One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 &
suddenly server seems like freeze, i have to restart server to solve this
problem. it happend on 18/01 & 02/02

Quote:

One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 & suddenly server seems like freeze, i have to restart server to solve this problem. it happend on 18/01 & 02/02

Running service pack 2? Take a look at some of these KB articles
regarding non-paged pool exhaustion:

http://support.microsoft.com/kb/931311
http://support.microsoft.com/kb/918976
http://support.microsoft.com/kb/945410
http://support.microsoft.com/kb/938666
http://support.microsoft.com/kb/822219
http://support.microsoft.com/kb/940307
http://support.microsoft.com/kb/317249

- Thee Chicago Wolf

Start the Task Manager and select the option to view "Handle Count". Is
there a process there with a particularly large handle count, like in
the thousands or tens of thousands?

If you see nothing out of the usual with the Handle Count then you may
want to monitor the pool consumption with poolmon.exe
http://support.microsoft.com/kb/177415/ this could reveal which driver
or process is consuming all the paged pool.

AV programs are sometimes the culprit, NAV in particular is known to
sometimes run amuck with the paged pool, did you by any chance update
your AV software?

John

Kelvin Ng wrote:

Quote:

One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 & suddenly server seems like freeze, i have to restart server to solve this problem. it happend on 18/01 & 02/02

Trend Micro can also have this problem. Contact them for a fix.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca/phpBB2/



"Kelvin Ng" <KelvinNg@discussions.microsoft.com> wrote in message
news:A2AA295A-5CDA-4BAE-98B1-D05180AA0EF4@microsoft.com...

Quote:

One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 & suddenly server seems like freeze, i have to restart server to solve this problem. it happend on 18/01 & 02/02

Hi John;
on Handles counter under task manager, only below three processes above
thousand;
System -> 3,093 (Memory Usage -> 356K)
csrss.exe --> 1,916 (Memory Usage -> 1,444K)
svchost.exe --> 1,802 (Memory Usage -> 30,516K)

Paged Pool captured using Poolmon.exe ran for few hours;
Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K
P:155512K
Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K
P:156260K

Tag Type Allocs Frees Diff Bytes Per Alloc
Mapped_Driver
sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0)
40 [klif]
Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0)
7785 Unknown Driver
MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024)
2793 Unknown Driver
UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0)
4198400 Unknown Drive
FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0)
1952 Unknown Driver
Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0)
174 Unknown Driver
CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0)
103765 Unknown Driver
Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712)
816 [ntfs]
R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0)
21838 Unknown Driver
NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0)
47633 [ntfs]
CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0)
4096 Unknown Driver
SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0)
667648 [klif]
Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0)
2064 Unknown Driver
Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0)
59608 Unknown Driver
CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0)
139 Unknown Driver
Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0)
2520 Unknown Driver
NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872)
936 Unknown Driver
Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0)
2599 Unknown Driver
CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0)
4355 Unknown Driver
CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0)
58 Unknown Driver
IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320)
148 Unknown Driver
Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960)
392 Unknown Driver
Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624)
656 Unknown Driver
UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0)
69632 [http]
Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0)
5439 Unknown Driver
Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0)
620 Unknown Driver
FSim Paged 2348531 ( 2347153 ( 2) 1378 176384 ( 768)
128 Unknown Driver
CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0)
13548 Unknown Driver
Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0)
32768 Unknown Driver
Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0)
103 Unknown Driver
CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0)
276 Unknown Driver
ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0)
4096 [acpi][mf][pci
NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0)
13136 [ntfs]
LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0)
65536 Unknown Driver
WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0)
118784 Unknown Driver
CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0)
48 Unknown Driver
CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0)
8192 Unknown Driver


Non-Paged Pool captured using Poolmon.exe ran for few hours;
Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K
P:155484K
Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K
P:156196K
System pool information
Tag Type Allocs Frees Diff Bytes Per
Alloc Mapped_Driver
MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0)
218920 Unknown Driver
LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0)
2576384 Unknown Driver

VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0)
225280 Unknown Driver
File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568)
152 Unknown Driver
Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608)
624 Unknown Driver
Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0)
44525 Unknown Driver
LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0)
3256 Unknown Driver
AfdC Nonp 1338724 ( 7) 1336424 ( 1 2300 368000 ( -1760)
160 [afd]
Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648)
326 Unknown Driver
Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0)
42192 Unknown Driver
Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0)
924 Unknown Driver
Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128)
48 Unknown Driver
TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400)
84 [tcpip]
Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0)
72362 Unknown Driver
Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0)
28267 Unknown Driver
Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0)
1544 [klif]
Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0)
65536 [ntfs]
UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0)
608 [http]
Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0)
48 Unknown Driver
Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952)
138 Unknown Driver
Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0)
64 [ntfs]
TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432)
48 [tcpip]
MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0)
234 Unknown Driver
RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0)
131072 [tcpip]
Mdl Nonp 613296 ( 2 612315 ( 17) 981 125568 ( 1408)
128 Unknown Driver
R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0)
7601 Unknown Driver
CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936)
312 Unknown Driver
FSfm Nonp 2296640 ( 6 2293700 ( 84) 2940 117600 ( -640)
40 Unknown Driver
usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0)
3994 [usbport]
MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336)
103 Unknown Driver
NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0)
8771 [ntfs]
VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608)
32 Unknown Driver
UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0)
7563 Unknown Driver
CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040)
660 Unknown Driver
brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0)
13029 [b57xp32]
Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152)
64 Unknown Driver
AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144)
535 [afd]
Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720)
272 Unknown Driver
NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0)
3048 Unknown Driver

we are running Kaspersky File Server 6.0.2.690 on all our servers &
monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -->
6.0.3.837

Thanks,
Kelvin


"John John" wrote:

Quote:

Start the Task Manager and select the option to view "Handle Count". Is there a process there with a particularly large handle count, like in the thousands or tens of thousands? If you see nothing out of the usual with the Handle Count then you may want to monitor the pool consumption with poolmon.exe http://support.microsoft.com/kb/177415/ this could reveal which driver or process is consuming all the paged pool. AV programs are sometimes the culprit, NAV in particular is known to sometimes run amuck with the paged pool, did you by any chance update your AV software? John Kelvin Ng wrote: One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 & suddenly server seems like freeze, i have to restart server to solve this problem. it happend on 18/01 & 02/02

Could you attach that to your reply as a csv file? I'll try to take a
look at it and see if I can see anything unusual. As it is in the body
of the post it is a bit hard to arrange the information in an easily
readable format, as a .csv file it can easily be opened with a
spreadsheet program and it is much easier to decipher.

John

Kelvin Ng wrote:

Quote:

