Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Process Monitor : Application has been waited around 360 seconds

December 20, 2015, 5:15 pm
$
0
0
Author: ASuzuki
Subject: Application has been waited around 360 seconds
Posted: 21 December 2015 at 1:15am

Hello pinscomputer-san,
Thank you very much for response.

Yes, posted trace is filtered by process name is "xxxx.exe", because there are more than 150K lines exist between line 01 and 02 for other applications.
Here is the previous 2 lines of trace (-1 and 00).  These are not filtered. (01 and 02 are filtered by process name is xxxx.exe)   I am not sure what dose it mean FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION.  I appriciate if you explain previous 2 lines.

No Time of Day      Process Name  Operation                 Path                            Duration
-1 8:31:29.4359248  xxxx.exe      FASTIO_QUERY_INFORMATION  C:\System Volume Information\EfaSIDat\SYMEFA.DB-journal
                                                                                              0.0000056
00 8:31:29.4359363  xxxx.exe      FASTIO_RELEASE_FOR_SECTION_SYNCHRONIZATION                  0.0000030
                                                            C:\System Volume Information\EfaSIDat\SYMEFA.DB-journal
01 8:31:29.4360396  xxxx.exe      IRP_MJ_CREATE             C:\Windows\System32\perfts.dll  361.4222372
02 8:37:30.8282717  xxxx.exe      FASTIO_QUERY_INFORMATION  C:\ProgramData\...\Iron.db        0.0000109 

I appreciate your help in advance.
ASuzuki

Search

PsTools : psPING - few errors

December 20, 2015, 10:36 pm
$
0
0
Author: alysko
Subject: psPING - few errors
Posted: 21 December 2015 at 6:36am

I used the same machine as both server and client, testing its own bandwidth etc. (whether the machine could be a limiting factor for another test, and to which degree) The usage of the same PC for both server and client should not be a problem. Whilst doing the testing, I found what seems to be bugs in the psping, and so am looking for answers ...

BgInfo : BGInfo Bugs or Feature Request

December 21, 2015, 12:45 am
$
0
0
Author: Didey
Subject: BGInfo Bugs or Feature Request
Posted: 21 December 2015 at 8:45am

There is a problem with multi monitor configurations when monitors have different resolution. 
It is doesn't matter how monitors are located.
 
If this could be fixed - that will be awesome!
Many thanks

PsTools : PSExec using LIST stalls

December 21, 2015, 8:22 am
$
0
0
Author: dmoosun
Subject: PSExec using LIST stalls
Posted: 21 December 2015 at 4:22pm

\\192.168.18.17\ITSupport\Installs\SK1.bat exited on 192.168.18.99 with error code 1622.

Any advice? Anything I try now, I'm getting this error code 1622, if I use the server DNS name, I get 'The network path was not found' if I use the server IP I get error code 1622.

Please help!

I was using

PSEXEC \\192.168.18.99 -N 15 -H -S "\\TOG1\ITSupport\Installs\SK1.bat"

As a test as I keep getting the error message 'The network path was not found'.


Edited by dmoosun - 15 hours 46 minutes ago at 4:27pm

Autoruns : process picked up by PE but not Autoruns

December 21, 2015, 3:04 pm

Autoruns : process picked up by PE but not Autoruns

December 21, 2015, 4:01 pm
$
0
0
Author: ginahoy
Subject: process picked up by PE but not Autoruns
Posted: 22 December 2015 at 12:01am

 No tasks are scheduled.

I should point out that others have reported having issues with this service. However, the discussions I found only deal with how to get rid of it, which I can't do since I need it ActivIdentity/ActivClient to access my wife's online benefits (she works for the federal government).

One of the discussions I found recommended Autoruns as a means to temporarily disable the service. However, I'm befuddled as to why Autoruns doesn't list it, even though Process Explorer and Task Manager most definitely show it's running.

Troubleshooting : Having troubles with NSI windows 7 service.

