Tuesday, October 30, 2012

Troubleshooting a paged pool leak in Windows 




Operating Systems
Windows server 2008,
Windows Server 2008 R2,
Windows server 2003,
Windows server 2003 R2

Problem

Here we will fix a real paged pool leak on your system so that we can put to use the techniques to track down the leak.


Solution
When a program needs to store some temporary information during execution, it can dynamically request a chunk of memory from the system. However, the system has a fixed amount of total memory available. If one application uses up all of the system’s free memory, then other applications will not be able to obtain the memory that they require. The implications of a “memory starved” application can range from a graceful shutdown to an unexpected crash. Most large scale applications regularly request memory, so running out of system memory tends to have a domino effect. Even if the applications do not terminate, the system will slow down to a crawl—or even hang—in low memory conditions. Clearly, none of these results are desirable, so the system never wants to run out—or run low—of memory.

responsibility of each application to “free” dynamically requested memory when they are finished using it. Freeing the memory returns it to the system, where it can be re–allocated to another application when needed. When an application dynamically allocates memory, and does not free that memory when it is finished using it, that program has a memory leak. The memory is not being used by the application anymore, but it cannot be used by the system or any other program either.

Memory leaks add up over time, and if they are not cleaned up, the system eventually runs out of memory. Most everyone has seen the “Your computer is running low of virtual memory” message box on Windows when memory gets too high. It is typically accompanied by horribly slow response time, and often the user can’t even close the wasteful application because of this sluggishness. The only response at that point is to reboot the computer.

Memory leaks are bad on any system. For the automotive platform, however, they become much more of a significant problem. This is due to the following:

Applications stay in memory when not in use. Typically, the operating system can clean up after a program which leaks memory after it terminates. However, since we do not allow the users to easily shut down automotive applications, Windows CE cannot clean up after any ill–behaved applications.
System run–time is expected to be unlimited. If all else fails, a system reboot will clean up all memory leaks. However, although we do support system reboots, our goal is that the user will never need to do so. Since you do not need to “reboot” your car stereo every few weeks because it stops working, or because the performance becomes poor, it is unacceptable to need to do so on the automotive platform.
Systems typically have lower total available system memory. Desktop applications can get away with being sloppy with memory when they run on systems with 64 megabytes of RAM and more, and with large hard drives to store swapped out virtual memory pages. But the automotive platform may have only 16 megabytes total memory, and that includes process and storage memory together! In order words, that memory must store what would be in RAM on a desktop PC, as well as what would be on the hard drive.

Paged and nonpaged pools serve as the memory resources that the operating system and device drivers use to store their data structures. The pool manager operates in kernel mode, using regions of the system’s virtual address space (described in the Pushing the Limits post on virtual memory) for the memory it sub-allocates. The kernel’s pool manager operates similarly to the C-runtime and Windows heap managers that execute within user-mode processes.  Because the minimum virtual memory allocation size is a multiple of the system page size (4KB on x86 and x64), these subsidiary memory managers carve up larger allocations into smaller ones so that memory isn’t wasted.

Coming to our experiment, we are used number of utilities for testing the memory leakage issues.

Resources used:
  • TaskManger

It is the responsibility of each application to “free” dynamically requested memory when they are finished using it. Freeing the memory returns it to the system, where it can be re–allocated to another application when needed. When an application dynamically allocates memory, and does not free that memory when it is finished using it, that program has a memory leak. The memory is not being used by the application anymore, but it cannot be used by the system or any other program either.

Memory leaks add up over time, and if they are not cleaned up, the system eventually runs out of memory. Most everyone has seen the “Your computer is running low of virtual memory” message box on Windows when memory gets too high. It is typically accompanied by horribly slow response time, and often the user can’t even close the wasteful application because of this sluggishness. The only response at that point is to reboot the computer.

