In our last post on Server Hangs, we discussed using the Debugging Tools to examine a dump file to analyze pool depletion. Today we are going to look at using our troubleshooting tools to examine a server hang caused by a handle leak. Issues where there are an abnormal number of handles for a process are very common and result in kernel memory depletion. A quick way to find the number of handles for each process by checking the Task Manager > Processes. You may have to add the handles column from View > Select columns. Generally if a process has more than 10,000 then we probably want to take a look at what is going on. That does not necessarily mean that it is the offending process, just a suspect. However, there are instances where the process may be for a database or some other memory intensive application. The most common instance of this is the STORE.EXE process for Exchange Server which routinely has well over 10,000 handles. On the other hand if our Print Spooler process has 10,000 (or more) handles then we most likely have an issue.
Once we know there is a handle leak in a particular process, we can dump out all the handles and figure out why it is leaking. If we want to find out from a dump if there is a process that has an abnormally large number of handles, we first have to list out all the processes and then examine the number of handles being used by the processes. To list out all the processes that are running on the box using the Debugging Tools, we use the !process 0 0 command. This will give us an output similar to what we see below[…]
Windows, Troubleshooting, Debugging, Memory Management, Performance