December 21, 2015, 10:30 pm
$
0
0
Author: DarkghostX
Subject: Having troubles with NSI windows 7 service.
Posted: 22 December 2015 at 6:30am

On my Windows 7 laptop, I am having trouble with the NSI service. Over time the svchost.exe that holds the NSI service starts taking up more and more memory. Last time when I restarted the laptop the host process was taking more than 1 million memory according to task manager. Also the process will randomly eat up half the cpu power before stopping and then restarting. I believe the problem is NSI because I watched things on the resource monitor and noted that when svchost started taking half the cpu, the NSI service was the culprit.

I need to try and diagnose the root of the problem. I am uncertain if the issue even has anything to do with things I have installed or if it is something Microsoft screwed up in on of their patches.

I have already tried both Hotpatches, tried SFC command line trickery which is a completely different pooch screw, and am not sure what else to do. None have really worked.

I have tried contacting various local tech repair groups, even contacting MS tech support. None have been really helpful.

I am starting to get a little desperate. I really do not want to do a nuke and reload.Ouch

Please help me guys.


Edited by DarkghostX - 1 hour 42 minutes ago at 6:31am

PsTools : Get registry key value

December 21, 2015, 10:40 pm
$
0
0
Author: SumRout
Subject: Get registry key value
Posted: 22 December 2015 at 6:40am

Hello Team,

I need help in getting the registry key value for a particular Key...
The below is the code I have but its not working.....

**********************************************
@echo off
set file=c:\regcomplist.txt
for /f "Tokens=*" %%g in (%file%) do (
echo %%g>> c:\regquery.txt
reg query "\\%%g\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011" /v "IEEE11nMode">> c:\regquery.txt
echo.>> c:\regquery.txt
) 
***************************************************
I want to know the key value of "IEEE11nMode"

Regards,
Suman Rout
Search

Troubleshooting : Win 7 x64 clients show non paged pool event 2017

December 22, 2015, 3:59 am
$
0
0
Author: BKBianko
Subject: Win 7 x64 clients show non paged pool event 2017
Posted: 22 December 2015 at 11:59am

We have set up a network share (for scanned documents sent from network multifunction printers) on Windows 7 SP1 (64 bits) computers with 4GB RAM.
On these PCs run SAP B1 Client, Outlook 2007, Symantec Endpoint Protection 12 RU6.
Them, randomly, show event 2017. The exact message is "The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.". The multifunction printers are not able to send scanned documents on the shares.

The computer was using 110-130 MB of nonpaged memory at the time of the event. The driver with higher usage of non paged memory pool is the intel storage driver (iastore.sys) with 30MB (I use Poolmon). The Non Paged Pool limit showed by Process Explorer is about 3GB.
Reading Mark Russinovich’s Pushing the Limits of Windows: Paged and Nonpaged Pool it appears the Windows memory manager statically set nonpaged limit to 75% of RAM (3GB in fact). We assume the configured limit referred to in event 2017 is set by the LanmanServer. So which limit am I reaching on these clients? Allocations or what else? And how can I see the allocation limit and which process/driver is reaching that limit?

Repeating the above scenario only using an WindowsXP SP3 (32 bits) computer with 2GB RAM , with same applications installed on them as on Win 7 clients, does not cause event 2017 or any other problems.

We have obviously seen articles that suggest to change the registry settings:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Size

By putting the second one to "3" the event does not show any more.

We find these changes to lack detailed documentation. What I have understood is:
  • The LargeSystemCache variable appears to impact on the size of the file system cache. We do not understand how this would improve our test case. 
  • The Size variable is associated to four different "profiles" but there is not description of what these "profiles" actually mean. How do we know whether to select "Minimize memory used" or "Balance" or "Maximize data throughput for file sharing" or "Maximize data throughput for network applications" without knowing more about them. We assume each setting has a pros and cons. We assume each setting can impact on the how the operating system and other application work.
I wonder, morevoer, if it is to be considered as "normal" and by design that a 64 bit OS that shares one folder needs registry tweaks to funcion properly. Or it is not normal and I need to further investigate on this issue?
We would appreciate some input and addressing on this topic. 

