Hello --
Recently we've encountered event 2019 srv - "The server was unable to allocate from the system nonpaged pool because the pool was empty." The server was rebooted yesterday and already memory usage has increased from 5gb to 8gb. Based on the past couple weeks, the server will run fine for about a week before needing a reboot.
Using poolmon, I grabbed the following (top 5 processes shown):
At 10:00a:
Memory:16766772K Avail: 9046292K PageFlts: 107 InRam Krnl: 6764K P:830528K
Commit:7649792K Limit:33531684K Peak:7751492K Pool N:503820K P:839464K
System pool information
Tag Type Allocs Frees Diff Bytes Per Alloc
Proc Nonp 65099 ( 0) 3 ( 0) 65096 86447424 ( 0) 1327
File Nonp 73822364 ( 77) 73685557 ( 71) 136807 45098640 ( 2080) 329
Ntfx Nonp 837972 ( 5) 704712 ( 0) 133260 42202560 ( 1760) 316
KLsc Nonp 3439741 ( 5) 3306608 ( 0) 133133 40472432 ( 1520) 304
Irp Nonp 378392 ( 0) 333265 ( 3) 45127 34859760 ( -912) 772
At 4:00p:
Memory:16766772K Avail: 8389124K PageFlts: 6449 InRam Krnl: 6780K P:845772K
Commit:8450380K Limit:33531684K Peak:9405944K Pool N:523424K P:854664K
System pool information
Tag Type Allocs Frees Diff Bytes Per Alloc
Proc Nonp 80226 ( 0) 3 ( 0) 80223 106536080 ( 0) 1327
Irp Nonp 488818 ( 84) 443953 ( 71) 44865 36043168 ( 13296) 803
File Nonp 123105561 (7149) 122997529 (7339) 108032 35362496 ( -63904) 327
Ntfx Nonp 983042 ( 8) 883547 ( 9) 99495 30741216 ( -352) 308
KLsc Nonp 3893558 ( 16) 3794414 ( 21) 99144 30139776 ( -1520) 304
What really concerns me is the Proc tag, which seems to be win32k.sys (using findstr /m /l Proc *.sys). Am I correct to assume that win32k.sys is the cause of the memory leak? Should I give a couple more days and check poolmon again? How would I correct this?
Thanks -- michael~
