Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to troubleshoot RepMgr service Memory Leak (Windows)

Carbon Black Cloud: How to troubleshoot RepMgr service Memory Leak (Windows)

Environment

  • Carbon Black Cloud Console: All Versions
  • Microsoft Windows: All Supported Versions

Objective

How to troubleshoot Memory Leak (Windows)

Resolution

  1. Identify the Device ID/Name
  2. Enable UMDH Logging
  3. Put the sensor in Unprotected Mode.
  4. Collect User dump
    1. Download procdump.exe from https://live.sysinternals.com/
    2. Create a folder “c:\umdhdumps” and copy procdump.exe to the folder.
    3. Open CMD/DOS Window in Local Admin account and navigate to c:\umdhdumps
    4. repcli bypass 1 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
    5. run “procdump -ma RepMgr-PID” to create first user dump file of repmgr.exe in folder c:\umdhdumps.
    6. repcli bypass 0 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
    7. Use task manager to monitor the repmgr memory growth and we will collect two more user dumps at two different memory usage levels. 
    8. Example Scenario, repmgr memory usage 80-90% the endpoint experiences performance issue. Soon as we restart the service collect 1st dump to provide us a baseline. Second sample we will capture at 50% of memory usage and the third one at 75% usage following the steps below.
      1. repcli bypass 1 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
      2. run “procdump -ma RepMgr-PID” to create first user dump file of repmgr.exe in folder c:\umdhdumps.
      3. repcli bypass 0 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
    9. Zip up the 3 sets of user dumps (Start, 50% and 75%) in c:\umdhdumps for postmortem analysis.
  5. Collect Sensor Logs Locally 
  6. Rollback settings after collecting all 3 dump files
    1. repcli bypass 0 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
    2. Delete registry Key defined in UMDH Logging
    3. Re-Enable Protected Mode in the additional notes section of Unprotected Mode KB.
  7. Create a Support Case including the UMDH and Sensor Logs. 

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-15-2024
Views:
402
Contributors