Hello Victor,
I completed some more testing this morning on Version 2.0.8 and 2.1-M1 through 2.1-M3, 32 and 64 bit agents. I was unable to get a dump file from any of the failed results. I have inserted some text containing the current agent config, parser code, and last few statements of log prior to crash, with debug set at level 9. This exact same setup works flawlessly on Version 2.0.8 agents.
Is there any possibility that the server side may cause this issue?
Thanks,
-Dan
I completed some more testing this morning on Version 2.0.8 and 2.1-M1 through 2.1-M3, 32 and 64 bit agents. I was unable to get a dump file from any of the failed results. I have inserted some text containing the current agent config, parser code, and last few statements of log prior to crash, with debug set at level 9. This exact same setup works flawlessly on Version 2.0.8 agents.
Is there any possibility that the server side may cause this issue?
Thanks,
-Dan
Code Select
************** agent config ***********************
#
# NetXMS system agent configuration file
#
#Master Config
MasterServers = x.x.x.x
ConfigIncludeDir = C:\NetXMS\etc\nxagentd.conf.d
LogFile = C:\NetXMS\NetXMS_FileManager\log.txt
FileStore = C:\NetXMS\NetXMS_FileManager
SubAgent = filemgr.nsm
SubAgent = logwatch.nsm
SubAgent = winperf.nsm
DebugLevel = 9
#disable agent actions
EnableActions = yes
CreateCrashDumps = yes
DumpDirectory = C:\
#require authentication
RequireAuthentication = yes
#require encryption
RequireEncryption = yes
#Shared secret for authentication
SharedSecret = xxxxxxxxx
#File Manager Definitions
*filemgr.nsm
[filemgr]
RootFolder = C:\NetXMS\NetXMS_FileManager
#Log File Parser Definitions
*LOGWATCH
Parser = C:\NetXMS\NetXMS_FileManager\SecurityParser.xml
***********************SecurityParser.xml****************************
<parser>
<file>*Security</file>
<rules>
<rule>
<level>16</level>
<match>(.*)</match>
<event params="1">100018</event>
</rule>
</rules>
</parser>
********************Last few statements in log prior to service shutting down***************************
[10-Apr-2017 09:00:50.633] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:50.633] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:50.633] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:50.633] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:53.133] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:53.133] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:53.133] [DEBUG] LogWatch: publisher name is Microsoft-Windows-Security-Auditing
[10-Apr-2017 09:00:53.133] [DEBUG] SendTrap(): event_code=100018, event_name=(null), num_args=6, arg[0]="The computer attempted to validate the credentials for an account.
****NetXMS agent service shutdowns when the above trap message is sent and the message is never recieved by the server. This issue is repeatable on my WinServer 2012
and Win 7 machines on all agent versions 2.1-M1 through M3 on 32 and 64 bit installs. Notably the 64 bit agents will not
successfully send any traps like the above to server without crashing the service, where the 32 bit agents
will sometimes successfully pass the trap to the server and produce an event. The same configuration works flawlessy with a 2.0.8 agent.******