Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows Server 2012 R2 / Huge Memory Usage in Non-Paged Pool in Windows

October 30, 2018 Windows 10Windows Server 2012 R2

Huge Memory Usage in Non-Paged Pool in Windows

In some cases you can see some troubles with memory overflow on computers and servers running Windows related to the leak of a system driver that stores its data in the non-paged memory. Non-paged memory pool is the part of the computer’s RAM, which is used by the kernel and the drivers of the operation system. Non-paged pool is never swapped to the disk (to the paging file), it is always stored only in the physical memory.

You can see the current size of the non-paged memory in the Memory section of the Performance tab in the Task Manager. The screenshot below shows that almost all memory of the server is busy, and the most part of it is occupied by the non-paged pool 4.2GB. Normally, the size of the non-paged pool rarely exceeds 200-400MB. This usually indicates that there is a memory leak in some system component or driver. Large Memory Usage in Non-Paged Pool on Windows

With this memory overflow problem on the server, the following messages may appear in the event log:

The server was unable to allocate from the system Non-Paged pool because the pool was empty.

In most cases, the reason of the memory leak described above is some problems with the third-party drivers installed in the system. As a rule, these are network drivers. Please, pay attention to the pool behavior when downloading large files (it is likely to grow fast up to 128GB or 75% of physical memory in x64 systems). Only the Windows reboot helps to clean up the pool. It may be acceptable for a home computer, but you should find a better solution for a server working 24/7.

Contents:
  • Install the Latest Versions of Network Adapter Drivers
  • Disable the Network Data Usage Driver
  • Disable the Hyper-V Role
  • Using PoolMon to Find a Kernel-Mode Memory Leak

Install the Latest Versions of Network Adapter Drivers

Try to download and install the latest driver versions for your network adapters from the vendor’s website.

If the automatic driver update is enabled, make sure that the problems didn’t appear after the installation of the new drivers. Try to roll back to the previous driver version and see if the problem persists. If the problem is solved, disable automatic driver update.

Disable the Network Data Usage Driver

Quite often the incompatibility of the Network Data Usage (NDU) and network adapter drivers may be the reason of the memory leak in the non-paged pool. This service can be disabled without much loss of Windows functionality.

The service can be stopped using this command:

sc config NDU start= disabled

disable Network Data Usage (NDU) driver

Or through the registry:

  1. Open the Registry Editor (regedit.exe);
  2. Go to registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndu\;
  3. Change the value of the Start parameter to 4.

disable ndu service in windows

After making changes you need to restart your computer.

Disable the Hyper-V Role

In some cases the installed Hyper-V role results in memory leak to the non-paged pool. If you don’t need this role, we recommend to disable it.

Using PoolMon to Find a Kernel-Mode Memory Leak

If the methods described above did not help, you can try to find out, which driver causes the memory leak to the non-paged pool using a console tool Poolmoon.exe (included in Windows Driver Kit – WDK). Download and install WDK for your Windows version from Microsoft website. Then start Poolmon.exe (in case of WDK for Windows 10, the tool is located in C:\Program Files (x86)\Windows Kits\10\Tools\ folder).

After you have started the tool, press P. In the second column the tags of processes using non-paged memory will be left (Nonp attribute), then sort the drivers list by the Bytes column (by pressing B).

Check non=paged pool usage with PoolMon.exe tool

You can see that in our example the drivers with Nr22, ConT and smNp tags are using the most part of RAM in the non-paged pool.

You can find the exact driver files related to these processes using the following commands:

findstr /m /l /s Nr22 %Systemroot%\System32\drivers\*.sys
findstr /m /l /s ConT %Systemroot%\System32\drivers\*.sys
findstr /m /l /s smNp %Systemroot%\System32\drivers\*.sys

So we have got the list of driver files that may cause the problem. Now you have to determine what drivers and system components these files refer to by their names. To do it, you can use sigcheck by Sysinternals.

sigcheck C:\Windows\System32\drivers\rdyboost.sys

The tool returns the name, description and version of the driver or Windows component.
sigcheck - get windows component/driver by sys file
Now you can try to uninstall/update/reinstall the problem driver or service.
This guide is applicable both for Windows Server 2008/2012R2/2016, as well as for desktop Windows 10, 8.1 and 7.

2 comments
3
Facebook Twitter Google + Pinterest
previous post
How to Check .Net Framework Version?
next post
Using GPResult Tool to Check What GPOs are Applied

Related Reading

How to Sign a PowerShell Script (PS1) with...

February 25, 2021

How to Shadow (Remote Control) a User’s RDP...

February 22, 2021

Configuring PowerShell Script Execution Policy

February 18, 2021

Configuring Proxy Settings on Windows Using Group Policy...

February 17, 2021

Updating Group Policy Settings on Windows Domain Computers

February 16, 2021

2 comments

Justin April 14, 2019 - 5:05 pm

It’s all so clear until we come to the sigcheck part in the PoolMon step. You just give us a command but it does nothing. Now I’m stuck knowing that ndis.sys is using 4.8GB ram in my non-paged pool but I don’t know what it is. When I Google for sigcheck I can find an exe file for it but that also does nothing. Why do everything so perfect but stop being clear right at the end? What do I do now?

Reply
admin April 15, 2019 - 11:31 am

You can download the Sigcheck tool from the Microsoft site (_https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck)
Then open an elevated cmd, go to the directory with Sigcheck.exe and run the command:
sigcheck your_path\ndis.sys

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • Accessing USB Flash Drive from VMWare ESXi

    February 26, 2021
  • How to Sign a PowerShell Script (PS1) with a Code Signing Certificate?

    February 25, 2021
  • Change the Default Port Number (TCP/1433) for a MS SQL Server Instance

    February 24, 2021
  • How to Shadow (Remote Control) a User’s RDP session on RDS Windows Server 2016/2019?

    February 22, 2021
  • Configuring PowerShell Script Execution Policy

    February 18, 2021
  • Configuring Proxy Settings on Windows Using Group Policy Preferences

    February 17, 2021
  • Updating Group Policy Settings on Windows Domain Computers

    February 16, 2021
  • Managing Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10

    February 11, 2021
  • Packet Monitor (PktMon) – Built-in Packet Sniffer in Windows 10

    February 10, 2021
  • Fixing “Winload.efi is Missing or Contains Errors” in Windows 10

    February 5, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • How to Run Program without Admin Privileges and to Bypass UAC Prompt?
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • How to Create a Wi-Fi Hotspot on your Windows 10 PC
  • Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update
  • How to increase KMS current count (count is insufficient)
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top