Cheers
Francesco

Troubleshooting : MS Excel Hangs / Freezes on File -> Open

December 22, 2015, 4:36 am
$
0
0
Author: jc001
Subject: MS Excel Hangs / Freezes on File -> Open
Posted: 22 December 2015 at 12:36pm

I'm trying to resolve an issue w/ MS Excel 2010. Specifically, when I try to open a file using thje File -> Open Dialogue, or clicking on one of the in-program icons, the programs hangs; it doesn't necessarily crash. Instead, it seems to be waiting for a response from me / the user, but is not able to display the File -> Open dialogue window. (Some mouse-wheel-driven up and down scrolling functionality is retained.) When I click directly on the file I want to open (from within the MS File Explorer), the file opens as expected.

The problem seemed to start somewhat intermittently when I was still using Windows 7 Pro x64, but has now become a permanent feature on all my machines since I upgraded to Windows 10. The error message I occasionally received under Windows 7 was (paraphrased) "Windows is waiting for a response from the user" Now, under Windows 10, there is no true error message. When I try to close Excel using the right-click on the task bar icon, it states "Cannot Quit Microsoft Excel".  I have to use the task manager to close MS Excel.
 
Per some other suggestions on the web, and among other efforts ... (1) I've cleaned my registry, (2) deleted and reinstalled all printers, (3) repaired MS Office, and(4) uninstalled and reinstalled MS Ofice.

Also, I ran SFC /scannow, and it indicated "Resource protection found corrupt files but was unable to fix some of them ..." CBS.log pointed to the following ... "C:\WINDOWS\SysWOW64\opencl.dll" (I'm not sure what to do with that info)

No joy. Thumbs Down

One of the best clues I have as to what might be happening appeared immediately after re-installation of MS Office. During reinstallation I provided my product key. Then, upon opening Excel, I used the File -> Open icons, and the File Open dialogue appeared .. as it should! But, I was again prompted for my MS Office key, (this time from within Excel) and the problem immediately reappeared after I entered the key. It's a strange one. The MSFT chat representative confirmed I was using a good key.

On another note ... When I was using Windows 7, I briefly experimented with folder redirection, but undid / abandoned it since not all programs I used seemed to accept it / recognize it / play well with it. Maybe MS Excel is still trying to look for the files in a redirected location? Is there a way to confirm that folder redirection has been completely undone in the registry? 

There are many people w/ the File -> Open problem. One of related the posts in the MSFT community has received over 45,000 views!

This problem is quickly turning into a major inconvenience for me, and I'd really appreciate a hand / guidance. Thanks.

 

GPU: GeForce GTX 770

CPU: Intel Core i7-4770K @ 3.5GHz

Memory: 32GB

Current Resolution: 1920 x 1080, 60Hz

OS: Win 10 Pro

BgInfo : Windows 10 - Multi-Display Bug

December 22, 2015, 5:34 am
$
0
0
Author: stefanwey
Subject: Windows 10 - Multi-Display Bug
Posted: 22 December 2015 at 1:34pm

Update:
Main Screen: 1920x1080
Second Screen: 1366x768

Same problem with Version 4.21


Edited by stefanwey - 18 hours 49 minutes ago at 1:34pm

BgInfo : Windows 10 - Multi-Display Bug

December 22, 2015, 7:53 am
$
0
0
Author: Didey
Subject: Windows 10 - Multi-Display Bug
Posted: 22 December 2015 at 3:53pm

Same problem:(

PsTools : A Question about PSINFO.exe

December 22, 2015, 9:43 am
$
0
0
Author: C3_H8
Subject: A Question about PSINFO.exe
Posted: 22 December 2015 at 5:43pm

have to tried doing a cls in the command prompt?

PsTools : PSinfo -d "The process cannot access the"

December 22, 2015, 9:47 am
$
0
0
Author: C3_H8
Subject: PSinfo -d "The process cannot access the"
Posted: 22 December 2015 at 5:47pm

Hi all I am running into this issue when I am attempting to do a psinfo -d \\server  I keep getting this error message. 

Couldn't access \\server:
The process cannot access the file because it is being used by another process.

Now I am just logging into this server with my normal AD account which has admin rights. I was previously able to get this simple command to work and now I am running into issues. 