Hi John; on Handles counter under task manager, only below three processes above thousand; System -> 3,093 (Memory Usage -> 356K) csrss.exe --> 1,916 (Memory Usage -> 1,444K) svchost.exe --> 1,802 (Memory Usage -> 30,516K) Paged Pool captured using Poolmon.exe ran for few hours; Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K P:155512K Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K P:156260K Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_Driver sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0) 40 [klif] Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0) 7785 Unknown Driver MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024) 2793 Unknown Driver UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0) 4198400 Unknown Drive FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0) 1952 Unknown Driver Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0) 174 Unknown Driver CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0) 103765 Unknown Driver Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712) 816 [ntfs] R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0) 21838 Unknown Driver NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0) 47633 [ntfs] CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0) 4096 Unknown Driver SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0) 667648 [klif] Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0) 2064 Unknown Driver Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0) 59608 Unknown Driver CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0) 139 Unknown Driver Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0) 2520 Unknown Driver NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872) 936 Unknown Driver Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0) 2599 Unknown Driver CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0) 4355 Unknown Driver CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0) 58 Unknown Driver IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320) 148 Unknown Driver Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960) 392 Unknown Driver Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624) 656 Unknown Driver UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0) 69632 [http] Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0) 5439 Unknown Driver Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0) 620 Unknown Driver FSim Paged 2348531 ( 2347153 ( 2) 1378 176384 ( 768) 128 Unknown Driver CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0) 13548 Unknown Driver Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0) 32768 Unknown Driver Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0) 103 Unknown Driver CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0) 276 Unknown Driver ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0) 4096 [acpi][mf][pci NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0) 13136 [ntfs] LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0) 65536 Unknown Driver WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0) 118784 Unknown Driver CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0) 48 Unknown Driver CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0) 8192 Unknown Driver Non-Paged Pool captured using Poolmon.exe ran for few hours; Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K P:155484K Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K P:156196K System pool information Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_Driver MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0) 218920 Unknown Driver LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0) 2576384 Unknown Driver VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0) 225280 Unknown Driver File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568) 152 Unknown Driver Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608) 624 Unknown Driver Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0) 44525 Unknown Driver LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0) 3256 Unknown Driver AfdC Nonp 1338724 ( 7) 1336424 ( 1 2300 368000 ( -1760) 160 [afd] Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648) 326 Unknown Driver Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0) 42192 Unknown Driver Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0) 924 Unknown Driver Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128) 48 Unknown Driver TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400) 84 [tcpip] Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0) 72362 Unknown Driver Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0) 28267 Unknown Driver Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0) 1544 [klif] Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0) 65536 [ntfs] UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0) 608 [http] Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0) 48 Unknown Driver Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952) 138 Unknown Driver Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0) 64 [ntfs] TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432) 48 [tcpip] MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0) 234 Unknown Driver RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0) 131072 [tcpip] Mdl Nonp 613296 ( 2 612315 ( 17) 981 125568 ( 1408) 128 Unknown Driver R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0) 7601 Unknown Driver CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936) 312 Unknown Driver FSfm Nonp 2296640 ( 6 2293700 ( 84) 2940 117600 ( -640) 40 Unknown Driver usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0) 3994 [usbport] MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336) 103 Unknown Driver NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0) 8771 [ntfs] VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608) 32 Unknown Driver UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0) 7563 Unknown Driver CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040) 660 Unknown Driver brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0) 13029 [b57xp32] Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152) 64 Unknown Driver AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144) 535 [afd] Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720) 272 Unknown Driver NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0) 3048 Unknown Driver we are running Kaspersky File Server 6.0.2.690 on all our servers & monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -- 6.0.3.837 Thanks, Kelvin "John John" wrote: Start the Task Manager and select the option to view "Handle Count". Is there a process there with a particularly large handle count, like in the thousands or tens of thousands? If you see nothing out of the usual with the Handle Count then you may want to monitor the pool consumption with poolmon.exe http://support.microsoft.com/kb/177415/ this could reveal which driver or process is consuming all the paged pool. AV programs are sometimes the culprit, NAV in particular is known to sometimes run amuck with the paged pool, did you by any chance update your AV software? John Kelvin Ng wrote: One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 & suddenly server seems like freeze, i have to restart server to solve this problem. it happend on 18/01 & 02/02

Hi John John,
i have sent the attachment files to your audetweld@nbnet.nb.ca email account
via my guyncp@hotmail.com as i wouldn't know how attach as csv file in reply
to you.

Thanks & Regards

"John John" wrote:

Quote:

