C
Charles Lavin
Hi --
I've been trying to get to the bottom of a problem with a Windows XP Pro
machine that repeatedly runs out of resources, seemingly without rhyme or
reason. I was able to track the problem to a spoolsv.exe process that
continually increases its handle count until the machine becomes inoperable.
The PCs in the office are all part of an SBS 2003 domain.
Using Process Explorer, I was able to zero in on the problematic handles:
Type: Token
Name: NT AUTHORITY/SYSTEM
Handle: <varies>
Access: 0x00000008
Object Address: 0xE96E9408
I can find hundreds if not thousands of these stacked in there, depending on
how long the spooler service has been running. If I restart the spooler
service, all these handles are cleared out -- and slowly start to build up
again.
I just confirmed that there are several Windows XP PCs that are having
virtually identical problems with spoolsv.exe. But apparently this one PC
I've been zeroing in on suffers the most with this because it's the most
heavily used PC in the office.
But now I also confirmed that this problem is happening on the SBS 2003
(SP2) box. I checked Task Manager and found spoolsv.exe hogging 50,549
handles. When I ran Process Explorer on the server, I found 50,312 identical
handles:
Type: Token
Name: NT AUTHORITY/SYSTEM:3e7
Handle: <varies>
Access: 0x00000008
Object Address: 0xE1F6ABD8
When I restarted the print spooler on the SBS box (by which time the handle
count had increased to 51,106), the handle count dropped to the mid-100s ...
but started creeping upwards almost immediately. The handle count on the
server increments at a faster clip than on the PCs.
It's now obvious that this is not just a PC problem. Whatever this is is
affecting the entire network. And it seems to have something to do with
authentication...?
How do I get to the bottom of this?
Thanks,
CL
I've been trying to get to the bottom of a problem with a Windows XP Pro
machine that repeatedly runs out of resources, seemingly without rhyme or
reason. I was able to track the problem to a spoolsv.exe process that
continually increases its handle count until the machine becomes inoperable.
The PCs in the office are all part of an SBS 2003 domain.
Using Process Explorer, I was able to zero in on the problematic handles:
Type: Token
Name: NT AUTHORITY/SYSTEM
Handle: <varies>
Access: 0x00000008
Object Address: 0xE96E9408
I can find hundreds if not thousands of these stacked in there, depending on
how long the spooler service has been running. If I restart the spooler
service, all these handles are cleared out -- and slowly start to build up
again.
I just confirmed that there are several Windows XP PCs that are having
virtually identical problems with spoolsv.exe. But apparently this one PC
I've been zeroing in on suffers the most with this because it's the most
heavily used PC in the office.
But now I also confirmed that this problem is happening on the SBS 2003
(SP2) box. I checked Task Manager and found spoolsv.exe hogging 50,549
handles. When I ran Process Explorer on the server, I found 50,312 identical
handles:
Type: Token
Name: NT AUTHORITY/SYSTEM:3e7
Handle: <varies>
Access: 0x00000008
Object Address: 0xE1F6ABD8
When I restarted the print spooler on the SBS box (by which time the handle
count had increased to 51,106), the handle count dropped to the mid-100s ...
but started creeping upwards almost immediately. The handle count on the
server increments at a faster clip than on the PCs.
It's now obvious that this is not just a PC problem. Whatever this is is
affecting the entire network. And it seems to have something to do with
authentication...?
How do I get to the bottom of this?
Thanks,
CL