Slow system performance or your computer stops responding because of a memory leak in paged pool memory in Windows 2000 SP4 (832762)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows 2000 Advanced Server SP3
  • Microsoft Windows 2000 Advanced Server SP4
  • Microsoft Windows 2000 Professional SP3
  • Microsoft Windows 2000 Professional SP4

SYMPTOMS

After you install Microsoft Windows 2000 Service Pack 4 (SP4), you may experience slow system performance, or your computer may stop responding.

If you have Microsoft Message Queuing installed, the Message Queuing program may stop sending and receiving messages because the program does not have sufficient resources. Events that are associated with Message Queuing that include the error codes 0xc00e0027 and 0xc000009a may be logged in the application event log.

If you turn on pool tagging to investigate a possible memory leak, the pool tagging output indicates that the "Toke" pool tag is using a lot of paged pool memory.

CAUSE

This problem occurs because of a regression that was introduced in Microsoft Windows 2000 SP4. The update that causes this problem involves a change to the "Impersonate a client after authentication" user right.

Note The "Impersonate a client after authentication" user right is also known as the SeImpersonatePrivilege user right. For additional information about the SeImpersonatePrivilege user right, click the following article number to view the article in the Microsoft Knowledge Base:

821546 Overview of the "Impersonate a client after authentication" and the "Create global objects" security settings

After you install Windows 2000 SP4, a memory leak may occur when a program makes a call to the RpcImpersonateClient function and to the RpcRevertToSelf function by using explicit credentials. This memory leak occurs in paged pool memory when the server side downgrades from impersonation to identity if an explicit user context is supplied.

RESOLUTION

Hotfix information

A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Prerequisites

This hotfix requires Windows 2000 Service Pack 3 (SP3) or later.

Restart requirement

You must restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date         Time   Version            Size    File name
   -----------------------------------------------------------
   21-Sep-2003  00:36  5.0.2195.6824      29,712  Mountmgr.sys
   25-Nov-2003  18:27  5.0.2195.6876   1,699,136  Ntkrnlmp.exe     
   25-Nov-2003  18:27  5.0.2195.6876   1,698,432  Ntkrnlpa.exe     
   25-Nov-2003  18:27  5.0.2195.6876   1,719,232  Ntkrpamp.exe     
   25-Nov-2003  18:27  5.0.2195.6876   1,676,736  Ntoskrnl.exe

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section of this article.

MORE INFORMATION

You may experience the problem that is described in the "Symptoms" section if you installed Windows 2000 SP4 or any post-Windows 2000 Service Pack 3 (SP3) hotfixes that included the file Ntoskrnl.exe that is dated 25-Nov-2002 or later. This problem is fixed in the version of Ntoskrnl.exe that is dated 25-Nov-2003 or later. For additional information about how to turn on pool tagging, click the following article number to view the article in the Microsoft Knowledge Base:

177415 How to use Memory Pool Monitor (Poolmon.exe) to troubleshoot kernel mode memory leaks

For additional information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:

816915 New file naming schema for Microsoft Windows software update packages

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Modification Type:MinorLast Reviewed:10/28/2005
Keywords:kbHotfixServer kbQFE kbBug kbfix kbQFE kbWin2000preSP5fix KB832762 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.