Could you attach that to your reply as a csv file? I'll try to take a look at it and see if I can see anything unusual. As it is in the body of the post it is a bit hard to arrange the information in an easily readable format, as a .csv file it can easily be opened with a spreadsheet program and it is much easier to decipher. John Kelvin Ng wrote: Hi John; on Handles counter under task manager, only below three processes above thousand; System -> 3,093 (Memory Usage -> 356K) csrss.exe --> 1,916 (Memory Usage -> 1,444K) svchost.exe --> 1,802 (Memory Usage -> 30,516K) Paged Pool captured using Poolmon.exe ran for few hours; Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K P:155512K Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K P:156260K Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_Driver sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0) 40 [klif] Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0) 7785 Unknown Driver MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024) 2793 Unknown Driver UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0) 4198400 Unknown Drive FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0) 1952 Unknown Driver Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0) 174 Unknown Driver CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0) 103765 Unknown Driver Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712) 816 [ntfs] R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0) 21838 Unknown Driver NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0) 47633 [ntfs] CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0) 4096 Unknown Driver SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0) 667648 [klif] Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0) 2064 Unknown Driver Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0) 59608 Unknown Driver CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0) 139 Unknown Driver Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0) 2520 Unknown Driver NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872) 936 Unknown Driver Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0) 2599 Unknown Driver CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0) 4355 Unknown Driver CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0) 58 Unknown Driver IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320) 148 Unknown Driver Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960) 392 Unknown Driver Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624) 656 Unknown Driver UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0) 69632 [http] Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0) 5439 Unknown Driver Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0) 620 Unknown Driver FSim Paged 2348531 ( 2347153 ( 2) 1378 176384 ( 768) 128 Unknown Driver CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0) 13548 Unknown Driver Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0) 32768 Unknown Driver Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0) 103 Unknown Driver CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0) 276 Unknown Driver ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0) 4096 [acpi][mf][pci NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0) 13136 [ntfs] LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0) 65536 Unknown Driver WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0) 118784 Unknown Driver CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0) 48 Unknown Driver CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0) 8192 Unknown Driver Non-Paged Pool captured using Poolmon.exe ran for few hours; Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K P:155484K Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K P:156196K System pool information Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_Driver MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0) 218920 Unknown Driver LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0) 2576384 Unknown Driver VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0) 225280 Unknown Driver File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568) 152 Unknown Driver Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608) 624 Unknown Driver Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0) 44525 Unknown Driver LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0) 3256 Unknown Driver AfdC Nonp 1338724 ( 7) 1336424 ( 1 2300 368000 ( -1760) 160 [afd] Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648) 326 Unknown Driver Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0) 42192 Unknown Driver Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0) 924 Unknown Driver Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128) 48 Unknown Driver TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400) 84 [tcpip] Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0) 72362 Unknown Driver Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0) 28267 Unknown Driver Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0) 1544 [klif] Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0) 65536 [ntfs] UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0) 608 [http] Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0) 48 Unknown Driver Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952) 138 Unknown Driver Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0) 64 [ntfs] TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432) 48 [tcpip] MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0) 234 Unknown Driver RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0) 131072 [tcpip] Mdl Nonp 613296 ( 2 612315 ( 17) 981 125568 ( 1408) 128 Unknown Driver R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0) 7601 Unknown Driver CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936) 312 Unknown Driver FSfm Nonp 2296640 ( 6 2293700 ( 84) 2940 117600 ( -640) 40 Unknown Driver usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0) 3994 [usbport] MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336) 103 Unknown Driver NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0) 8771 [ntfs] VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608) 32 Unknown Driver UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0) 7563 Unknown Driver CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040) 660 Unknown Driver brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0) 13029 [b57xp32] Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152) 64 Unknown Driver AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144) 535 [afd] Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720) 272 Unknown Driver NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0) 3048 Unknown Driver we are running Kaspersky File Server 6.0.2.690 on all our servers & monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -- 6.0.3.837 Thanks, Kelvin "John John" wrote: Start the Task Manager and select the option to view "Handle Count". Is there a process there with a particularly large handle count, like in the thousands or tens of thousands? If you see nothing out of the usual with the Handle Count then you may want to monitor the pool consumption with poolmon.exe http://support.microsoft.com/kb/177415/ this could reveal which driver or process is consuming all the paged pool. AV programs are sometimes the culprit, NAV in particular is known to sometimes run amuck with the paged pool, did you by any chance update your AV software? John Kelvin Ng wrote: One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 & suddenly server seems like freeze, i have to restart server to solve this problem. it happend on 18/01 & 02/02

That is a phony address, the email is lost in the etherworld somewhere.

When I look at my other reply I see that the output of your post is
shown in a more orderly fashion. You have to take several shots and
compare the results to determine where the leak might be happening, you
can't see this with one snap only. See here for more help:

Poolmon Examples
http://technet2.microsoft.com/windowsserver/en/library/0d302498-c947-4655-95af-719ae75acfb51033.mspx?mfr=true

In particlualar look at Example 3: Detect Memory Leakage

This may also be helpful:

How do I determine a driver name from a pool tag
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=7102

This too may be helpful for monitoring processes:
Memsnap Overview
http://technet2.microsoft.com/windowsserver/en/library/352dfb2b-b32d-47b5-a888-59433f4904531033.mspx?mfr=true

Examining the output of these utilities is much easier in a spreadsheet.

