This event was logged on a Windows Server 2003 R2 on which McAfee AntiVirus Enterprise 8.0i (patch level 0) was installed. Beside event 2021, we also received events 2019, 2022 and 6004, which were also caused by McAfee.
Workaround: After deactivating the services, the events disappeared.
Resolution: Update McAfee to the latest patch level to resolve this problem.
This problem may occur if the following conditions are true:
1.The cache line size of the CPU is less than 0x80.
2.The IRPStackSize parameter for the Server service is set to a value that ranges from 33 through 38.
3.The load on the Server service increases to a point where the Server service must allocate extra work items.
for a hotfix applicable to Microsoft Windows Server 2003.
According to Microsoft this event may occur if the default system pages of 10, 000 are not enough for the server due to many pages being locked down during transmission. To work around this problem, increase the number of system pages for the server in the registry. See ME145882
for information on how to do that.
for additional information about this event.
As per Microsoft: "This issue may occur if a non-Microsoft program that is installed on your computer uses an outdated kernel-mode filter driver". See ME822219
to fix this problem.
and the link to "EventID 2021 from source NCP Server" for additional information on this event.
Going to Network Properties, under the Services tab, and then opening up the properties for the Server service and setting that to optimize throughput for file sharing instead of minimizing memory used eliminated the problem on our Windows NT 4 Terminal Server.
As per Microsoft: "The entry in the HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\MaxWorkItems value is not large enough to provide efficient server operation. This value determines the maximum number of receive Buffers that a server can allocate. If this limit is reached, server performance may be degraded.".
article "Server Performance Degrades During Work Item Allocation" has been removed from Microsoft's site. See the link below for an alternate article.
As per ME317249
, this behavior occurs because the Server service is unable to keep up with the demand for network work items that are queued by the network layer of the input/output (IO) stream. In simpler terms, the Server service cannot process the requested network I/O items to the hard disk quickly enough to prevent the Server service from running out of resources. Many different issues can cause this problem. When you troubleshoot this issue, investigate all components in the I/O path, from the network adapter to the hard disk drive array.
is not available anymore, ME221790
offers details about the very same issue.