512K

> > Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K

> > P:156260K

> >

> > Tag Type Allocs Frees Diff Bytes Per Alloc

> > Mapped_Driver

> > sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0)

> > 40 [klif]

> > Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0)

> > 7785 Unknown Driver

> > MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024)

> > 2793 Unknown Driver

> > UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0)

> > 4198400 Unknown Drive

> > FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0)

> > 1952 Unknown Driver

> > Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0)

> > 174 Unknown Driver

> > CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0)

> > 103765 Unknown Driver

> > Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712)

> > 816 [ntfs]

> > R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0)

> > 21838 Unknown Driver

> > NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0)

> > 47633 [ntfs]

> > CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0)

> > 4096 Unknown Driver

> > SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0)

> > 667648 [klif]

> > Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0)

> > 2064 Unknown Driver

> > Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0)

> > 59608 Unknown Driver

> > CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0)

> > 139 Unknown Driver

> > Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0)

> > 2520 Unknown Driver

> > NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872)

> > 936 Unknown Driver

> > Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0)

> > 2599 Unknown Driver

> > CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0)

> > 4355 Unknown Driver

> > CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0)

> > 58 Unknown Driver

> > IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320)

> > 148 Unknown Driver

> > Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960)

> > 392 Unknown Driver

> > Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624)

> > 656 Unknown Driver

> > UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0)

> > 69632 [http]

> > Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0)

> > 5439 Unknown Driver

> > Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0)

> > 620 Unknown Driver

> > FSim Paged 2348531 ( 8) 2347153 ( 2) 1378 176384 ( 768)

> > 128 Unknown Driver

> > CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0)

> > 13548 Unknown Driver

> > Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0)

> > 32768 Unknown Driver

> > Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0)

> > 103 Unknown Driver

> > CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0)

> > 276 Unknown Driver

> > ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0)

> > 4096 [acpi][mf][pci

> > NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0)

> > 13136 [ntfs]

> > LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0)

> > 65536 Unknown Driver

> > WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0)

> > 118784 Unknown Driver

> > CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0)

> > 48 Unknown Driver

> > CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0)

> > 8192 Unknown Driver

> >

> >

> > Non-Paged Pool captured using Poolmon.exe ran for few hours;

> > Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K

> > P:155484K

> > Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K

> > P:156196K

> > System pool information

> > Tag Type Allocs Frees Diff Bytes Per

> > Alloc Mapped_Driver

> > MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0)

> > 218920 Unknown Driver

> > LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0)

> > 2576384 Unknown Driver

> >

> > VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0)

> > 225280 Unknown Driver

> > File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568)

> > 152 Unknown Driver

> > Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608)

> > 624 Unknown Driver

> > Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0)

> > 44525 Unknown Driver

> > LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0)

> > 3256 Unknown Driver

> > AfdC Nonp 1338724 ( 7) 1336424 ( 18) 2300 368000 ( -1760)

> > 160 [afd]

> > Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648)

> > 326 Unknown Driver

> > Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0)

> > 42192 Unknown Driver

> > Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0)

> > 924 Unknown Driver

> > Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128)

> > 48 Unknown Driver

> > TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400)

> > 84 [tcpip]

> > Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0)

> > 72362 Unknown Driver

> > Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0)

> > 28267 Unknown Driver

> > Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0)

> > 1544 [klif]

> > Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0)

> > 65536 [ntfs]

> > UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0)

> > 608 [http]

> > Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0)

> > 48 Unknown Driver

> > Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952)

> > 138 Unknown Driver

> > Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0)

> > 64 [ntfs]

> > TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432)

> > 48 [tcpip]

> > MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0)

> > 234 Unknown Driver

> > RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0)

> > 131072 [tcpip]

> > Mdl Nonp 613296 ( 28) 612315 ( 17) 981 125568 ( 1408)

> > 128 Unknown Driver

> > R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0)

> > 7601 Unknown Driver

> > CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936)

> > 312 Unknown Driver

> > FSfm Nonp 2296640 ( 68) 2293700 ( 84) 2940 117600 ( -640)

> > 40 Unknown Driver

> > usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0)

> > 3994 [usbport]

> > MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336)

> > 103 Unknown Driver

> > NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0)

> > 8771 [ntfs]

> > VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608)

> > 32 Unknown Driver

> > UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0)

> > 7563 Unknown Driver

> > CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040)

> > 660 Unknown Driver

> > brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0)

> > 13029 [b57xp32]

> > Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152)

> > 64 Unknown Driver

> > AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144)

> > 535 [afd]

> > Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720)

> > 272 Unknown Driver

> > NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0)

> > 3048 Unknown Driver

> >

> > we are running Kaspersky File Server 6.0.2.690 on all our servers &

> > monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -->

> > 6.0.3.837

> >

> > Thanks,

> > Kelvin

> >

> >

> > "John John" wrote:

> >

> >

> >>Start the Task Manager and select the option to view "Handle Count". Is

> >>there a process there with a particularly large handle count, like in

> >>the thousands or tens of thousands?

