爱就爱了

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
查看: 2675|回复: 0

Troubleshooting "Connections_refused" errors seen HTTPerr logs

[复制链接]
发表于 2016-3-21 13:44:39 | 显示全部楼层 |阅读模式
Troubleshooting "Connections_refused" errors seen HTTPerr logs
★★★★★
★★★★
★★★
★★






February 29, 2012By amehrot1

According to KB820729, Connections_Refused means that the “Kernel Non Paged Pool memory has dropped below 20MB and HTTP.SYS has stopped receiving new connections”.
Connections_Refused
The kernel NonPagedPool memory has dropped below 20MB and http.sys has stopped receiving new connections
HTTP.SYS is basically telling us “someone is using up a lot of NPP memory, and for protective reasons, I am going to stop accepting requests”. We need to figure out what driver is using up all the NPP memory and address it, and the Connections_Refused should naturally go away because NPP memory will not be under pressure.
Here’s a table summarizing the nonpaged pool limits across different version of Windows:

32-bit
64-bit
XP, Server 2003
up to 1.2GB RAM: 32-256 MB
min( ~400K/MB of RAM, 128GB)
> 1.2GB RAM: 256MB
Vista, Server 2008,
min( ~75% of RAM, 2GB)
min(~75% of RAM, 128GB)
Windows 7, Server 2008 R2

Tracking Pool Leaks
Poolmon is the tool that helps us in troubleshoot kernel NPP issues.
C:\windows\system32>poolmon.exe -b
We see that top most entry in the list is consuming most of the memory. Tag for the driver is “Leak”. After identifying the guilty tag in the left column, in this case ‘Leak’, the next
step is finding the driver that’s using it. Since the tags are stored in the driver image, you can do that by scanning driver images for the tag in question.
The Strings utility from Sysinternals dumps printable strings in the files you specify and since most device driver images are in the %Systemroot%\System32\Drivers directory, you can open a command prompt, change to that directory and execute “strings * | findstr <tag>”.
C:\windows\system32\drivers>strings * | findstr Leak
After you’ve found a match, you can dump the driver’s version information with the Sysinternals Sigcheck utility.
C:\windows\system32\drivers>sigcheck myfault.sys

Note: The driver causing the issue here was a tool written to reproduce the leak scenario and we have rightly identified that. In real life scenarios, we will find the actual driver causing the NPP leak.

References:
Most of the information in this post is derived and compiled from “Pushing the Limits of Windows: Paged and Nonpaged Pool” by Mark Russinovich
and “HOWTOiagnose IIS6 failing to accept connections due to Connections_Refused” by David Wang
How to find pool tags that are used by third-party drivers
Error logging in HTTP API

Downloads:
“Poolmon” shipped along with Windows Support tools
“Strings” utility from sysinternals
“Sigcheck” utility from sysinternals


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|手机版|Archiver|平龙认个人分站 - 爱就爱了 ( 豫ICP备14029057号-2、4、5 )
豫公网安备 41010502002156号

GMT+8, 2024-12-4 01:37 , Processed in 0.048614 second(s), 20 queries , Gzip On.

Powered by Discuz! X3.4

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表