John

Kelvin Ng wrote:

Quote:

Hi John John, i have sent the attachment files to your audetweld@nbnet.nb.ca email account via my guyncp@hotmail.com as i wouldn't know how attach as csv file in reply to you. Thanks & Regards "John John" wrote: Could you attach that to your reply as a csv file? I'll try to take a look at it and see if I can see anything unusual. As it is in the body of the post it is a bit hard to arrange the information in an easily readable format, as a .csv file it can easily be opened with a spreadsheet program and it is much easier to decipher. John Kelvin Ng wrote: Hi John; on Handles counter under task manager, only below three processes above thousand; System -> 3,093 (Memory Usage -> 356K) csrss.exe --> 1,916 (Memory Usage -> 1,444K) svchost.exe --> 1,802 (Memory Usage -> 30,516K) Paged Pool captured using Poolmon.exe ran for few hours; Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K P:155512K Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K P:156260K Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_Driver sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0) 40 [klif] Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0) 7785 Unknown Driver MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024) 2793 Unknown Driver UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0) 4198400 Unknown Drive FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0) 1952 Unknown Driver Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0) 174 Unknown Driver CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0) 103765 Unknown Driver Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712) 816 [ntfs] R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0) 21838 Unknown Driver NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0) 47633 [ntfs] CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0) 4096 Unknown Driver SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0) 667648 [klif] Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0) 2064 Unknown Driver Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0) 59608 Unknown Driver CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0) 139 Unknown Driver Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0) 2520 Unknown Driver NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872) 936 Unknown Driver Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0) 2599 Unknown Driver CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0) 4355 Unknown Driver CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0) 58 Unknown Driver IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320) 148 Unknown Driver Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960) 392 Unknown Driver Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624) 656 Unknown Driver UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0) 69632 [http] Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0) 5439 Unknown Driver Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0) 620 Unknown Driver FSim Paged 2348531 ( 2347153 ( 2) 1378 176384 ( 768) 128 Unknown Driver CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0) 13548 Unknown Driver Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0) 32768 Unknown Driver Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0) 103 Unknown Driver CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0) 276 Unknown Driver ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0) 4096 [acpi][mf][pci NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0) 13136 [ntfs] LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0) 65536 Unknown Driver WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0) 118784 Unknown Driver CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0) 48 Unknown Driver CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0) 8192 Unknown Driver Non-Paged Pool captured using Poolmon.exe ran for few hours; Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K P:155484K Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K P:156196K System pool information Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_Driver MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0) 218920 Unknown Driver LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0) 2576384 Unknown Driver VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0) 225280 Unknown Driver File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568) 152 Unknown Driver Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608) 624 Unknown Driver Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0) 44525 Unknown Driver LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0) 3256 Unknown Driver AfdC Nonp 1338724 ( 7) 1336424 ( 1 2300 368000 ( -1760) 160 [afd] Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648) 326 Unknown Driver Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0) 42192 Unknown Driver Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0) 924 Unknown Driver Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128) 48 Unknown Driver TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400) 84 [tcpip] Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0) 72362 Unknown Driver Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0) 28267 Unknown Driver Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0) 1544 [klif] Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0) 65536 [ntfs] UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0) 608 [http] Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0) 48 Unknown Driver Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952) 138 Unknown Driver Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0) 64 [ntfs] TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432) 48 [tcpip] MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0) 234 Unknown Driver RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0) 131072 [tcpip] Mdl Nonp 613296 ( 2 612315 ( 17) 981 125568 ( 1408) 128 Unknown Driver R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0) 7601 Unknown Driver CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936) 312 Unknown Driver FSfm Nonp 2296640 ( 6 2293700 ( 84) 2940 117600 ( -640) 40 Unknown Driver usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0) 3994 [usbport] MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336) 103 Unknown Driver NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0) 8771 [ntfs] VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608) 32 Unknown Driver UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0) 7563 Unknown Driver CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040) 660 Unknown Driver brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0) 13029 [b57xp32] Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152) 64 Unknown Driver AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144) 535 [afd] Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720) 272 Unknown Driver NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0) 3048 Unknown Driver we are running Kaspersky File Server 6.0.2.690 on all our servers & monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -- 6.0.3.837 Thanks, Kelvin "John John" wrote: Start the Task Manager and select the option to view "Handle Count". Is there a process there with a particularly large handle count, like in the thousands or tens of thousands? If you see nothing out of the usual with the Handle Count then you may want to monitor the pool consumption with poolmon.exe http://support.microsoft.com/kb/177415/ this could reveal which driver or process is consuming all the paged pool. AV programs are sometimes the culprit, NAV in particular is known to sometimes run amuck with the paged pool, did you by any chance update your AV software? John Kelvin Ng wrote: One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 & suddenly server seems like freeze, i have to restart server to solve this problem. it happend on 18/01 & 02/02

Hi John John,
i have capture some memory paged & non-paged snapshots & save in notepad.
just wonder how to attach & send it to you for diagnose?

"John John" wrote:

Quote:

That is a phony address, the email is lost in the etherworld somewhere. When I look at my other reply I see that the output of your post is shown in a more orderly fashion. You have to take several shots and compare the results to determine where the leak might be happening, you can't see this with one snap only. See here for more help: Poolmon Examples http://technet2.microsoft.com/windowsserver/en/library/0d302498-c947-4655-95af-719ae75acfb51033.mspx?mfr=true In particlualar look at Example 3: Detect Memory Leakage This may also be helpful: How do I determine a driver name from a pool tag http://www.jsifaq.com/SF/Tips/Tip.aspx?id=7102 This too may be helpful for monitoring processes: Memsnap Overview http://technet2.microsoft.com/windowsserver/en/library/352dfb2b-b32d-47b5-a888-59433f4904531033.mspx?mfr=true Examining the output of these utilities is much easier in a spreadsheet. John Kelvin Ng wrote: Hi John John, i have sent the attachment files to your audetweld@nbnet.nb.ca email account via my guyncp@hotmail.com as i wouldn't know how attach as csv file in reply to you. Thanks & Regards "John John" wrote: Could you attach that to your reply as a csv file? I'll try to take a look at it and see if I can see anything unusual. As it is in the body of the post it is a bit hard to arrange the information in an easily readable format, as a .csv file it can easily be opened with a spreadsheet program and it is much easier to decipher. John Kelvin Ng wrote: Hi John; on Handles counter under task manager, only below three processes above thousand; System -> 3,093 (Memory Usage -> 356K) csrss.exe --> 1,916 (Memory Usage -> 1,444K) svchost.exe --> 1,802 (Memory Usage -> 30,516K) Paged Pool captured using Poolmon.exe ran for few hours; Memory: 6290552K Avail: 5210884K PageFlts: 24039 InRam Krnl: 2636K P:155512K Commit: 898348K Limit:15540796K Peak:1035740K Pool N:34020K P:156260K Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_Driver sOBi Paged 3102997 ( 0) 0 ( 0) 3102997 124130984 ( 0) 40 [klif] Gh05 Paged 8587275 ( 435) 8586561 ( 435) 714 5558496 ( 0) 7785 Unknown Driver MmSt Paged 14212133 ( 103) 14210571 ( 102) 1562 4363008 ( -2024) 2793 Unknown Driver UlHT Paged 1 ( 0) 0 ( 0) 1 4198400 ( 0) 4198400 Unknown Drive FSrm Paged 201181 ( 0) 199735 ( 0) 1446 2824032 ( 0) 1952 Unknown Driver Io Paged 25066 ( 0) 17636 ( 0) 7430 1295784 ( 0) 174 Unknown Driver CM35 Paged 12 ( 0) 0 ( 0) 12 1245184 ( 0) 103765 Unknown Driver Ntff Paged 2219841 ( 0) 2218751 ( 7) 1090 889440 ( -5712) 816 [ntfs] R100 Paged 43 ( 0) 4 ( 0) 39 851720 ( 0) 21838 Unknown Driver NtFB Paged 776753 ( 10) 776738 ( 10) 15 714504 ( 0) 47633 [ntfs] CMAl Paged 286 ( 0) 114 ( 0) 172 704512 ( 0) 4096 Unknown Driver SoBP Paged 1 ( 0) 0 ( 0) 1 