Memory Leak D2d
Hello, Can someone please help? We've been having a memory leak on our Windows 2003 SP2 Standard server. Overtime the servers stops responding and an event 2020 is logged where pool is empty. A restart is required to fix it. I've been running Poolmon.exe and noticed the D2d tag is steadily increasing. Example: On 6/22 Memory: 3538236K Avail: 3001188K PageFlts: 275 InRam Krnl: 2836K P:76928K Commit: 340184K Limit:5475744K Peak:1205688K Pool N:24988K P:77520K System pool information Tag Type Allocs Frees Diff Bytes Per Alloc SaEe Paged 5145589 ( 0) 5144771 ( 0) 818 44232136 ( 0) 54073 UlHT Paged 1 ( 0) 0 ( 0) 1 8392704 ( 0) 8392704 R100 Paged 47 ( 0) 2 ( 0) 45 5460840 ( 0) 121352 MmSt Paged 87333 ( 4) 84596 ( 4) 2737 4091952 ( 0) 1495 Ntff Paged 5097 ( 0) 3506 ( 0) 1591 1298256 ( 0) 816 Gh15 Paged 30209 ( 24) 30048 ( 24) 161 1193504 ( 0) 7413 Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0) 59608 D2d Paged 54394 ( 0) 27197 ( 0) 27197 652728 ( 0) 24 CM35 Paged 52 ( 0) 24 ( 0) 28 573440 ( 0) 20480 Ttfd Paged 1109 ( 0) 736 ( 0) 373 543784 ( 0) 1457 CMAl Paged 434 ( 0) 302 ( 0) 132 540672 ( 0) 4096 Now on 6/29 Memory: 3538236K Avail: 2642836K PageFlts: 94681 InRam Krnl: 3436K P:194420K Commit: 549100K Limit:5475744K Peak:1205688K Pool N:54616K P:195104K System pool information Tag Type Allocs Frees Diff Bytes Per Alloc D2d Paged 5321430 ( 14) 2660715 ( 7) 2660715 63857160 ( 168) 24 SaEe Paged 386885068 ( 220) 386884236 ( 220) 832 44421208 ( 0) 53390 MmSt Paged 8773613 ( 25) 8752239 ( 25) 21374 13435808 ( 0) 628 As you can see it has jumped up quite a bit and eventually will run out of paged pool memory. The problem I am having is locating the driver or application file that maybe causing this. I've tried using findstr and strings sysinternal utility but could not locate the D2d tag anywhere. I think MRTG application maybe causing this. I am running MRTG with Perl as a task sequence that runs every 2 minutes. I've noticed when running poolmon the D2d tag increases in bytes and diff and does not go down when task is completed. To be sure that MRTG may be causing it, is there any way to verify that it is? What exactly does the the D2d pooltag actually perform? Thanks!Rich
June 29th, 2011 12:01pm

D2D refers to the IoVolumeDeviceToDosName API but we have seen cases involving SYMEVENT.SYS and D2D tag leaks. If %windir%\system32\drivers\symevent.sys is present, what version number is it?
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2011 11:45pm

Thank you for your reply. We were suspecting that Symantec Endpoint Protection 11.0.6300.803 was causing the issue but could not relate it to any driver using poolmon. Hopefully it is the cause as there are some bugs in this version of SEP. The version of the symevent.sys file is 12.8.3.22. Thanks!Rich
July 2nd, 2011 1:19am

Yeah, I would suggest following up with Symantec to see if they are aware of a symevent.sys memory leak and if there is an updated version available yet.
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2011 2:24am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics