cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Windows Server 2012 R2 - memory leak SysTrace.sys

JardaTesar
Copper Contributor

‎Mar 30 2023 12:50 AM

‎Mar 30 2023 12:50 AM

Windows Server 2012 R2 - memory leak SysTrace.sys

Hello,

since last month our server started having issue with memory leak all of sudden where non-paged pool increases in size to about 25GB filling up the whole memory, making the system unresponsive.

I traced it with pooltag, the culprit is in tag "FDRo", searching through sys files it pointed to "SysTrace.sys", which is supposed to be "Microsoft MSN Flight Data Recorder". The server runs normally for about 3-4 days, then within couple of hours the memory gets filled up and server crashes.

Is there any way to disable the Flight Data Recorder or fix the driver? Also it is a VM machine running on Hyper-V

 

Thank you

 

mstsc_2023-03-30_09-33-49.png

 

mstsc_2023-03-26_16-33-56.png

 

mstsc_2023-03-21_18-42-02.png

 

Labels:
1,227 Views
0 Likes
11 Replies
Reply
11 Replies
best response confirmed by JardaTesar (Copper Contributor)
Dave Patrick

‎Mar 30 2023 06:45 AM

‎Mar 30 2023 06:45 AM

Solution

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

Read on here.  

Microsof MSN Flight Data Recorder Driver Uses All Non-Paged Memory (microsoft.com)  

 

 

0 Likes
Reply
JardaTesar

‎Mar 30 2023 07:47 AM

‎Mar 30 2023 07:47 AM

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

@Dave Patrick How could I miss this post. Thank you very much. I uninstalled the Software Certification Toolkit and renamed the sys file. Hopefully it will fix the issue.

0 Likes
Reply
Dave Patrick

‎Mar 30 2023 07:52 AM

‎Mar 30 2023 07:52 AM

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

No worries, glad to hear, you're welcome.  

 

 

0 Likes
Reply
JardaTesar

‎Apr 03 2023 05:39 AM

‎Apr 03 2023 05:39 AM

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

Hi, so unfortunately it didn't help. I uninstalled the Certification Toolkit, deleted the Systrace.sys, rebooted the server, it was ok until today, but now the non-paged started increasing again, still with the same pool tag "FDRo". I wasn't able to find any other sys file.
0 Likes
Reply
Dave Patrick

‎Apr 03 2023 08:19 AM

‎Apr 03 2023 08:19 AM

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

The only other thing to try may be to stand up a new one without the Certification Toolkit for testing.  

 

 

0 Likes
Reply
JardaTesar

‎Apr 05 2023 11:47 AM

‎Apr 05 2023 11:47 AM

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

@Dave Patrick thanks for the response. What do you mean by stand up a new one? Do you mean to set up a new VM? On the current VM I removed all traces of Certification toolkit (don't need it anymore) and removes the systrace.sys, however the problem still keeps coming back, with the same pool tag, but I can't find any other sys with this pool tag.

0 Likes
Reply
Dave Patrick

‎Apr 05 2023 11:50 AM

‎Apr 05 2023 11:50 AM

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

What do you mean by stand up a new one? Do you mean to set up a new VM? 

Yes, I did. 

 

 

0 Likes
Reply
JardaTesar

‎Apr 05 2023 12:06 PM

‎Apr 05 2023 12:06 PM

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

There are other VMs running on the same hypervisor and they are running fine. To set up a new VM with same services would be very hard to do, because it is running SAP server with MSSQL, so to configure it all out would be a pain. I will do some more debugging to see if I can find the culprit. What bugs me is that there is the FDRo tag and I can't trace where it is coming from. Thanks for you help anyway.
0 Likes
Reply
Dave Patrick

‎Apr 05 2023 12:15 PM

‎Apr 05 2023 12:15 PM

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

what does the

findstr /m /l FDRo *.sys

return with now? has it been rebooted?

 

 

0 Likes
Reply
JardaTesar

‎Apr 05 2023 12:35 PM

‎Apr 05 2023 12:35 PM

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

Yes it has been rebooted. And this doesn't find anything now. I used this command previously to find the SysTrace.sys. I even tried to run this systemwide with the `/s` arg, but it just ran for couple of hours and didn't produce any output. Strange thing is that the system is fine for 3-4 days, non-paged pool hovering around 500MB, then all of sudden within couple of hours it starts raising and crashes.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by JardaTesar (Copper Contributor)
Dave Patrick

‎Mar 30 2023 06:45 AM

‎Mar 30 2023 06:45 AM

Solution

Re: Windows Server 2012 R2 - memory leak SysTrace.sys

Read on here.  

Microsof MSN Flight Data Recorder Driver Uses All Non-Paged Memory (microsoft.com)  

 

 

View solution in original post

0 Likes
Reply