When upgrading Symantec Encryption Management Server on a machine with more than the supported amount of system memory (16GB) the system behaves erratically and can not be contacted anymore.
Even the physical console might lock up and does not give any response.
The HDD shows high activity.
kernel XXXX invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0
kernel lowmem_reserve: 0 0 0 0
kernel DMA32: empty
When running a 32 bit OS on a system with too much physical memory, it can run out of low memory due to the amount of low memory used to handle the system memory (using PAE).
See also the following article for more background information:
"Some 32-bit processors can now address 64GB of physical memory, but the Linux kernel is still not able to deal effectively with that much; the current limit is around 8GB to 16GB, depending on the load. The problem now is that larger systems simply run out of low memory. As the system gets larger, it requires more kernel data structures to manage, and eventually room for those structures can run out. On a very large system, the system memory map (an array of struct page structures which represents physical memory) alone can occupy half of the available low memory."
Symantec Encryption Management Server is as of now only available as a 32bit installation.
Reduce the amount of system memory to the maximum amount supported (16GB)
If removing the physical memory is not possible please contact Symantec Support.
A Feature Request to support 64-bit has been created. For more information, see INFO2853.
The issue can occur on systems with more than the supported amount of system memory (16GB)