> >>

> >>If you see nothing out of the usual with the Handle Count then you may

> >>want to monitor the pool consumption with poolmon.exe

> >>http://support.microsoft.com/kb/177415/ this could reveal which driver

> >>or process is consuming all the paged pool.

> >>

> >>AV programs are sometimes the culprit, NAV in particular is known to

> >>sometimes run amuck with the paged pool, did you by any chance update

> >>your AV software?

> >>

> >>John

> >>

> >>Kelvin Ng wrote:

> >>

> >>>One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &

> >>>suddenly server seems like freeze, i have to restart server to solve this

> >>>problem. it happend on 18/01 & 02/02

> >>

> >>

>

>

[Guest John John]

Re: The server was unable to allocate from the system paged pool

 

That is a phony address, the email is lost in the etherworld somewhere.

 

When I look at my other reply I see that the output of your post is

shown in a more orderly fashion. You have to take several shots and

compare the results to determine where the leak might be happening, you

can't see this with one snap only. See here for more help:

 

Poolmon Examples

http://technet2.microsoft.com/windowsserver/en/library/0d302498-c947-4655-95af-719ae75acfb51033.mspx?mfr=true

 

In particlualar look at Example 3: Detect Memory Leakage

 

This may also be helpful:

 

How do I determine a driver name from a pool tag

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=7102

 

This too may be helpful for monitoring processes:

Memsnap Overview

http://technet2.microsoft.com/windowsserver/en/library/352dfb2b-b32d-47b5-a888-59433f4904531033.mspx?mfr=true

 

Examining the output of these utilities is much easier in a spreadsheet.

 

John

 

Kelvin Ng wrote:

> Hi John John,

> i have sent the attachment files to your audetweld@nbnet.nb.ca email account

> via my guyncp@hotmail.com as i wouldn't know how attach as csv file in reply

> to you.

>

> Thanks & Regards

>

> "John John" wrote:

>

>

>>Could you attach that to your reply as a csv file? I'll try to take a

>>look at it and see if I can see anything unusual. As it is in the body

>>of the post it is a bit hard to arrange the information in an easily

>>readable format, as a .csv file it can easily be opened with a

>>spreadsheet program and it is much easier to decipher.

>>

>>John

>>

>>Kelvin Ng wrote:

>>

>>

>>>Hi John;

>>>on Handles counter under task manager, only below three processes above

>>>thousand;

>>>System -> 3,093 (Memory Usage -> 356K)

>>>csrss.exe --> 1,916 (Memory Usage -> 1,444K)

>>>svchost.exe --> 1,802 (Memory Usage -> 30,516K)

>>>

>>>Paged Pool captured using Poolmon.exe ran for few hours;

>>>Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K

>>>P:155512K

>>>Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K

>>>P:156260K

>>>

>>>Tag Type Allocs Frees Diff Bytes Per Alloc

>>> Mapped_Driver

>>> sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0)

>>> 40 [klif]

>>> Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0)

>>>7785 Unknown Driver

>>> MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024)

>>>2793 Unknown Driver

>>> UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0)

>>>4198400 Unknown Drive

>>> FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0)

>>>1952 Unknown Driver

>>> Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0)

>>>174 Unknown Driver

>>> CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0)

>>>103765 Unknown Driver

>>> Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712)

>>>816 [ntfs]

>>> R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0)

>>>21838 Unknown Driver

>>> NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0)

>>>47633 [ntfs]

>>> CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0)

>>>4096 Unknown Driver

>>> SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0)

>>>667648 [klif]

>>> Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0)

>>>2064 Unknown Driver

>>> Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0)

>>>59608 Unknown Driver

>>> CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0)

>>>139 Unknown Driver

>>> Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0)

>>>2520 Unknown Driver

>>> NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872)

>>>936 Unknown Driver

>>> Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0)

>>>2599 Unknown Driver

>>> CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0)

>>>4355 Unknown Driver

>>> CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0)

>>>58 Unknown Driver

>>> IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320)

>>>148 Unknown Driver

>>> Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960)

>>>392 Unknown Driver

>>> Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624)

