We have a memory leak plaguing many of our 2008R1SP2 file servers. The "File" non paged memory tag in poolmon.exe will leak until shared folders are no longer available, and then RDP goes down with it (and we have to reboot via console). Sometimes this leak is >1.5G/day.
If something needs to be removed, I need to have a pretty good hunch and a huge CM needs to be approved. The only change since this started happening was the addition of McAfee Agent 5.0.2.132, however AV with McAfee has not been running in any way (it's in preparation for a migration not yet implemented). I realize that the MFEm tag in the poolmon screen is McAfee, but it is not high in the list in most of the leaking servers.
Also, tags traced back to the NIC driver (either iANS or BCM8) are usually featured in the top 5-6 in the non paged bytes sort. We have not yet tried isolating from the network, but maybe this is a good idea.
The next logical step I understand is to run xperf / Windows Performance Toolkit, but this appears to require .NET 4.5, which we cannot install for a number of reasons.
1) Does anyone know of anywhere to download an older version of xperf that is standalone, compatible with 2008R1SP1 (even CLI only)?
2) Assuming #1 is unavailable (or at best a lousy idea), is there any other utility that can track and trace pool tags in a similar way?
3) Do you have any suggestions to point me in the right direction?
Best Answer
It's maybe not a direct answer, but as I seen your "metafile" really high there is a private fix for that.
You experience performance issues in applications and services when the system file cache consumes most of the physical RAM - https://support.microsoft.com/en-us/kb/976618
Explained there: http://blogs.technet.com/b/mspfe/archive/2012/12/06/lots-of-ram-but-no-available-memory.aspx