2012r2 Direct Access non-paged memory leak

%3CLINGO-SUB%20id%3D%22lingo-sub-1404001%22%20slang%3D%22en-US%22%3E2012r2%20Direct%20Access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1404001%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20single%20site%202012r2%20Direct%20Access%20server%20running%20as%20a%20hyper-v%20guest%20in%20edge%20configuration.%26nbsp%3B%20The%20physical%20box%20is%20a%202012r2%20Dell%20R710.%26nbsp%3B%20The%20R710%20has%20a%20Qlogic%2FBCM5709C%20NIC%20card%20in%20it%2C%20we%20have%20turned%20off%20VMQ.%26nbsp%3B%20Direct%20Access%20is%20working%20but%20I%20am%20noticing%20a%20non-paged%20memory%20leak%20occurring%20in%20the%20NDnd%20tag%20on%20the%20Direct%20Access%20guest.%26nbsp%3B%20The%20leak%20occurs%20when%20UDP%20RDP%20packets%20traverse%20Direct%20Access.%26nbsp%3B%20The%20RAM%20can%20fill%20up%20in%20a%20day%20and%20the%20box%20blue%20screens%20and%20reboots.%26nbsp%3B%20To%20bypass%20this%20we%20have%20set%20up%20RDP%20traffic%20to%20go%20to%20a%20RDP%20gateway%20instead%20of%20across%20Direct%20Access%20for%20these%20users.%3C%2FP%3E%3CP%3EThe%202012r2%20boxes%20are%20fully%20patched%20and%20the%20clients%20are%20windows%2010%20enterprise%20fully%20patched.%26nbsp%3B%20I%20have%20removed%20all%203rd%20party%20software%20using%20the%20NDnd%20pool%20tag%20and%20a%20%22%3CSPAN%3Efindstr%20%2Fm%20%2Fl%20NDnd%20*.sys%22%20only%20returns%20ndis.sys.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20ideas%20would%20be%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1404001%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Edirect%20access%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHyper-V%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1413107%22%20slang%3D%22en-US%22%3ERe%3A%202012r2%20Direct%20Access%20non-paged%20memory%20leak%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1413107%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F673132%22%20target%3D%22_blank%22%3E%40mattsutton1295%3C%2FA%3E%26nbsp%3B-%20this%20doesn't%20help%20you%2C%20but%20I%20have%20the%20exact%20same%20issue.%26nbsp%3B%20I%20have%20a%20set%20of%202012%20R2%20DA%20servers%20that%20are%20load%20balanced%2C%20and%20they%20started%20having%20a%20major%20memory%20leak%20during%20the%20transition%20to%20a%20new%202019%20RDS%20farm%20that%20utilizes%20UDP%20(old%20farm%20did%20not%2C%20and%20I%20had%20this%20DA%20farm%20up%20for%20years%20without%20issue).%26nbsp%3B%20I%20now%20have%20both%20servers%20set%20to%20a%20ridiculous%2032gb%20of%20RAM%20each%20so%20that%20they%20continue%20to%20function%20with%20only%20doing%20a%20weekly%20reboot%20-%20if%20you%20find%20anything%2C%20let%20me%20know!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1425015%22%20slang%3D%22en-US%22%3ERe%3A%202012r2%20Direct%20Access%20non-paged%20memory%20leak%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1425015%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F677516%22%20target%3D%22_blank%22%3E%40stopnik%3C%2FA%3E%26nbsp%3BInteresting.%26nbsp%3B%20Since%20moving%20the%20RDP%20traffic%20away%20from%20Direct%20Access%20the%20leak%20has%20stopped%20for%20us.%26nbsp%3B%20Something%20with%20RDP%20UDP%20packets%20only%2C%20otherwise%20we%20would%20see%20the%20leak%20grow%20with%20DNS%20queries%20and%20other%20UDP%20traffic.%26nbsp%3B%20Must%20be%20something%20internal%20in%20Direct%20Access%202012r2%20that%20is%20handling%20these%20packets%20differently%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-Matt%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We have a single site 2012r2 Direct Access server running as a hyper-v guest in edge configuration.  The physical box is a 2012r2 Dell R710.  The R710 has a Qlogic/BCM5709C NIC card in it, we have turned off VMQ.  Direct Access is working but I am noticing a non-paged memory leak occurring in the NDnd tag on the Direct Access guest.  The leak occurs when UDP RDP packets traverse Direct Access.  The RAM can fill up in a day and the box blue screens and reboots.  To bypass this we have set up RDP traffic to go to a RDP gateway instead of across Direct Access for these users.

The 2012r2 boxes are fully patched and the clients are windows 10 enterprise fully patched.  I have removed all 3rd party software using the NDnd pool tag and a "findstr /m /l NDnd *.sys" only returns ndis.sys.  

 

Any ideas would be appreciated.

 

 

 

 

 

2 Replies
Highlighted

@mattsutton1295 - this doesn't help you, but I have the exact same issue.  I have a set of 2012 R2 DA servers that are load balanced, and they started having a major memory leak during the transition to a new 2019 RDS farm that utilizes UDP (old farm did not, and I had this DA farm up for years without issue).  I now have both servers set to a ridiculous 32gb of RAM each so that they continue to function with only doing a weekly reboot - if you find anything, let me know!

Highlighted

@stopnik Interesting.  Since moving the RDP traffic away from Direct Access the leak has stopped for us.  Something with RDP UDP packets only, otherwise we would see the leak grow with DNS queries and other UDP traffic.  Must be something internal in Direct Access 2012r2 that is handling these packets differently?

 

-Matt