Have received no emails from you offline, sorry to report. Also, your message, as you can see below, is a bit hard to read, with some funky characters spoiling things.
I will take a look at the Debug Tools for Windows and take a look. On Tue, Mar 31, 2009 at 13:58, Brian Desmond <br...@briandesmond.com> wrote: > > Kurt- > > > > Is pooltag.txt in that archive I sent you offline? > > > > If not, install the Debug Tools for Windows (free download) and go in the > triage folder ÿÿ“ pooltag.txt has a dictionary so to speak of all the MS tags > > > > Sÿÿ ÿ - nt!sÿÿ ÿÿÂÿÿ ÿÿÂÿÿ - General security allocations > > > > Allocs isnÿÿ™t really terribly interesting, what is is the number of bytes > allocated which in this case is ~232MB. That is not normal. I have no idea > what this one is ÿÿ“ itÿÿ™s not somethingÿÿâÿ™ve seen before and ÿÿâÿ™s not > normal. I would be inclined to tell you to call PSS and let them work on it. > I know how to get the stacks for the allocations with a live debug but > thatÿÿ™s fairly involved as things go. > > > > MmSt is associated with memory tracking shared files (in a nutshellÿÿâÿ“ > looks ok in your snapshot. > > > > Thanks, > > Brian Desmond > > br...@briandesmond.com > > > > c - 312.731.3132 > > > > Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ > > Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian > > > > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Tuesday, March 31, 2009 1:46 PM > To: NT System Admin Issues > Subject: Pool consumption (was: Re: Virtualized server issue...) > > > > Have added the reg entry, and am examining poolmon output. > > The server needed to be rebooted again today, so the reg entry should now be > active. I note that in perfmon Pool Paged Allocs for this machine had slammed > to the ceiling, although nothing else seemed to be > > Poolmon is proving problematic - I've examined the top two memory eaters, and > am either getting too many or no hits. > > At 10:12 this morning, I took this reading, and a few minutes later had to > reboot the box. > > Memory: 1047456K Avail: 220432K PageFlts: 47 InRam Krnl: 2912K > P:281220K > Commit: 570560K Limit:3053000K Peak: 580612K Pool N:35804K > P:282140K > System pool information > Tag Type Allocs Frees Diff Bytes Per Alloc > > Se Paged 13914251 ( 0) 1770996 ( 0) 12143255 243309424 ( 0) > 20 > MmSt Paged 755490 ( 9) 753741 ( 9) 1749 15544008 ( 0) 8887 > > Memory: 1047456K Avail: 229772K PageFlts: 66 InRam Krnl: 2912K > P:281000K > Commit: 570396K Limit:3053000K Peak: 580612K Pool N:35776K > P:281920K > System pool information > Tag Type Allocs Frees Diff Bytes Per Alloc > > MmCm Nonp 1090 ( 0) 15 ( 0) 1075 7864864 ( 0) 7316 > LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0) 2576384 > > As the winner and new champeen, Se is at least an order of magnitude larger > than its closes competitor. However, the Se tag is in lots of files, so I > prefixed it in the findstr command with 'h' per the KB article. That narrowed > it considerably, but what's left pretty much looks to be MSFT files, and > there are still 21 files. > > MsSt is simply not found anywhere, nor is MmCm,. though LSwi shows in srv.sys > - I note that the Se tag is also found in the latter. > > Later today, perhaps after standard business hours, I'll reenable Active > Protection for VIPRE on this machine, and copy a lot of files to it. If > that's the issue, it should start spiking pretty quickly. > > On Mon, Mar 30, 2009 at 15:29, Brian Desmond <br...@briandesmond.com> wrote: > > Kurt- > > > > Can you add the http://support.microsoft.com/kb/244139 CrashOnCtrlScroll > > registry value and reboot? This will allow you to generate a dump next time > > this happens (the hang, specifically) by pressing the /right/ Ctrl key and > > Scroll Lock twice. > > > > Also, Poolmon can help tremendously here too for logging. > > > > Thanks, > > Brian Desmond > > br...@briandesmond.com > > > > c - 312.731.3132 > > > > > > -----Original Message----- > > From: Kurt Buff [mailto:kurt.b...@gmail.com] > > Sent: Monday, March 30, 2009 5:00 PM > > To: NT System Admin Issues > > Subject: Virtualized server issue... > > > > All, > > > > Over the weekend we virtualized our file/print server, and it seemed > > to go well. Host is a Dell machine running ESX 3.5 update 2. > > > > The physical machine has an Intel HT processor and 1gbyte of RAM. I > > gave the VM 2 procs and 2gbytes of RAM, just for good measure. > > > > Both machines were talking to our LeftHand SAN, on a separate physical > > LAN, but today I had to reboot the VM, then a couple of hours later > > shut it down and revert to the physical machine after it stopped > > responding. > > > > The logs were indicating lack of server memory - specifically, these > > were being emitted to my syslog server: > > > > 2009-03-30 14:05:12 User.Notice home-01 Mar 30 14:05:12 > > home-01 MSWinEventLog 1 System 13892 Mon Mar 30 14:05:08 2009 > > 2020 Srv Unknown User N/A Error HOME-01 None > > 0000: 00 00 04 00 01 00 54 00 ....... 0008: 00 00 00 00 e4 07 00 c0 > > ........ 0010: 00 00 00 00 9a 00 00 c0 ........ 0018: 00 00 00 > > 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ > > 0028: ae 04 00 00 d0 02 70 00 ....... The server was unable to > > allocate from the system paged pool because the pool was empty. > > > > Then this, as I tried to log in to shut it down: > > > > 2009-03-30 14:09:39 User.Notice zet-home-01 Mar 30 > > 14:09:39 zet-home-01 MSWinEventLog 1 Application 13935 Mon > > Mar 30 14:09:39 2009 1512 Userenv SYSTEM User > > Error ZET-HOME-01 None Windows cannot unload your > > registry file. The memory used by the registry has not been freed. > > This is often caused by services running as a user account, try > > configuring the services to run in either the LocalService or > > NetworkService account. If this problem persists, contact your > > administrator. DETAIL - Insufficient system resources exist to > > complete the requested service. 30 > > > > > > and couldn't log in - I had to use psshutdown to make it go. > > > > I was starting to troubleshoot the paged pool issue, but didn't get > > far enough into it before it required kick, and I reverted to the > > physical box. > > > > Anyone have any ideas what might have been the problem, or where I can > > start to look for clues? > > > > > > Kurt > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~