Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2020 Source: Srv

The server was unable to allocate from the system paged pool because the pool was empty.
According to Microsoft: "This behavior can occur when the print jobs sent to the central print share are not properly redirected to the shared printers connected to the client computers. This can result in a Memory Leak in MsvC on the server, which eventually causes the server to crash". Read McAfee Solution ID: nai23653 and ME286060 below for more details. Go to the McAfee Knowledge Search page and search for the above solution to read it.

In certain conditions, this may be caused by Symantec's Norton AntiVirus Corporate Edition software (see ME272568).
If you have lots of PST files on your file server, have a look at EV100263 (Network Stored PST files). It's an eye opener.
There ares several reason why this issue can happen, but in combination with event id 333 I suggest the modification of boot.ini file (see below):

use /USERVA=2800 and /BASEVIDEO

This helped in my case.
In our case, the problem was Network Stored PST files on the server. The link to "Network Stored PST files" was very helpful and article ME297019 solved our problem.
See ME891004 and ME940307 for two hotfixes applicable to Microsoft Windows Server 2003.
See ME815493 and ME906952 for two hotfixes applicable to Microsoft Windows 2000 Advanced Server.
See ME912480 and ME927338 for two hotfixes applicable to Microsoft Exchange Server 2003.
See ME943052 for a hotfix applicable to Microsoft BizTalk Server 2004.

If you installed Symantec AntiVirus Corporate Edition 8 or Norton AntiVirus Corporate Edition 7.x on your Windows NT-based client, scheduled a scan and the scan does not run, then see the link to "Symantec Knowledge Base Document ID: 2000050108464148".

See ME912376, ME923360, ME933998, "Dell Support Document Number: TT1061426", WITP74726, WITP76353 and WITP81538 for additional information about this event.

This issue is commonly misdiagnosed, however, 90% of the time it is actually quite possible to determine the resolution quickly without any serious effort at all. See the link to "Understanding Pool Consumption and Event ID: 2020 or 2019" for more information.
See ME886670 for a hotfix applicable to Microsoft Windows Server 2003.
See ME897063 for a hotfix applicable to Microsoft BizTalk Server 2002.

As per Microsoft: "This problem may occur if Cache Manager-owned files become abandoned on the Modified-No-Write list". See ME832791 for a hotfix applicable to Microsoft Windows 2000.

As per Microsoft: "Several factors may deplete the supply of paged pool memory". See ME312362 for more detailed information.

As per Microsoft: "This behavior can occur when you have files that have a large number of extended attributes(An example of a extended attribute is the list of items under the summary tab of a file properties box). The NTFS file system does not assign the extended attribute streams a paging I/O resource and does not mark them as modified-no-write". See ME304093 to fix this problem.

As per Microsoft: "This problem may occur if you have installed WQuinn's QuotaAdvisor 4.1, build 452 or earlier on your computer". See ME830067 for more details.

If this memory leak occurs after you install Microsoft Windows 2000 Server Service Pack 4 and you have Microsoft Operations Manager (MOM) installed, see ME825237 and ME835517 for a hotfix.

If you are running Norton AntiVirus and SymEvent driver version 11.0:0.13 from Symantec on your Microsoft Windows 2000 Server-based computer, the see ME842716 to fix this problem.

If you are running Sophos Anti-Virus and VERITAS Backup Exec, then read Sophos Support Article ID: 3245 for information on this issue.

If this event appears when a user attempts a connection to a Citrix Presentation Server, then read "Citrix Support Document ID: CTX108553" for details on this issue.

If you do not know witch process or driver causes the leak and want to find out you can use the "pstat.exe" tool. See the link below to download it. You might also want to look at ME268343. It shows you how to use "umdh.exe" to find memory leaks.

See ME304101, ME830265, and the link to "EventID 2020 from source NCP Server" for additional information.
We found that a possible cause for this problem, which eventually ended up with one of our main Terminal Servers crashing was due to falsely detected problems with the registry size causing the system to think that it did not have enough resources to update the users roaming profiles.
It appeared that somehow the PagedPoolSize registry setting had been set to 192 MB, the maximum that it could be according to Microsoft. Setting it back to zero allows the system to decide how much it needs by itself.
Read Veritas Support Document ID: 259150 and Veritas Support Document ID: 277891 for information on this problem.
This error messaged appeared when a print job being spooled to the “C:” drive exceeded the capacity of the partition. Freeing up disk space on the drive, or moving the location of the print spooler will fix the problem. See ME314105 for information on how to move the print spooler folder.
This problem also occurred on a Windows 2003 Server when I had Promise RAID Tools prior to version installed.
According to a newsgroup post: “A memory leak in Win2k SP4 (and MOM) has been identified and a fix is being developed. In the meantime, the workaround is to remove SP4 from the MOM DCAM server (revert back to SP3)”. This memory leak results in numerous events 2020 and 2000, only reboot temporary solve this problem.
This also can happen if your max page file size is set bigger then the amount of free space on the hard drive, and the server tries to expand the page file and then it will run out of disk space.
This issue may occur if a non-Microsoft program that is installed on your computer uses an outdated kernel-mode filter driver. See ME822219 for more details. Also Check ME823747 for a hotfix that helped me to fix this problem.

In addition, see articles ME161870, ME196745 and ME298511.
The problem was also caused by a Memory Leak in the Dell server management tools.
The device reported an error on a request to write data to media: Error Reported: Unknown Error. Our ntbackup.exe would crash at random intervals and display the errors. This error was caused when the system ran out of memory and swap memory while doing the backup. We rebooted box and everything was OK.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.