Memory leaks are bad on any system. For the automotive platform, however, they become much more of a significant problem. This is due to the following:

Applications stay in memory when not in use. Typically, the operating system can clean up after a program which leaks memory after it terminates. However, since we do not allow the users to easily shut down automotive applications, Windows CE cannot clean up after any ill–behaved applications.
System run–time is expected to be unlimited. If all else fails, a system reboot will clean up all memory leaks. However, although we do support system reboots, our goal is that the user will never need to do so. Since you do not need to “reboot” your car stereo every few weeks because it stops working, or because the performance becomes poor, it is unacceptable to need to do so on the automotive platform.
Systems typically have lower total available system memory. Desktop applications can get away with being sloppy with memory when they run on systems with 64 megabytes of RAM and more, and with large hard drives to store swapped out virtual memory pages. But the automotive platform may have only 16 megabytes total memory, and that includes process and storage memory together! In order words, that memory must store what would be in RAM on a desktop PC, as well as what would be on the hard drive.


Paged and nonpaged pools serve as the memory resources that the operating system and device drivers use to store their data structures. The pool manager operates in kernel mode, using regions of the system’s virtual address space (described in the Pushing the Limits post on virtual memory) for the memory it sub-allocates. The kernel’s pool manager operates similarly to the C-runtime and Windows heap managers that execute within user-mode processes.  Because the minimum virtual memory allocation size is a multiple of the system page size (4KB on x86 and x64), these subsidiary memory managers carve up larger allocations into smaller ones so that memory isn’t wasted.

Coming to our experiment, we are used number of utilities for testing the memory leakage issues.

Resources used:


Except Task manager all the utilities are downloaded from Microsoft Sysinternals.
To download simply hold Ctrl key and select the item.

The leak will be generated by the NotMyFault tool from Sysinternals.
When we run NotMyFault.exe, it loads the device driver Myfault.sys and presents the following dialog box

pool leakage
notmyfault

Click the Leak Paged button. This causes NotMyFault to begin sending requests to the Myfault device driver to allocate paged pool. (Do not click the Do Bug button or you will experience a system crash; this button is used todemonstrate various types of crashes.)

NotMyFault will continue sending requests until you click the Stop Paged button. Note that paged pool is not normally released even when you close a program that has caused it to occur (by interacting with a buggy device driver); the pool is permanently leaked until you reboot the system. However, to make testing easier, the Myfault device driver detects that the process was closed and frees its allocations.

While the pool is leaking, first open Task Manager and click on the Performance tab. You should notice Kernel Memory (MB): Paged climbing.





kernel memory


You can also check this with Process Explorer’s System Information display. (Click on View and then System Information.)


System Information

To determine the pool tag that is leaking, run Poolmon and press the B key to sort by the number of bytes.

poolmon1
 Press P twice so that Poolmon is showing only paged pool. You should notice the pool tag “Leak” climbing to the top of the list. (Poolmon shows changes to pool allocations by highlighting the lines that change.)


poolmon2

 Now press the Stop Paged button so that you don’t exhaust paged pool on your system.

 Run Strings (from Sysinternals) to look for driver binaries that contain the pool tag “Leak”:

Strings %SystemRoot%\system32\drivers\*.sys | findstr Leak

leak

This should display a match on the file Myfault.sys, thus confirming it as the driver using the “Leak” pool tag.
Once we had identified the device driver, we could identify the manufacturer and work on it for the resolution..
It’s worth bearing in mind that the same technique can also be used to troubleshoot paged pool problems as well.

