Select the product you need help with

On a Windows Server 2003-based computer that has the update from security bulletin MS07-062 installed, you may experience a memory leak in DNS

Article ID: 946565 - View products that this article applies to.

SYMPTOMS

On a Windows Server 2003-based computer that has the update from security bulletin MS07-062 or MS08-037 installed, you may experience the following symptoms:

A DNS server consumes increasing amounts of memory over time. In extreme cases, the DNS server may consume about 2.8 gigabytes (GB) of memory on an x86-based domain controller that has 4 GB of RAM installed.
A DNS server consumes more CPU resources than expected. In extreme cases, CPU utilization for the DNS server may reach 100 percent.
DNS stops responding after several days of run time. By restarting the operating system on the DNS server, or by restarting DNS, you enable DNS to function as expected until a certain threshold of leaked memory is reached again.
Computers that have the update from security bulletin MS07-062 installed become unresponsive to logon requests at the console. Or, they become unresponsive to administration from the local console or from a remote console.
Operations that depend on DNS name resolution fail. Such operations include, but are not limited to, logon requests (CTRL+ALT+DEL) from domain members, Active Directory replication, and mail flow.
DNS zones do not load, or they take longer than expected to load. Additionally, zone transfer may fail between primary and secondary DNS servers.
The following DNS event (111) is logged in the event log of DNS servers that have the update from MS07-062 installed:
Event Type: Error
Event Source: DNS Event
Category: None
Event ID: 111
User: N/A
Computer: <computer name>
Description: The DNS server could not create a thread. System may be out of resources. You might close applications not in use, restart the DNS server or reboot your computer. The event data is the error code.
Data: 0000: 08 00 00
Note The "08 00 00" extended error may appear as "000008" in the data section of the event.

Back to the top | Give Feedback

CAUSE

This memory leak issue occurs because DNS cannot release memory that must be allocated for User Datagram Protocol (UDP) packets in some scenarios.

Back to the top | Give Feedback

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

(http://support.microsoft.com/contactus/?ws=support)

Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must be running Windows Server 2003 with Service Pack 1 (SP1) or Windows Server 2003 with Service Pack 2 (SP2).

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.