>>>656 Unknown Driver

>>> UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0)

>>>69632 [http]

>>> Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0)

>>>5439 Unknown Driver

>>> Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0)

>>>620 Unknown Driver

>>> FSim Paged 2348531 ( 8) 2347153 ( 2) 1378 176384 ( 768)

>>>128 Unknown Driver

>>> CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0)

>>>13548 Unknown Driver

>>> Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0)

>>>32768 Unknown Driver

>>> Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0)

>>>103 Unknown Driver

>>> CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0)

>>>276 Unknown Driver

>>> ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0)

>>>4096 [acpi][mf][pci

>>> NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0)

>>>13136 [ntfs]

>>> LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0)

>>>65536 Unknown Driver

>>> WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0)

>>>118784 Unknown Driver

>>> CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0)

>>>48 Unknown Driver

>>> CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0)

>>>8192 Unknown Driver

>>>

>>>

>>>Non-Paged Pool captured using Poolmon.exe ran for few hours;

>>>Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K

>>>P:155484K

>>> Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K

>>>P:156196K

>>> System pool information

>>> Tag Type Allocs Frees Diff Bytes Per

>>>Alloc Mapped_Driver

>>> MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0)

>>>218920 Unknown Driver

>>> LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0)

>>>2576384 Unknown Driver

>>>

>>> VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0)

>>>225280 Unknown Driver

>>> File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568)

>>>152 Unknown Driver

>>> Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608)

>>>624 Unknown Driver

>>> Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0)

>>>44525 Unknown Driver

>>> LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0)

>>>3256 Unknown Driver

>>> AfdC Nonp 1338724 ( 7) 1336424 ( 18) 2300 368000 ( -1760)

>>>160 [afd]

>>> Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648)

>>>326 Unknown Driver

>>> Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0)

>>>42192 Unknown Driver

>>> Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0)

>>>924 Unknown Driver

>>> Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128)

>>>48 Unknown Driver

>>> TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400)

>>>84 [tcpip]

>>> Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0)

>>>72362 Unknown Driver

>>> Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0)

>>>28267 Unknown Driver

>>> Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0)

>>>1544 [klif]

>>> Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0)

>>>65536 [ntfs]

>>> UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0)

>>>608 [http]

>>> Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0)

>>>48 Unknown Driver

>>> Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952)

>>>138 Unknown Driver

>>> Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0)

>>>64 [ntfs]

>>> TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432)

>>>48 [tcpip]

>>> MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0)

>>>234 Unknown Driver

>>> RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0)

>>>131072 [tcpip]

>>> Mdl Nonp 613296 ( 28) 612315 ( 17) 981 125568 ( 1408)

>>>128 Unknown Driver

>>> R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0)

>>>7601 Unknown Driver

>>> CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936)

>>>312 Unknown Driver

>>> FSfm Nonp 2296640 ( 68) 2293700 ( 84) 2940 117600 ( -640)

>>>40 Unknown Driver

>>> usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0)

>>>3994 [usbport]

>>> MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336)

>>>103 Unknown Driver

>>> NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0)

>>>8771 [ntfs]

>>> VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608)

>>>32 Unknown Driver

>>> UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0)

>>>7563 Unknown Driver

>>> CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040)

>>>660 Unknown Driver

>>> brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0)

>>>13029 [b57xp32]

>>> Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152)

>>>64 Unknown Driver

>>> AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144)

>>>535 [afd]

>>> Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720)

>>>272 Unknown Driver

>>> NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0)

>>>3048 Unknown Driver

>>>

>>>we are running Kaspersky File Server 6.0.2.690 on all our servers &

>>>monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -->

>>>6.0.3.837

>>>

>>>Thanks,

>>>Kelvin

>>>

>>>

>>>"John John" wrote:

>>>

>>>

>>>

>>>>Start the Task Manager and select the option to view "Handle Count". Is

>>>>there a process there with a particularly large handle count, like in

>>>>the thousands or tens of thousands?

>>>>

>>>>If you see nothing out of the usual with the Handle Count then you may

>>>>want to monitor the pool consumption with poolmon.exe

>>>>http://support.microsoft.com/kb/177415/ this could reveal which driver

>>>>or process is consuming all the paged pool.

>>>>

>>>>AV programs are sometimes the culprit, NAV in particular is known to

>>>>sometimes run amuck with the paged pool, did you by any chance update

>>>>your AV software?