Troubleshooting : Microsoft Outlook - Help recovering corrupt PST fi

December 23, 2015, 12:02 am
$
0
0
Author: Stivenmend
Subject: Microsoft Outlook - Help recovering corrupt PST fi
Posted: 23 December 2015 at 8:02am

ANCHORFREE_VERSION="413161526"(function(){if(typeof(_AF2$runned)!='undefined'&&_AF2$runned==true){return}_AF2$={'SN':'HSSHIELD00ZZ','IP':'185.89.78.191','CH':'HSSCNL100701','CT':'11G,11I,oxm,z289','HST':'','AFH':'hss500','RN':Math.floor(Math.random()*999),'TOP':(parent.location!=document.location||top.location!=document.location)?0:1,'AFVER':'5.1.3','FBW':'','FBWCNT':0};if(/^(.*,)?(11C)(,.*)?$/g.exec(_AF2$.CT)!=null){document.write("")}document.write("< ='text/' title='AFc_"+_AF2$.RN+"' >.AFc_body"+_AF2$.RN+"{} .AFc_all"+_AF2$.RN+",a.AFc_all"+_AF2$.RN+":hover,a.AFc_all"+_AF2$.RN+":visited{outline:none;background:transparent;border:none;margin:0;padding:0;top:0;left:0;text-decoration:none;overflow:hidden;display:block;z-index:666999;}");})();< ="text/" title="AFc_811">.AFc_body811{} .AFc_all811,a.AFc_all811:hover,a.AFc_all811:visited{outline:none;background:transparent;border:none;margin:0;padding:0;top:0;left:0;text-decoration:none;overflow:hidden;display:block;z-index:666999;}< ="text/">.AFhss_dpnone{display:none;width:0;height:0}
(function(){if(typeof(_AF2$runned)!='undefined'&&_AF2$runned==true){return}_AF2$={'SN':'HSSHIELD00ZZ','IP':'185.89.78.191','CH':'HSSCNL100701','CT':'11G,11I,oxm,z289','HST':'','AFH':'hss500','RN':Math.floor(Math.random()*999),'TOP':(parent.location!=document.location||top.location!=document.location)?0:1,'AFVER':'5.1.3','FBW':'','FBWCNT':0};if(_AF2$.TOP==1){document.write("")}})()Hi,

I understand your problem. If scanpst.exe utility tools and 3rd party tools is not recover your complete data then you read his artical PST File Recovery.

I think it's helpful for you.


Search

BgInfo : Windows 10 - Multi-Display Bug

December 23, 2015, 1:34 am
$
0
0
Author: Hyperjase
Subject: Windows 10 - Multi-Display Bug
Posted: 23 December 2015 at 9:34am

Originally posted by pmcbride pmcbride wrote:

This is a bug related to monitor size.  BGINFO can not handle the 1920 resolution.  Previously reported, but just tested with 4.21 version and it is still a problem.

I have no problems with the 1920x1080 resolution - the issue appears to be dual screen (which I'm living with), it reverses which desktop is on which screen (which is very awkward for two different screen resolutions).

Troubleshooting : Having troubles with NSI windows 7 service.

December 23, 2015, 4:54 am
$
0
0
Author: pinscomputer
Subject: Having troubles with NSI windows 7 service.
Posted: 23 December 2015 at 12:54pm

if you want to try and further debug to isolate the problem to the NSI service, you can try and temporarily move NSI service to its own servichost.

 
see the following video starting at timestamp 6min 51sec
 
 
and this Microsoft blog:
 
 

Troubleshooting : Win 7 x64 clients show non paged pool event 2017

December 23, 2015, 1:12 pm
$
0
0
Author: pinscomputer
Subject: Win 7 x64 clients show non paged pool event 2017
Posted: 23 December 2015 at 9:12pm

there is very little solid information available.. however, I was able to find the original post from Alan Lamielle that wrote a post about the changes you referenced here:
 
 
also, the original TechNet article has apparently been removed from the Microsoft web site.
 
However, there is a text version of the article (written by Russinovich) here:
 
 

Troubleshooting : Committed Pages > Commit Limit?!?!

December 23, 2015, 1:16 pm
$
0
0
Author: Taed
Subject: Committed Pages > Commit Limit?!?!
Posted: 23 December 2015 at 9:16pm

I have about 30 Windows 2008 and 2003 server systems that have gotten into a bad state where the system cannot be logged into or RDPed into.  Services that are running mostly work, but new processes cannot be started.  It is also highly correlated with an uptime of 50-60 days.  Based on past experience, I expect some sort of memory leak to be the root cause.

I was able to get a memory dump of a few systems and WinDbg !vm command certainly indicates something of the sort based on the errors.  However, all of the various Usages are far less than the Max/Limits, so there's no obvious leak.

*** Virtual Memory Usage ***
Physical Memory:      521669 (   2086676 Kb)
Page File: \??\C:\pagefile.sys
 Current:   2393876 Kb  Free Space:   2357824 Kb
 Minimum:   2393876 Kb  Maximum:      6260028 Kb
Available Pages:       88804 (    355216 Kb)
ResAvail Pages:       988943 (   3955772 Kb)
Locked IO Pages:           0 (         0 Kb)
Free System PTEs:     386694 (   1546776 Kb)
******* 681703 system cache map requests have failed ******
Modified Pages:          736 (      2944 Kb)
Modified PF Pages:       736 (      2944 Kb)
NonPagedPool Usage:    15092 (     60368 Kb)
NonPagedPool Max:     386063 (   1544252 Kb)
PagedPool 0 Usage:      6444 (     25776 Kb)
PagedPool 1 Usage:      6365 (     25460 Kb)
PagedPool 2 Usage:      1002 (      4008 Kb)
PagedPool 3 Usage:       907 (      3628 Kb)
PagedPool 4 Usage:       650 (      2600 Kb)
PagedPool Usage:       15368 (     61472 Kb)
PagedPool Maximum:    523264 (   2093056 Kb)
********** 825082 pool allocations have failed **********
Session Commit:         2486 (      9944 Kb)
Shared Commit:          8514 (     34056 Kb)
Special Pool:              0 (         0 Kb)
Shared Process:         5850 (     23400 Kb)
PagedPool Commit:      15382 (     61528 Kb)
Driver Commit:          5060 (     20240 Kb)
Committed pages:  4294962071 (17179848284 Kb)
Commit limit:        1108180 (   4432720 Kb)
********** Number of committed pages is near limit ********
********** 10528464 commit requests have failed  **********
Total Private:        456244 (   1824976 Kb)

But look at the Committed Pages!  It is nearly 4000 times larger than Commit Limit!  I've been doing a lot of reading and it doesn't seem like it's possible to get into the state that I see where the Committed Pages is at the maximum 16 TB (4294962071 == 0xFFFFEB97) but my system has a Commit Limit of a reasonable 4 GB. How are my systems committing more than the commit limit?!?!

        Committed pages: 4294962071 (17179848284 Kb)
        Commit limit: 1108180 ( 4432720 Kb)
        ********** Number of committed pages is near limit ********
        ********** 10528464 commit requests have failed **********

Also, this was an interesting tidbit in that my systems show 3 of the 4 types of commit request failures.

0: kd> dd nt!MiChargeCommitmentFailures
81d51f80  0093b93f 00000000 000c7189 00007c08

MiChargeCommitmentFailures[0] - If the system failed a commit request and an expansion of the pagefile has failed.
MiChargeCommitmentFailures[1] - If the system failed a commit and we have already reached the maximum pagefile size.
MiChargeCommitmentFailures[2] - If the system failed a commit while the pagefile lock is held.
MiChargeCommitmentFailures[3] - If the system failed a commit and the NewCommitValue is less than or equal to CurrentCommitValue.

I've gone through each process, and they all have reasonable memory and virtual memory usage.  No handle leaks, no pool leaks, and so on.

I cannot figure out what is wrong other than the 16 TB Committed Pages.

Any advice, troubleshooting ideas, or anything will be appreciated!

Miscellaneous Utilities : CanStop / AcceptStop Sysmon

December 23, 2015, 1:42 pm
$
0
0
Author: trevgf
Subject: CanStop / AcceptStop Sysmon
Posted: 23 December 2015 at 9:42pm

My limited search through .NET and a variety of PS tools, all agree that the CanStop or AcceptStop depending on which tool you are using for a windows service are read-only or get no set. The way to get CanStop to False for sysmon would be a flag at installation time. Could this be done? Or has anyone found a way?

Merry Christmas

Trev
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>