Windows Server 2016: Unable to locate application occupying non-page buffer pool with tag None

mickey wang 0 Reputation points
2024-05-10T05:34:03.6833333+00:00

My server is running Windows Server 2016 1607 (14393.3866), and it has been running for over three years with 32GB of memory. I've noticed that the non-page buffer pool usage is increasing, currently nearing 20GB. I have ruled out issues with the deployed applications. However, when I attempted to trace the process causing the excessive non-page buffer pool usage, I found that I couldn't pinpoint the specific process. Below is my tracing process:

When using poolmon.exe to view all processes, I found a line with a tag of None, which prevents me from further tracing the issue using this tag. How can I resolve this problem?

User's image

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,525 questions
Windows Driver Kit (WDK)
Windows Driver Kit (WDK)
A set of Microsoft tools that are used to develop, test, and deploy Windows drivers.
47 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wesley Li 6,190 Reputation points
    2024-05-15T07:46:52.3833333+00:00

    Hello

    1. If the pool increased every minute or every second, we may check the issue with WPR tool. Collect the log with pool

    Here is a link for reference:

    Exercise 3 - Track Driver Footprint and Dynamic Allocations During Boot | Microsoft Learn

    1. If the leak occurred randomly, we could check the handles at the same time. Open task manager, in the "details" tab and richt click the bar then choose "select colums". Check whether there is any process occupied many handles, ususaly it should be 10000 or more. Check the issue when the leak is heavy.
    2. Or try to collect a dump. Open administartor command line and run the following command, reboot.

    reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management" /v PagingFiles /t REG_MULTI_SZ /d "C:\pagefile.sys 33764 33764" /f

    reg add "HKLM\System\CurrentControlSet\Control\CrashControl" /v DumpFile /t REG_EXPAND_SZ /d "C:\Windows\Memory.dmp" /f

    reg add "HKLM\System\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 1 /f

    reg add "HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters" /v CrashOnCtrlScroll /t REG_DWORD /d 0 /f

    reg add "HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\CrashDump" /v Dump1Keys /t REG_DWORD /d 0x20 /f

    reg add "HKLM\SYSTEM\CurrentControlSet\Services\kbdhid\CrashDump" /v Dump2Key /t REG_DWORD /d 0x3d /f

    reg add "HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters" /v CrashOnCtrlScroll /t REG_DWORD /d 0 /f

    reg add "HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\CrashDump " /v Dump1Keys /t REG_DWORD /d 0x20 /f

    Keep press right "ctrl"+space (twice), the machine will crash and you will get a dump. If you are familar with windbg, you could open the dump then run "!poolused /t 5 2 " then check the tag information for more details.

    Here is a link for more information.

    Pushing the Limits of Windows: Paged and Nonpaged Pool - Microsoft Community Hub

    Considering analyzing the pool leak issue may be complicate, we may consider to open a ticket for more resources.

    0 comments