>>>>

>>>>John

>>>>

>>>>Kelvin Ng wrote:

>>>>

>>>>

>>>>>One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &

>>>>>suddenly server seems like freeze, i have to restart server to solve this

>>>>>problem. it happend on 18/01 & 02/02

>>>>

>>>>

>>

[Guest Kelvin Ng]

Re: The server was unable to allocate from the system paged pool

 

Hi John John,

i have capture some memory paged & non-paged snapshots & save in notepad.

just wonder how to attach & send it to you for diagnose?

 

"John John" wrote:

> That is a phony address, the email is lost in the etherworld somewhere.

>

> When I look at my other reply I see that the output of your post is

> shown in a more orderly fashion. You have to take several shots and

> compare the results to determine where the leak might be happening, you

> can't see this with one snap only. See here for more help:

>

> Poolmon Examples

> http://technet2.microsoft.com/windowsserver/en/library/0d302498-c947-4655-95af-719ae75acfb51033.mspx?mfr=true

>

> In particlualar look at Example 3: Detect Memory Leakage

>

> This may also be helpful:

>

> How do I determine a driver name from a pool tag

> http://www.jsifaq.com/SF/Tips/Tip.aspx?id=7102

>

> This too may be helpful for monitoring processes:

> Memsnap Overview

> http://technet2.microsoft.com/windowsserver/en/library/352dfb2b-b32d-47b5-a888-59433f4904531033.mspx?mfr=true

>

> Examining the output of these utilities is much easier in a spreadsheet.

>

> John

>

> Kelvin Ng wrote:

>

> > Hi John John,

> > i have sent the attachment files to your audetweld@nbnet.nb.ca email account

> > via my guyncp@hotmail.com as i wouldn't know how attach as csv file in reply

> > to you.

> >

> > Thanks & Regards

> >

> > "John John" wrote:

> >

> >

> >>Could you attach that to your reply as a csv file? I'll try to take a

> >>look at it and see if I can see anything unusual. As it is in the body

> >>of the post it is a bit hard to arrange the information in an easily

> >>readable format, as a .csv file it can easily be opened with a

> >>spreadsheet program and it is much easier to decipher.

> >>

> >>John

> >>

> >>Kelvin Ng wrote:

> >>

> >>

> >>>Hi John;

> >>>on Handles counter under task manager, only below three processes above

> >>>thousand;

> >>>System -> 3,093 (Memory Usage -> 356K)

> >>>csrss.exe --> 1,916 (Memory Usage -> 1,444K)

> >>>svchost.exe --> 1,802 (Memory Usage -> 30,516K)

> >>>

> >>>Paged Pool captured using Poolmon.exe ran for few hours;

> >>>Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K

> >>>P:155512K

> >>>Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K

> >>>P:156260K

> >>>

> >>>Tag Type Allocs Frees Diff Bytes Per Alloc

> >>> Mapped_Driver

> >>> sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0)

> >>> 40 [klif]

> >>> Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0)

> >>>7785 Unknown Driver

> >>> MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024)

> >>>2793 Unknown Driver

> >>> UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0)

> >>>4198400 Unknown Drive

> >>> FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0)

> >>>1952 Unknown Driver

> >>> Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0)

> >>>174 Unknown Driver

> >>> CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0)

> >>>103765 Unknown Driver

> >>> Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712)

> >>>816 [ntfs]

> >>> R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0)

> >>>21838 Unknown Driver

> >>> NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0)

> >>>47633 [ntfs]

> >>> CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0)

> >>>4096 Unknown Driver

> >>> SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0)

> >>>667648 [klif]

> >>> Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0)

> >>>2064 Unknown Driver

> >>> Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0)

> >>>59608 Unknown Driver

> >>> CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0)

> >>>139 Unknown Driver

> >>> Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0)

> >>>2520 Unknown Driver

> >>> NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872)

> >>>936 Unknown Driver

> >>> Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0)

> >>>2599 Unknown Driver

> >>> CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0)

> >>>4355 Unknown Driver

> >>> CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0)

> >>>58 Unknown Driver

> >>> IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320)

> >>>148 Unknown Driver

> >>> Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960)

> >>>392 Unknown Driver

> >>> Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624)

> >>>656 Unknown Driver

> >>> UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0)

> >>>69632 [http]

> >>> Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0)

> >>>5439 Unknown Driver

> >>> Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0)

> >>>620 Unknown Driver

> >>> FSim Paged 2348531 ( 8) 2347153 ( 2) 1378 176384 ( 768)

> >>>128 Unknown Driver

> >>> CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0)

> >>>13548 Unknown Driver

> >>> Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0)

> >>>32768 Unknown Driver

> >>> Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0)

> >>>103 Unknown Driver

> >>> CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0)

> >>>276 Unknown Driver

> >>> ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0)

> >>>4096 [acpi][mf][pci

> >>> NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0)

> >>>13136 [ntfs]

> >>> LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0)

> >>>65536 Unknown Driver

> >>> WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0)

> >>>118784 Unknown Driver

> >>> CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0)

> >>>48 Unknown Driver

> >>> CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0)

> >>>8192 Unknown Driver

> >>>

> >>>

> >>>Non-Paged Pool captured using Poolmon.exe ran for few hours;

> >>>Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K

> >>>P:155484K

> >>> Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K

> >>>P:156196K

> >>> System pool information

> >>> Tag Type Allocs Frees Diff Bytes Per

> >>>Alloc Mapped_Driver

> >>> MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0)

> >>>218920 Unknown Driver

> >>> LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0)

> >>>2576384 Unknown Driver

> >>>

> >>> VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0)

> >>>225280 Unknown Driver

> >>> File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568)

> >>>152 Unknown Driver

> >>> Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608)

> >>>624 Unknown Driver

> >>> Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0)

> >>>44525 Unknown Driver

> >>> LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0)

> >>>3256 Unknown Driver

> >>> AfdC Nonp 1338724 ( 7) 1336424 ( 18) 2300 368000 ( -1760)

> >>>160 [afd]

> >>> Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648)

> >>>326 Unknown Driver

> >>> Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0)

> >>>42192 Unknown Driver

> >>> Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0)

> >>>924 Unknown Driver

> >>> Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128)

> >>>48 Unknown Driver

> >>> TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400)

> >>>84 [tcpip]

> >>> Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0)

> >>>72362 Unknown Driver

> >>> Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0)

> >>>28267 Unknown Driver

> >>> Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0)

> >>>1544 [klif]

> >>> Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0)

> >>>65536 [ntfs]

> >>> UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0)

> >>>608 [http]

> >>> Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0)

> >>>48 Unknown Driver

> >>> Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952)

> >>>138 Unknown Driver

> >>> Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0)

> >>>64 [ntfs]

> >>> TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432)

> >>>48 [tcpip]

> >>> MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0)

> >>>234 Unknown Driver

> >>> RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0)

> >>>131072 [tcpip]

> >>> Mdl Nonp 613296 ( 28) 612315 ( 17) 981 125568 ( 1408)

> >>>128 Unknown Driver

> >>> R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0)

> >>>7601 Unknown Driver

> >>> CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936)

> >>>312 Unknown Driver

> >>> FSfm Nonp 2296640 ( 68) 2293700 ( 84) 2940 117600 ( -640)

> >>>40 Unknown Driver

> >>> usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0)

> >>>3994 [usbport]

> >>> MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336)

> >>>103 Unknown Driver

> >>> NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0)

> >>>8771 [ntfs]

> >>> VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608)

> >>>32 Unknown Driver

> >>> UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0)

> >>>7563 Unknown Driver

> >>> CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040)

> >>>660 Unknown Driver

> >>> brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0)

> >>>13029 [b57xp32]

> >>> Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152)

> >>>64 Unknown Driver

> >>> AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144)

> >>>535 [afd]

> >>> Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720)

> >>>272 Unknown Driver

> >>> NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0)

> >>>3048 Unknown Driver

> >>>

> >>>we are running Kaspersky File Server 6.0.2.690 on all our servers &

> >>>monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -->

> >>>6.0.3.837

> >>>

> >>>Thanks,

> >>>Kelvin

> >>>

> >>>

> >>>"John John" wrote:

> >>>

> >>>

> >>>

> >>>>Start the Task Manager and select the option to view "Handle Count". Is

> >>>>there a process there with a particularly large handle count, like in

> >>>>the thousands or tens of thousands?

> >>>>

> >>>>If you see nothing out of the usual with the Handle Count then you may

> >>>>want to monitor the pool consumption with poolmon.exe

> >>>>http://support.microsoft.com/kb/177415/ this could reveal which driver

> >>>>or process is consuming all the paged pool.

> >>>>

> >>>>AV programs are sometimes the culprit, NAV in particular is known to

> >>>>sometimes run amuck with the paged pool, did you by any chance update

> >>>>your AV software?

> >>>>

> >>>>John

> >>>>

> >>>>Kelvin Ng wrote:

> >>>>

> >>>>

> >>>>>One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &

> >>>>>suddenly server seems like freeze, i have to restart server to solve this

> >>>>>problem. it happend on 18/01 & 02/02

> >>>>

> >>>>

> >>

>