Mar 30 2023 12:50 AM
Hello,
since last month our server started having issue with memory leak all of sudden where non-paged pool increases in size to about 25GB filling up the whole memory, making the system unresponsive.
I traced it with pooltag, the culprit is in tag "FDRo", searching through sys files it pointed to "SysTrace.sys", which is supposed to be "Microsoft MSN Flight Data Recorder". The server runs normally for about 3-4 days, then within couple of hours the memory gets filled up and server crashes.
Is there any way to disable the Flight Data Recorder or fix the driver? Also it is a VM machine running on Hyper-V
Thank you
Mar 30 2023 06:45 AM
SolutionMar 30 2023 07:47 AM
@Dave Patrick How could I miss this post. Thank you very much. I uninstalled the Software Certification Toolkit and renamed the sys file. Hopefully it will fix the issue.
Mar 30 2023 07:52 AM
No worries, glad to hear, you're welcome.
Apr 03 2023 05:39 AM
Apr 03 2023 08:19 AM
The only other thing to try may be to stand up a new one without the Certification Toolkit for testing.
Apr 05 2023 11:47 AM
@Dave Patrick thanks for the response. What do you mean by stand up a new one? Do you mean to set up a new VM? On the current VM I removed all traces of Certification toolkit (don't need it anymore) and removes the systrace.sys, however the problem still keeps coming back, with the same pool tag, but I can't find any other sys with this pool tag.
Apr 05 2023 11:50 AM
What do you mean by stand up a new one? Do you mean to set up a new VM?
Yes, I did.
Apr 05 2023 12:06 PM
Apr 05 2023 12:15 PM
what does the
findstr /m /l FDRo *.sys
return with now? has it been rebooted?
Apr 05 2023 12:35 PM
Apr 05 2023 12:41 PM
Some other things to look at
High Non-Paged Pool Memory Usage (Leak) in Windows | Windows OS Hub (woshub.com)
Mar 30 2023 06:45 AM
Solution