Vista computer periodically refuses connections from non Vista machines

[H2SO4]

So now I am thoroughly confused. All of the services appear to drop all of their memory in favor of a service that is not showing up in Task Manager. My primary question is this: how can a service that is not listed in Task Manager be using up all of the memory on a computer? I have made doubly sure that all processes from all uses are shown, so I know I am not missing one that should be appearing in Task Manager.

Any chance you could zip up that Perfmon log from the failing Vista file copy target and upload it either here or at rapidshare or somewhere? I'd like to take a look at it.

Overall memory utilisation is not a simple sum total of all the working sets of all processes. There are memory structures in kernel-mode, in particular the "pools", which are not necessarily tagged against any process. Having said that, since you previously observed a SVCHOST instance to have a very large working set by the onset of the symptom, would have expected at least one of the breakout services which you configured to run in their own SVCHOST instance (process) to show equivalent growth - and from what I understand of your latest post that was not the case - the abnormally high utilisation by a SVCHOST instance disappeared once the services were all spilt up?

What backup app are you using on the Win2K3 box? Sorry, it's been a while so I'm starting to forget whether we've already covered this ground, but it would be good if you could confirm whether:

a) Using NTBACKUP on the win2k3 end causes the same symptom on Vista. (I'm still looking for the reason why your Win2K3 server does not attempt to set up an SMB session via TCP445.)

b) Copying insanely large amounts of data (>40GB) to the Vista machine causes the same symptom, as opposed to using a backup utility to do it.

 

[professornayr]

What backup app are you using on the Win2K3 box?

The backup app is just the standard W2K3 backup app that comes with the OS, which is the NT backup utility as far as I am aware.

I may have accidentally misled you with the previous wireshark logs related to the connection from W2K3 to Vista. Those logs reflected my attempts to access the computer via Windows Explorer, and they were not a direct reflection of attempting to run the backup utility. I just ran wireshark with the backup utility, and I will attach the results to this response, as well as the original failed attempt via Windows Explorer. I should mention that I think the actual information we need from the log file associated with the backup utility does not start until line 16 (possibly a few lines earlier) of the log file associated with the backup utility.

Also, I just copied over a fairly sizable file, and it showed no similarities to the issue that pops up during the backup process. However, I think I mentioned this before, but the RAM does not start to get used until after the file has been copied and created during the backup process. It is during the process where the backup program verifies that the file has been correctly created that the RAM spike takes place.

I thought it might be interesting to see what is happening during that process via wireshark. The attached 'Backup.zip' file contains the portion of the log where the backup process switched from writing the backup to verifying (reading) the file to ensure it was correct. If anyone has any idea what might actually be happening when this process switches from writing to reading, it might help understand what could be causing the jump in the RAM that is used.

Thanks again for your help!

 

[professornayr]

What backup app are you using on the Win2K3 box?

The backup app is just the standard W2K3 backup app that comes with the OS, which is the NT backup utility as far as I am aware.

I may have accidentally misled you with the previous wireshark logs related to the connection from W2K3 to Vista. Those logs reflected my attempts to access the computer via Windows Explorer, and they were not a direct reflection of attempting to run the backup utility. I just ran wireshark with the backup utility, and I will attach the results to this response, as well as the original failed attempt via Windows Explorer. I should mention that I think the actual information we need from the log file associated with the backup utility does not start until line 16 (possibly a few lines earlier) of the log file associated with the backup utility.

Also, I just copied over a fairly sizable file, and it showed no similarities to the issue that pops up during the backup process. However, I think I mentioned this before, but the RAM does not start to get used until after the file has been copied and created during the backup process. It is during the process where the backup program verifies that the file has been correctly created that the RAM spike takes place.

I thought it might be interesting to see what is happening during that process via wireshark. The attached 'Backup.zip' file contains the portion of the log where the backup process switched from writing the backup to verifying (reading) the file to ensure it was correct. If anyone has any idea what might actually be happening when this process switches from writing to reading, it might help understand what could be causing the jump in the RAM that is used.

Thanks again for your help!

I think I forgot to attach a file.

The Wireshark.zip file attached to this post contains two logs:

1) The failed connection from the Win2K3 machine to the Vista computer via Windows Explorer.
2) The failed connection from the Win2K3 machine to the Vista computer via NTBACKUP.

The file attached to the previous post (Backup.zip) contains a portion of the log from the middle of an actual backup process from the Win2K3 computer to the Vista computer. It specifically contains the section where the process changes from backing up the data (writing) to verifying the data (reading).

 

[professornayr]

I am going to go ahead and just close the loop on this thread. First, I sincerely appreciate all of the help I received, specifically from H2SO4. (Thank you!!!) My primary job is not IT (although I am in charge of it), and so I have found an alternate backup path that seems to work more consistently. The issue itself is not solved, but I will summarize it below for future reference.

The Problem: When backing up files from a Win 2K3 server to a Vista machine, the 'Verify Files' process (after the actual backup) manages to use up all of the RAM on the destination (i.e. Vista) machine. Periodically, and quite randomly, this will cause the Vista computer to begin to refuse connections from Win 2K3 and XP machines altogether, although connections from Vista machines still work fine. It can be solved by either restarting the Server service or the computer itself, but, of course, I would prefer not to have to do either. I have had this issue on at least two different Vista computers with significantly different hardware, and I have seen the RAM usage phenomenon in every similar situation I observed.

Thanks again for the help!

Sincerely,
Ryan

 

[professornayr]

Okay, so I thought I was just going to close this issue, but I accidentally discovered something today that may help a little. Or it might not.

I moved the destination for the backup processes to a computer running XP Professional. I decided to watch the memory usage as the server verified that the backup was correct, and there was absolutely no uptick in the RAM usage during the verification process. As mentioned in my previous post, I have observed all of the RAM being used on a Vista machine during this same process, but the XP computer was completely unaffected.

I certainly am not an expert (not that I had to tell any of you that :D), but it appears to me that something happens between Server 2003 and Vista during the verification process of NTBACKUP that is not intended and causes unwanted results. If there is anyone with these two OS available to them who could test this scenario and see if they have a similar result, I would LOVE to know if my experience is unique. Just use the backup utility on Server 2003 to backup to a directory located on a computer running Vista (I am using Vista Business) and watch the RAM usage on the Vista computer in Task Manager while NTBACKUP verifies that the backup has been completed correctly. I believe I had an attachment on an earlier post that showed the results, but you should see a consistent uptick in the RAM usage until all local processes have been reduced their absolute minimum and your computer nearly locks itself up. The backup processes that have caused the most problems have been around 8 GB. (I have several separate backups running at different times, which is what adds up to the 30-40 GB mentioned in earlier posts).

Thank you!!