Share via

Memory leak on Win2022 Domain Controllers - Icp nonpaged pool tag

Anonymous
2024-09-24T07:04:54+00:00

Since sep 18th we've been seeing increasing non-paged pool usage on our 2022 domain controllers - need to reboot them a couple of times a week now.

Poolmon shows high utilization by tag Icp - it keeps increasing until server is non-responsive over 3-5 days

Icp seems to be related to SMB traffic. 2019 DC is not affected

Running build 20348.2700

fyi - Non-paged pool size can be seen in task manager - performance - memory. Should usually be below 1gb

Non-paged pool details can be seen with poolmon.exe (from WDK)

Anyone else seeing this?

Windows for business | Windows Server | Performance | System performance

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-09-25T06:28:46+00:00

    Hello,

    Thank you for posting in Microsoft Community forum.

    Based on the description, I understand your question is related to memory leak.

    1. Try run below command to disable Network Data Usage Monitoring Driver (NDU), it is responsible for collecting data related to network usage, but itself may lead to memory leak. sc config NDU start= disabled
    2. Try update network drivers in device manager:

    Press Windows + 'R' and type devmgmt.msc to open Device Manager.

    Locate the device and double-click on it to expand.

    Double-click on the driver and go to the Drivers tab.

    Click "Update Driver" and select "Automatic Search" for drivers.

    1. Try install the latest windows update for Server 2022. Also, if you are using any 3rd party antivirus software, uninstall it and monitor the memory issue.

    Have a nice day.

    Best Regards,

    Molly

    0 comments
  2. Anonymous
    2024-09-25T07:52:50+00:00

    Hi, thanks for your reply

    1. There are no such service on the server.

    2. Server is an Azure VM, Newly installed...

    3. All updates installed. Running latest available build for 2022: https://support.microsoft.com/en-gb/topic/september-10-2024-kb5042881-os-build-20348-2700-5b548143-9613-4e5a-9454-8ed9be8b2bd2. Defender AV. 

    Server was updated sep 11, but problem didn't start before sep 18. Perhaps some signature update for defender AV / ATP triggered it. 

    Not aware of any system changes at that time either..

    best regards

    axel

    0 comments
  3. Anonymous
    2024-09-26T12:16:09+00:00

    FYI - Have a case with MS support on this. (actually useful this time)

    Possible cause is the defender component. SenseNDR.exe

    Could have been a signature update on the 18th.

    And a little tip if you are looking for which drivers that are using some tag seen in poolmon:

    cd C:\Windows\System32\drivers

    findstr /M /S /L tagname *.sys

    (PS! tagname case sensitive)

    You can then check signature / details on the drivers to see last update / vendor etc.

    0 comments
  4. Anonymous
    2024-09-30T06:42:43+00:00

    Hello,

    Thanks for your sharing, this could help others with similar issues.

    Best regards,

    Molly

    0 comments
  5. Anonymous
    2024-10-07T08:17:30+00:00

    Confirmed known issue by MS Support.

    Mem leak caused by SenseNDR - should be fixed in October Patch Tuesday updates

    0 comments