+1 to poolmon in this situation. An example of how to use it: http://www.adopenstatic.com/cs/blogs/ken/archive/2006/07/10/Using-PoolMon-_2800_Pool-Monitor_2900_-to-debug-kernel-memory-leaks.aspx
Cheers Ken ________________________________________ From: Brian Desmond [[email protected]] Sent: Tuesday, 31 March 2009 9:29 AM To: NT System Admin Issues Subject: RE: Virtualized server issue... Kurt- Can you add the http://support.microsoft.com/kb/244139 CrashOnCtrlScroll registry value and reboot? This will allow you to generate a dump next time this happens (the hang, specifically) by pressing the /right/ Ctrl key and Scroll Lock twice. Also, Poolmon can help tremendously here too for logging. Thanks, Brian Desmond [email protected] c - 312.731.3132 -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Monday, March 30, 2009 5:00 PM To: NT System Admin Issues Subject: Virtualized server issue... All, Over the weekend we virtualized our file/print server, and it seemed to go well. Host is a Dell machine running ESX 3.5 update 2. The physical machine has an Intel HT processor and 1gbyte of RAM. I gave the VM 2 procs and 2gbytes of RAM, just for good measure. Both machines were talking to our LeftHand SAN, on a separate physical LAN, but today I had to reboot the VM, then a couple of hours later shut it down and revert to the physical machine after it stopped responding. The logs were indicating lack of server memory - specifically, these were being emitted to my syslog server: 2009-03-30 14:05:12 User.Notice home-01 Mar 30 14:05:12 home-01 MSWinEventLog 1 System 13892 Mon Mar 30 14:05:08 2009 2020 Srv Unknown User N/A Error HOME-01 None 0000: 00 00 04 00 01 00 54 00 ....... 0008: 00 00 00 00 e4 07 00 c0 ........ 0010: 00 00 00 00 9a 00 00 c0 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: ae 04 00 00 d0 02 70 00 ....... The server was unable to allocate from the system paged pool because the pool was empty. Then this, as I tried to log in to shut it down: 2009-03-30 14:09:39 User.Notice zet-home-01 Mar 30 14:09:39 zet-home-01 MSWinEventLog 1 Application 13935 Mon Mar 30 14:09:39 2009 1512 Userenv SYSTEM User Error ZET-HOME-01 None Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - Insufficient system resources exist to complete the requested service. 30 and couldn't log in - I had to use psshutdown to make it go. I was starting to troubleshoot the paged pool issue, but didn't get far enough into it before it required kick, and I reverted to the physical box. Anyone have any ideas what might have been the problem, or where I can start to look for clues? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
