Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

FIX: The memory allocation and processor usage for the Ocspsvc.exe process keeps increasing if a large CRL is loaded


View products that this article applies to.

Symptoms

Consider the following scenario:
  • On a server that is running Windows Server 2008 R2, the Online Certificate Status Protocol (OCSP) responder is enabled.

    Note To enable the OCSP responder, you must add the Active Directory Certificate Services role to the server.
  • A large certificate revocation lists (CRL) is loaded. For example, assume the CRL is 20 megabytes (MB).
In this scenario, the Online Responder Service (Ocspsvc.exe) keeps increasing its memory consumption and its processor usage. Additionally, the performance for the Online Responder Service decreases, and some configuration data is randomly lost.

↑ Back to the top


Cause

This issue occurs because of a memory leak in the Online Responder Service (Ocspsvc.exe).

↑ Back to the top


Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, your computer must be running Windows Server 2008 R2. Additionally, the computer must have the Online Responder role service installed.

Restart information

You do not have to restart the computer after you apply this hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For all supported x64-based versions of Windows Server 2008 R2
File nameFile versionFile sizeDateTimePlatformService branch
Certadm.dll6.1.7600.20593419,32810-Dec-200909:22x64Not Applicable
Ocsp.mscNot Applicable92,55410-Jun-200921:04Not ApplicableAMD64_MICROSOFT-WINDOWS-C..OCSP
Ocspadminnative.dll5.2.3790.1289249,85610-Dec-200909:26x64AMD64_MICROSOFT-WINDOWS-C..OCSP
Ocsprevp.dll6.1.7600.20593183,80810-Dec-200909:26x64AMD64_MICROSOFT-WINDOWS-C..RVICES-OCSP
Additional files for x64-based versions of Windows Server 2008 R2
File nameAmd64_2cfd20145161529d600ff2a8ff726c99_31bf3856ad364e35_6.1.7600.20593_none_47d9a91fb9633386.manifest
File versionNot Applicable
File size721
Date (UTC)11-Dec-2009
Time (UTC)19:13
PlatformNot Applicable
---
File nameAmd64_33f6f9709a234d6cc4e097821a2fefeb_31bf3856ad364e35_6.1.7600.20593_none_34dd1ed7ccde3374.manifest
File versionNot Applicable
File size731
Date (UTC)11-Dec-2009
Time (UTC)19:13
PlatformNot Applicable
---
File nameAmd64_940977c4fc2da1ba1789d785a74d2ba2_31bf3856ad364e35_6.1.7600.20593_none_4df6119f29bddfaf.manifest
File versionNot Applicable
File size724
Date (UTC)11-Dec-2009
Time (UTC)19:13
PlatformNot Applicable
---
File nameAmd64_microsoft-windows-c..ervices-certadm-dll_31bf3856ad364e35_6.1.7600.20593_none_484ab3fdf5849636.manifest
File versionNot Applicable
File size63,632
Date (UTC)10-Dec-2009
Time (UTC)09:56
PlatformNot Applicable
---
File nameAmd64_microsoft-windows-c..ocspadminnative-dll_31bf3856ad364e35_6.1.7600.20593_none_6852e2983e797307.manifest
File versionNot Applicable
File size13,004
Date (UTC)10-Dec-2009
Time (UTC)09:56
PlatformNot Applicable
---
File nameAmd64_microsoft-windows-c..rvices-ocsprevp-dll_31bf3856ad364e35_6.1.7600.20593_none_0492bda440397eba.manifest
File versionNot Applicable
File size11,240
Date (UTC)10-Dec-2009
Time (UTC)10:01
PlatformNot Applicable
---
File nameUpdate.mum
File versionNot Applicable
File size2,309
Date (UTC)11-Dec-2009
Time (UTC)19:13
PlatformNot Applicable

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More information

The Microsoft Online Responder Service enables you to configure and to manage OCSP checks of validation and of revocation in a Windows-based network. To support public key infrastructure (PKI) clients in a diverse environment, the Online Responder snap-in enables you to configure and to manage the revocation configurations and the Online Responder Arrays.

↑ Back to the top


Keywords: kbsurveynew, kbexpertiseinter, kbbug, kbfix, kbautohotfix, KB978265, kbbug, kbsurveynew, kbexpertiseinter, kbqfe, kbfix, kbautohotfix, kbqfe, KB978265

↑ Back to the top

Article Info
Article ID : 978265
Revision : 3
Created on : 10/7/2011
Published on : 10/7/2011
Exists online : False
Views : 1200