Monday, July 9, 2012

Computer stops responding when it is resumed from standby mode

Operating system
Windows Server 2003
Problem
When we resume the computer from standby mode, the computer may stop responding. Sometimes it may also see the "Applying Personal Settings" message box for up to an hour before the desktop appears.
Typically, when you resume a Windows Server 2003-based computer from standby, the computer is locked. Therefore, you must log on to the computer before you can access the desktop. However, when this problem occurs, the computer is not locked, and the Windows Server 2003 logon screen does not appear.
Solution
We found the following event messages may be logged in the application event log on the domain controller after restart the Windows Server 2003-based computer:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com. The file must be present at the location <\\domain\sysvol\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Access is denied. ). Group Policy processing aborted. For more information, see Help and Support Center at http://support.microsoft.com.

or
Description: Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=domain,DC=com. The file must be present at the location <\\domain\sysvol\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The network path was not found. ).

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Description: Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine. For more information, see Help and Support Center at http://support.microsoft.com.
When we turn on user environment (Userenv) logging, domain Distributed File System (DFS) services may not work after the computer resumes from standby. Additionally, you may receive messages that resemble the following messages in the %SystemRoot%\Debug\UserMode\Userenv.log file.
According to Microsoft this problem may occur if the Winlogon process tries to process group policies before other components are running. However, there are several other scenarios that may cause this problem. Make sure that the following components are started and that they are configured correctly Netlogon and DFS services are started.
  • Domain controllers have the read and apply rights to the Domain Controllers Policy.
  • NTFS file system permissions and share permissions are set correctly on the Sysvol share.
  • DNS entries are correct for the domain controllers.
Method 1:
Microsoft released one Fix Microsoft Fix it 50615 for the above problem. The download link available from the below
Method 2:
Update latest Service Pack for the server operating system.
Method 3:
Open the registry editor and locate the below path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Create the DWORD value If the WaitForNetwork, if the value is not exists. Set the value to 1.
Close the registry editor and restart the computer

Error message 0x80070057 when backup files in windows

Operating system
Windows 7
Scenario
When we trying to backup files using the windows inbuilt backup utility called Windows Backup, the backup process fails and showing the below error
An internal error has occurred: The parameter is incorrect: (0x80070057).
Solution
Method 1:
Microsoft released the Fixit Microsoft Fix it 50719 for the above issue. The same will be available from the below link
Method 2:
Change the decimal symbol setting
This problem can occur if the decimal symbol is not set to '.' (dot). This is common in languages and locales other than English (United States), such as German (Germany).
To change the decimal symbol setting, follow these steps:
  1. Open Control Panel, click Clock, Language, and Region, and then click Region and Language.
  2. Click the Formats tab, and then click Additional settings.
  3. In the Decimal symbol field, type . (dot), and then click OK two times.
  4. Restart the computer.
Method 3:
Open the registry editor by typing the regedit.exe command and locate the below path.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System.
Create a DWORD value CopyFileBufferedSynchronousIo and modify the value to 1.Close the registry editor and reboot the computer.

Less Disk Space issue in windows vista due to increase size in WINSXS folder

Operating system:

Windows Vista SP1&SP2

Solution:

1.Check Pchealth folder exceeding its size.
2.Checked program files and users folders.
But in windows folder, there is a folder named  WINSXS showing couple of GB size.

SxS means Side-by-side technology and it is a solution integrated in recent Windows versions by Microsoft in a attempt to reduce DLL hell. The problem with this solution is that the system keeps all versions of installed components in order to be able to serve them to asking application. As a downside, you will notice that this folder grows up very quickly and this can quickly became a very serious issue for your computers

Common sizes for the WinSxS folder:

- Windows 2003 : WinSXS = 25 MB / 05 GB (total Windows)
- Windows 2008 : WinSXS = 05 GB / 10 GB (total Windows)

The only safe way to reduce the size of the WinSxS folder on the disk is to remove the packages that installed the original components. This can be achieved by uninstalling superseded versions of packages.

On Windows Vista, Service Pack 1 contains VSP1CLN.EXE. Running VSP1CLN.EXE will make the Service Pack package permanent and not removable.

The tool is automatically installed as part of the SP1 upgrade, and you can find it under %windir%\system32\vsp1cln.​exe.

On Windows Vista, after Windows SP2 you can use COMPCLN.EXE to clean up WinSxS folder. This tool is installed as part of the SP2 upgrade, and you’ll find it under \%windir%\system32\compcln.​exe.

As with vsp1cln.exe, executing compcln.exe will make SP2 not removable.

Other third part solutions to reduce WinSxS size are:

WINSXSLITE

VLITE

VOPTIMIZER

if your problem is with %windir%\winsxs\ManifestCache\ growing too much, you can refer to this procedure to remove the files under the %windir%\winsxs\ManifestCache\ and to release some disk space that the WinSXS folder is taking:

Net stop trustedinstaller
Takeown /f %windir%\winsxs\ManifestCache\​*
Icacls %windir%\winsxs\ManifestCache\​* /GRANT administrators:F
Del /q %windir%\winsxs\ManifestCache\​*

Server hanging at Applying Computer Settings stage of the logon process

Operating system

Windows server 2008,
Windows 7,
Windows Vista

Problem

When we start a computer it stops responding and appears to hang at the "Applying User Settings" or "Applying Computer Settings" stage of the logon process.



Solution


As per the Microsoft articles this issue typically occurs after install a server certificate and then configure Secure Sockets Layer (SSL) on the computer. For example, we install a SSL server certificate in Internet Information Services (IIS) 7.0 and then enable HTTPS on your website to use the certificate.


This issue occurs because of a deadlock in the Service Control Manager database. The Service Control Manager tries to start the HTTP.sys service and then puts a lock in place in the Service Control Manager database. Then, HTTP.sys makes a call that requires Cryptographic Services during startup. Then, a request is sent to start Cryptographic Services. However, a lock is already in place in the Service Control Manager database. Therefore, a deadlock occurs.


Method1


Microsoft released a Hot fix for this issue it is available from the below link
http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2379016&kbln=en-us

Method 2


To resolve this issue, create a DependOnService registry key to modify the behavior of HTTP.sys. This makes HTTP.sys depend on crytosvc service to be started first.


Open the registry editor by typing the command regedit.exe with administrative privilges.


Locate and then click the following registry subkey:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP


On the Edit menu, point to New, and then click Multi-string Value. Type DependOnService, and then press ENTER. Modify the value by typing the CRYPTSVC, and then click OK. Exit Registry Editor.


Restart the computer.


Method 3:


Microsoft Fixit team released the fix
Microsoft Fix it 50564 for solving this issue.

Saturday, June 9, 2012

How to verify Global Catalog Server Readiness in Windows server 2008

          
Operating System

Windows server 2008, Windows Server 2003.
Scenario

After enabled the global catalog role on a domains controller, we might want to ensure that it is properly functioning as a global catalog server before clients and services start querying the global
catalog partition on this server.
 How To
When a global catalog server has satisfied replication requirements, the isGlobalCatalogReady rootDSE attribute is set to TRUE and the global catalog is ready to serve clients.
To perform the following procedures you must be a member of the Domain Users group.
To verify global catalog server readiness by using LDP, perform the following steps:
1. Log on to a domain controller.
2. Click Start, click Run, type LDP, and click OK.
3. On the Connection menu, select Connect.
4. In the Connect box, type the name of the server whose global catalog readiness want to verify, as shown in Figure below
  

5. In the Port box, if 389 is not showing, type 389.
6. If the Connectionless box is selected, clear it and then click OK.
7. In the details pane, verify that the isGlobalCatalogReady attribute has a value
 of TRUE, as shown in Figure below.
 
Verify Global Catalog Server Readiness by using NLTest

To verify global catalog server readiness by using NLTest, perform the following steps:
1. Log on to a domain controller.
2. Click Start, and click Command Prompt.
3. In the Command Prompt window, type the following command:
nltest /server:servername /dsgetdc:domainname
 (where servername is the domain controller you want to validate global catalog readiness and domainname is the name of the domain to which the domain controller belongs).
4. Verify that GC is listed under the Flags section of the results, as shown in below figure.
 

Configuring TS Web Access in windows 2008 server

                       
Operating System
Windows server 2008
How To
Windows Server 2008 Terminal Services bundled with a service called TS Web Access. TS Web Access service  enables users to access a web page running on the system hosting the Terminal Server to obtain a list of desktops and remote applications which are available for remote access.
Here is the step by step to configure the TS Web Access in windows 2008 server.
Open the server manager by selecting the start/Administrative Tools. Open Roles Tab. On right pane select Add roles. Select the Terminal Service Role from the list.
 
Select next and continue. On next page select the Terminal server and TS Web Access services. Click next and continue with the default settings. TS Web Access requires a number of other roles, like IIS web server role. Click on the Add Role Services to ensure that these services are also installed. Click the Next button to review information about the services being installed. Click next to review the IIS services being installed. Click Next once again to move to the confirmation screen and click on Install to initiate the installation.
 

After restart open the Browser and follow the link
        http://systemID/ts
where the systemID is the IP address or system name of the Terminal server. On successful connection the browser will prompt for the user and password credentials..




Once entered, the TS Web Access page will appear, listing any remote applications available for access on the local system.
 To configure applications such that they can be launched from the Windows Server 2008 TS Web Access page they must first be installed for use with Terminal Services and then configured as RemoteApps.
Start -> All Programs -> Terminal Services -> TS Remote App Manager or by running remoteprograms.msc in a Run dialog or command prompt. Once launched, the manager will appear as follows.


To configure an application as a RemoteApp, begin by clicking on the Add RemoteApp Programs link in the Actions panel located in the top right hand corner of the TS RemoteApp Manager screen. This will display the RemoteApp wizard containing a list of currently installed applications. One or more applications may be selected from the list before pressing the Next button.



It is essential that any RemoteApps be configured for access via TS Web Access. To ensure this is the case, select the appropriate application from the list and click on the Properties button to open the RemoteApp Properties dialog as shown below. Within this dialog, make sure that the RemoteApp is available through TS Web Access box is checked.
 
Click OK to close the RemoteApp Properties dialog and then click Next in the wizard to proceed to the Review Settings screen and Finish to complete the configuration. Upon completion the applications will be listed under RemoteApp Programs s shown below.
With the RemoteApp applications configured they will now appear on the TS Web Access page ready to be invoked by a remote user..
 
When launched, these applications will appear within their own windows on the client desktop just as if they are locally installed applications

Thursday, June 7, 2012


Transport service is getting failed in Exchange server 2007

Operating system

Microsoft Exchange server 2007 SP1
Windows server 2003 Standard Edition R2  64 bit with SP 2

Problem

While booting the exchange server error showing Exchange Application Error 17003. While starting the service manually the error coming Exchange Application Error 5000.
Event log 17003 and 5000 created as shown in below 
                                                                                       
  Solution

 Backup the current database files first
To repair the specified database, follow these steps:
 Verify that the Microsoft Exchange Transport service is stopped.

Run the Eseutil /P utility on the specified database.
The repair can take a long time on a large database. If the affected database is the message queue database, you can move the database files to another location, and then start the Microsoft Exchange Transport service to create a new message queue database. This lets you perform the database repair without any loss of functionality on the Hub Transport server or Edge Transport server. After the message queue database has been repaired, you can use any other HubTransport server or Edge Transport server to deliver the messages that are trapped inside the repaired database.
Start the Microsoft Exchange Transport service.
( If the Microsoft Exchange Transport Service still does not start because of database corruption errors, you must move or delete the specified database and allow a new copy of the database to be created)
Delete the specified database and the corresponding transaction logs. A new copy of the database and the transaction logs is created automatically. Use this option if you don't care about the contents of the specified database.
To delete the specified database and corresponding transaction logs, follow these steps:
Verify that the Microsoft Exchange Transport service is stopped.
Delete the specified database files and the corresponding transaction log files. The database files and the transaction log files are described in the following list:

Mail.que or IpFiltering.edb  The main database file
Trn.chk  The checkpoint file
Trn*.log  The transaction logs
Trnres*.jrs  The reserved transaction logs that serve as placeholders
Temp.edb  A sample database file that is used to verify the database schema. Although this is not a transaction log file, it is always kept with the transaction logs.
If the database files are not recoverable allow a new copy of the database to be created.

Drive not ready exception processing message c00000a3 error 

Problem

While booting to windows it shows windows drive not ready exception processing message c00000a3 error. If we open any folder,any option or any process ,the same dialog box continuously appearing on screen.




Operating system: 
Windows 7, Windows Vista, Windows XP

Solution:

Click Start, and type “regedit” to open registry editor.Press Enter.

2. In the Registry Editor, on the left pane, navigate to the following key by expanding the plus sign (+):

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\Control\Windows

3. Right click on "Windows", click "Export", and then save it to the C:\ drive. (In case we need to undo the modification, we can double click it to restore the registry key)

4. Double-click on the key ErrorMode, and set the data value to 2.

5.Restarted the computer.

Fix tool: 
Click here to Download Drive not ready Error Fix Too

Windows Live Mail Showing Blank Black Screen Only

           

Operating system
Windows Vista, Windows 7
Problem
While opening the Windows Live mail showing blank black screen only
Solution
This issue can be caused if all the following scenarios apply on the Windows computer:
•         If system have  Intel integrated graphics driver Igdkmd32.sys (32-bit) / Igdkmd64.sys (64-bit) versions  
                  8.15.10.2104 through 8.15.10.2141.
•         If Windows Update KB2454826 installed on the computer.
•         Using Windows Live Mail versions 15.4 and later.
•         Windows automatic updates turned on already.
•         Check the windows update patch KB2454826 on installed updates screen.
•         Remove the KB KB2454826 from installed updates even it is found in windows updatescolumn.
•         Update the latest display driver for the system.
•         Update the fix utility for the same from the following link

Install the Active Directory Schema Snap-In in windows 2008 server


Operating System 
   
                    
Windows 2008 server 32/64 bit
Solution
We need to manage the AD DS schema, which can include extending the schema, modifying existing attributes and classes.
To install the Active Directory Schema snap-in, perform the following steps:
1. Log on to a domain controller or a member computer.
2. Click Start, and click Command Prompt.
3. In the Command Prompt window, type the following command and press Enter:
                               regsvr32 schmmgmt.dll
4. You will receive a notification that schmmgmt.dll was registered successfully, as shown in Figure below. Click OK and close the Command Prompt window.


5. Click Start, click Run, type mmc /a, and click OK. On the File menu, click Add/Remove Snap-In.
6. In the Add or Remove Snap-ins window, select Active Directory Schema under Available Snap-ins, click Add, and then click OK. The Active Directory Schema snap-in is added to the MMC console, as shown in Figure below.



7. On the File menu, click Save As. In the Save As window, type %systemroot%\System32\schmmgmt.msc in the File name field, and click Save.

8. Close the console. Right-click Start, and click Open All Users. Double-click Programs double click Administrative Tools. On the File menu, click New; then click Shortcut.
9. In the Create Shortcut Wizard, the Type the Location of the Item box, type schmmgmt.msc; then click Next.

10. On the Select a Title for the Program page, in the Type a name for this shortcut,
type Active Directory Schema; then click Finish.

11. To verify that the Active Directory Schema shortcut was created successfully, click Start, click Administrative Tools, and verify that Active Directory Schema is listed, as shown in figure below
                          

Procedure to clearing the ConfigMgr (SCCM) client local cache (CCM cache) -Resolving Disk space isssue

Essentially the client cache is a temporary download location for software, applications and software updates that are deployed to a clie...