Environment
- Carbon Black Cloud Console: All Versions
- Microsoft Windows: All Supported Versions
Objective
How to troubleshoot Memory Leak (Windows)
Resolution
- Identify the Device ID/Name
- Enable UMDH Logging
- Put the sensor in Unprotected Mode.
- Collect User dump
- Download procdump.exe from https://live.sysinternals.com/
- Create a folder “c:\umdhdumps” and copy procdump.exe to the folder.
- Open CMD/DOS Window in Local Admin account and navigate to c:\umdhdumps
- repcli bypass 1 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
- run “procdump -ma RepMgr-PID” to create first user dump file of repmgr.exe in folder c:\umdhdumps.
- repcli bypass 0 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
- Use task manager to monitor the repmgr memory growth and we will collect two more user dumps at two different memory usage levels.
- Example Scenario, repmgr memory usage 80-90% the endpoint experiences performance issue. Soon as we restart the service collect 1st dump to provide us a baseline. Second sample we will capture at 50% of memory usage and the third one at 75% usage following the steps below.
- repcli bypass 1 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
- run “procdump -ma RepMgr-PID” to create first user dump file of repmgr.exe in folder c:\umdhdumps.
- repcli bypass 0 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
- Zip up the 3 sets of user dumps (Start, 50% and 75%) in c:\umdhdumps for postmortem analysis.
- Collect Sensor Logs Locally
- Rollback settings after collecting all 3 dump files
- repcli bypass 0 (Note: use CMD/DOS Window that is in C:\Program Files\Confer).
- Delete registry Key defined in UMDH Logging
- Re-Enable Protected Mode in the additional notes section of Unprotected Mode KB.
- Create a Support Case including the UMDH and Sensor Logs.
Related Content