FIX: SQL Performance Counters May Cause Handle Leak in WinLogon Process (249343)

SYMPTOMS

A handle leak may be observed in the Winlogon.exe process if SQL Server is installed on a server and the following conditions are met:

The Win32 function RegConnectRegistry is called with a non-NULL server name matching the name of the local computer.
The requested key being opened is HKEY_PERFORMANCE_DATA.

The leak does not occur if RegConnectRegistry is called with a NULL server name, indicating the local computer, or if the computer name supplied is a remote server.

The Srvinfo.exe utility available in the Windows NT Resource Kit is one program known to meet the above conditions and potentially cause this leak.

CAUSE

When an application opens HKEY_PERFORMANCE_DATA, the registry controller recognizes that you are requesting performance data and loads all of the extensible performance counters and call their initialization function.

During its initialization routine, the SQL Performance Counter DLL opens a registry key that it fails to close. This handle is a pseudo handle and does not show a leak unless an RPC is involved, in which case the handle gets duplicated by WinLogon during the process of handling the RPC call.

RESOLUTION

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next SQL Server service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:

   Version      File name    Platform
   ------------------------------------
   6.50.469     sql469i.exe  x86
   6.50.469     sql469a.exe  Alpha

NOTE: Due to file dependencies, the most recent hotfix or feature that contains the above files may also contain additional files.

WORKAROUND

If the actual SQL Server performance data is not of interest, renaming Sqlctr60.dll and restarting Windows NT stops the leak. This DLL is located in the SQL Server installation directory, normally c:\mssql\binn. You must restart Windows NT after renaming the DLL because the DLL is loaded by WinLogon and is not freed until that process stops.

Alternatively, when requesting performance data on the local server, it is suggested that you use RegOpenKey to open HKEY_PERFORMANCE_DATA, or you supply NULL for the server name in the RegConnectRegistry call. Either of these methods eliminates the need for Windows NT to perform an RPC call for each registry operation and generally results in much faster operation.

Additionally, if performance information is going to be captured on an ongoing basis, open the registry key once and keep it open rather than opening and closing it on each monitoring iteration. The leak occurs during the initialization of the performance DLL.