667648 ( 0) 667648 [klif] Gla1 Paged 1757 ( 0) 1434 ( 0) 323 666672 ( 0) 2064 Unknown Driver Wmit Paged 13 ( 0) 2 ( 0) 11 655688 ( 0) 59608 Unknown Driver CMDa Paged 58887 ( 0) 55603 ( 0) 3284 457080 ( 0) 139 Unknown Driver Obtb Paged 1960 ( 0) 1779 ( 0) 181 456240 ( 0) 2520 Unknown Driver NtfF Paged 1375742 ( 2) 1375311 ( 0) 431 403416 ( 1872) 936 Unknown Driver Ttfd Paged 2453 ( 0) 2306 ( 0) 147 382120 ( 0) 2599 Unknown Driver CM16 Paged 124 ( 0) 45 ( 0) 79 344064 ( 0) 4355 Unknown Driver CMVa Paged 8314309 ( 0) 8308764 ( 0) 5545 322720 ( 0) 58 Unknown Driver IoNm Paged 160963514 (1213) 160961603 (1218) 1911 283760 ( -320) 148 Unknown Driver Gla5 Paged 56355 ( 5) 55758 ( 0) 597 234024 ( 1960) 392 Unknown Driver Gla: Paged 126593 ( 4) 126261 ( 0) 332 217792 ( 2624) 656 Unknown Driver UlLL Paged 3 ( 0) 0 ( 0) 3 208896 ( 0) 69632 [http] Gcac Paged 153 ( 0) 115 ( 0) 38 206696 ( 0) 5439 Unknown Driver Toke Paged 6609856 ( 64) 6609567 ( 64) 289 179456 ( 0) 620 Unknown Driver FSim Paged 2348531 ( 2347153 ( 2) 1378 176384 ( 768) 128 Unknown Driver CM25 Paged 655 ( 0) 642 ( 0) 13 176128 ( 0) 13548 Unknown Driver Grgb Paged 51 ( 0) 46 ( 0) 5 163840 ( 0) 32768 Unknown Driver Key Paged 24383193 ( 141) 24381732 ( 141) 1461 151896 ( 0) 103 Unknown Driver CM39 Paged 600 ( 0) 96 ( 0) 504 139200 ( 0) 276 Unknown Driver ArbA Paged 33 ( 0) 0 ( 0) 33 135168 ( 0) 4096 [acpi][mf][pci NtFf Paged 21 ( 0) 11 ( 0) 10 131360 ( 0) 13136 [ntfs] LfsI Paged 2 ( 0) 0 ( 0) 2 131072 ( 0) 65536 Unknown Driver WmIS Paged 1 ( 0) 0 ( 0) 1 118784 ( 0) 118784 Unknown Driver CMNb Paged 8810078 ( 63) 8807871 ( 63) 2207 107488 ( 0) 48 Unknown Driver CM29 Paged 13 ( 0) 0 ( 0) 13 106496 ( 0) 8192 Unknown Driver Non-Paged Pool captured using Poolmon.exe ran for few hours; Memory: 6290552K Avail: 5184792K PageFlts: 23000 InRam Krnl: 2636K P:155484K Commit: 898376K Limit:15540796K Peak:1035740K Pool N:34036K P:156196K System pool information Tag Type Allocs Frees Diff Bytes Per Alloc Mapped_Driver MmCm Nonp 378 ( 0) 293 ( 0) 85 18608264 ( 0) 218920 Unknown Driver LSwi Nonp 1 ( 0) 0 ( 0) 1 2576384 ( 0) 2576384 Unknown Driver VadL Nonp 24 ( 0) 20 ( 0) 4 901120 ( 0) 225280 Unknown Driver File Nonp 127006924 (1296) 127001569 (1327) 5355 817496 ( -4568) 152 Unknown Driver Thre Nonp 2277812 ( 36) 2276573 ( 53) 1239 773136 (-10608) 624 Unknown Driver Mm Nonp 228 ( 0) 216 ( 0) 12 534304 ( 0) 44525 Unknown Driver LSwr Nonp 128 ( 0) 0 ( 0) 128 416768 ( 0) 3256 Unknown Driver AfdC Nonp 1338724 ( 7) 1336424 ( 1 2300 368000 ( -1760) 160 [afd] Irp Nonp 3305835 ( 14) 3304749 ( 12) 1086 354176 ( 648) 326 Unknown Driver Dump Nonp 8 ( 0) 1 ( 0) 7 295344 ( 0) 42192 Unknown Driver Devi Nonp 538 ( 0) 241 ( 0) 297 274600 ( 0) 924 Unknown Driver Even Nonp 12418409 ( 207) 12413104 ( 293) 5305 259136 ( -4128) 48 Unknown Driver TCPC Nonp 154604 ( 1) 151847 ( 6) 2757 232712 ( -400) 84 [tcpip] Pool Nonp 4 ( 0) 1 ( 0) 3 217088 ( 0) 72362 Unknown Driver Hal Nonp 1481203 ( 9) 1481196 ( 9) 7 197872 ( 0) 28267 Unknown Driver Sobc Nonp 128 ( 0) 0 ( 0) 128 197632 ( 0) 1544 [klif] Ntf0 Nonp 3 ( 0) 0 ( 0) 3 196608 ( 0) 65536 [ntfs] UlCO Nonp 384 ( 0) 63 ( 0) 321 195168 ( 0) 608 [http] Vad Nonp 2791742 ( 33) 2787677 ( 33) 4065 195120 ( 0) 48 Unknown Driver Sob2 Nonp 115434515 (1161) 115433189 (1164) 1326 183480 ( 952) 138 Unknown Driver Ntfr Nonp 767339 ( 0) 764507 ( 0) 2832 182216 ( 0) 64 [ntfs] TCPc Nonp 2398991 ( 27) 2396132 ( 36) 2859 137232 ( -432) 48 [tcpip] MmCi Nonp 267840 ( 4) 267269 ( 4) 571 134064 ( 0) 234 Unknown Driver RceT Nonp 1 ( 0) 0 ( 0) 1 131072 ( 0) 131072 [tcpip] Mdl Nonp 613296 ( 2 612315 ( 17) 981 125568 ( 1408) 128 Unknown Driver R100 Nonp 16 ( 0) 0 ( 0) 16 121624 ( 0) 7601 Unknown Driver CcSc Nonp 13098168 ( 195) 13097779 ( 198) 389 121368 ( -936) 312 Unknown Driver FSfm Nonp 2296640 ( 6 2293700 ( 84) 2940 117600 ( -640) 40 Unknown Driver usbp Nonp 88 ( 0) 59 ( 0) 29 115848 ( 0) 3994 [usbport] MmCa Nonp 15045675 ( 221) 15044645 ( 224) 1030 106656 ( -336) 103 Unknown Driver NtFL Nonp 526252 ( 24) 526240 ( 24) 12 105256 ( 0) 8771 [ntfs] VadS Nonp 64562122 ( 527) 64558934 ( 546) 3188 102016 ( -608) 32 Unknown Driver UlLS Nonp 13 ( 0) 1 ( 0) 12 90760 ( 0) 7563 Unknown Driver CcVl Nonp 164145 ( 2) 164025 ( 3) 120 79232 ( -1040) 660 Unknown Driver brcm Nonp 6 ( 0) 0 ( 0) 6 78176 ( 0) 13029 [b57xp32] Vadl Nonp 5023431 ( 92) 5022256 ( 110) 1175 75200 ( -1152) 64 Unknown Driver AfdB Nonp 2451334 ( 227) 2451197 ( 156) 137 73400 ( 25144) 535 [afd] Ntfi Nonp 1008731 ( 21) 1008471 ( 11) 260 70720 ( 2720) 272 Unknown Driver NDpp Nonp 23 ( 0) 0 ( 0) 23 70112 ( 0) 3048 Unknown Driver we are running Kaspersky File Server 6.0.2.690 on all our servers & monitoring using KAV Admin Kit. yet to update to Maintenance Pack 3 -- 6.0.3.837 Thanks, Kelvin "John John" wrote: Start the Task Manager and select the option to view "Handle Count". Is there a process there with a particularly large handle count, like in the thousands or tens of thousands? If you see nothing out of the usual with the Handle Count then you may want to monitor the pool consumption with poolmon.exe http://support.microsoft.com/kb/177415/ this could reveal which driver or process is consuming all the paged pool. AV programs are sometimes the culprit, NAV in particular is known to sometimes run amuck with the paged pool, did you by any chance update your AV software? John Kelvin Ng wrote: One of my Windows Server 2003 log with a lot of event ID : 2020 & 333 & suddenly server seems like freeze, i have to restart server to solve this problem. it happend on 18/01 & 02/02