3

I have 3 Windows 2008 R2 SP1 Servers (VM) and each one has svchost process that is taking up more than 1.2 GB of RAM. I understand that this is running RemoteRegistry Windows Service that could also be used for Performance Counters. I found this KB article that describes similar issues but only pertains to 2003 Server. I did check with server team and they are not running any Performance Counters.

Today an application (Informatica PowerCenter 9.0.1) running on this server died twice and we finally restarted the entire server that been running for about 2 months. After restart svchost.exe -regsvc went down to about 5MB. In addition to that right before application crash I found the following events in Application log wmi performance adapter service entered the stopped state not sure if this is related to Remote Registry service and somehow related to application crashing.

In next few month we are moving to Windows Server 2012 so I'm just trying to keep it running with minimal downtime until then.

Update: Screenshot below from Task Manager and from Process Explorer. Also a dialog box from Process Explorer showing the service. This is just from one of the three servers.

As you can see from the screenshot PID 1728 patches to ID in Process Explorer and inside Properties Window.

enter image description here

Edit:

These servers run Informatica 9.0.1 Power Center Server it is ETL tool build on Java (not a good start). Each machine runs 1 Windows Service that makes the whole application run. We have restarted windows service responsible for application multiple times including scheduled monthly maintenance, when service is shutdown and later brought back up few hours later. Since restart of OS RemoteRegistry service started at 3MB and so far grew to 10MB in 5hrs, 20MB in 12hrs. I will keep an eye to see when it starts growing out of proportion.

Also I found this KB Remote Registry service leaks memory when it handles customized v2 performance counter queries in Windows 7 or in Windows Server 2008 R2 http://support.microsoft.com/kb/2563399 and server OS is listed on list of effected OS. Not sure if it is related but I will check again to verify that no perfmon counters are being read. It could also be one of many monitoring applications that could be causing this.

Vladimir Oselsky
  • 191
  • 2
  • 7
  • Did you confirm that the svchost process is indeed for RemoteRegistry? There are many svchost processes. See this post for example: http://serverfault.com/questions/580364/nsi-service-on-win2008r2-using-huge-amount-of-ram-over-time – ETL Jan 05 '15 at 23:44
  • How did you determine that it was using over 1.2 GB of RAM? (Please be as specific as possible. What tool did you use? What exactly did it report?) – David Schwartz Jan 06 '15 at 00:56
  • 1
    The first thing to do would be to determine whether that RAM usage is abnormal. Saying that it's using 1.2GB of RAM without knowing whether or not that's abnormal is a bit like tilting at windmills. The second thing to do would be to determine whether that RAM usage is the cause of the application crashes. Correlation isn't causation. – joeqwerty Jan 06 '15 at 01:28
  • To add to what @joeqwerty notes, I've often seen this where app crashes and runaway svchost RAM usage are both distinct symptoms of the same underlying cause - memory leaks in a service or application. What are these servers doing? (What's running on them?) If the root cause is a simple memory leak, restarting the application or service (not the whole server) should relieve the issues (until the leaks build up again, and then you restart the service/app again, and so on...). – HopelessN00b Jan 06 '15 at 01:47
  • The leak isn't extreme so a daily scheduled task to stop and start the service would likely do the trick. – Brian Jan 06 '15 at 13:21

0 Answers0