Windows Agent crash without any exit code
Article ID: 108556
Updated On:
Products
CA Automic Workload Automation - Automation Engine
Issue/Introduction
The Agent crashes randomly. There are no message in the Agent logs to analyse this crash. The only message in the Agent logs is:
Unexpected exception occurred, Agent forces a trace:
20180711/062532.756 - Unexpected exception occurred, Agent forces a trace.
20180711/062532.756 - -------------------------------------------------------------------------------------------------
20180711/062532.756 - PCX Address 0000000000CF79D0
20180711/062532.756 - Current Socket 0000000000D294A0[10.32.47.184 - AE_PRD#CP007]
20180711/062532.756 - oldSockets : 0
20180711/062532.756 - Socket table:
20180711/062532.756 - socket[0] 00000000015DFCC0[ - ]
20180711/062532.756 - socket[1] 0000000000D12B00[ - ]
20180711/062532.756 - socket[7] 0000000000D294A0[10.32.47.184 - AE_PRD#CP007]
20180711/062532.756 - ----------------
20180711/062532.756 - U00009909 TRACE: Input area - 0x0000000000E36650, 00032768
00000000 53525649 4E464F20 30310000 00000000 >SRVINFO 01......<
00000010 E2070700 0B000A00 16000000 00000000 >................<
00000020 E2070700 0B000A00 16000000 A034422F >.............4B/<
00000030 00000000 00000000 5220FE38 00535256 >........R .8.SRV<
00000040 494E464F 20303100 00000000 00E20707 >INFO 01.........<
In the Service Manager logs the following messages are found:
20180711/062532.803 - U00022012 Process '<UC4 Windows-Agent>' (ID '30760') ended.
20180711/062532.803 - U00022042 Process '<UC4 Windows-Agent>' abnormal ended with access violation.
The Agent also produces a dump fil (.mdmp). By analysing this dump, you can find the application which is causing the Agent crash:
In the example, the application Proxifier is the cause of the Agent crash.
Unexpected exception occurred, Agent forces a trace:
20180711/062532.756 - Unexpected exception occurred, Agent forces a trace.
20180711/062532.756 - -------------------------------------------------------------------------------------------------
20180711/062532.756 - PCX Address 0000000000CF79D0
20180711/062532.756 - Current Socket 0000000000D294A0[10.32.47.184 - AE_PRD#CP007]
20180711/062532.756 - oldSockets : 0
20180711/062532.756 - Socket table:
20180711/062532.756 - socket[0] 00000000015DFCC0[ - ]
20180711/062532.756 - socket[1] 0000000000D12B00[ - ]
20180711/062532.756 - socket[7] 0000000000D294A0[10.32.47.184 - AE_PRD#CP007]
20180711/062532.756 - ----------------
20180711/062532.756 - U00009909 TRACE: Input area - 0x0000000000E36650, 00032768
00000000 53525649 4E464F20 30310000 00000000 >SRVINFO 01......<
00000010 E2070700 0B000A00 16000000 00000000 >................<
00000020 E2070700 0B000A00 16000000 A034422F >.............4B/<
00000030 00000000 00000000 5220FE38 00535256 >........R .8.SRV<
00000040 494E464F 20303100 00000000 00E20707 >INFO 01.........<
In the Service Manager logs the following messages are found:
20180711/062532.803 - U00022012 Process '<UC4 Windows-Agent>' (ID '30760') ended.
20180711/062532.803 - U00022042 Process '<UC4 Windows-Agent>' abnormal ended with access violation.
The Agent also produces a dump fil (.mdmp). By analysing this dump, you can find the application which is causing the Agent crash:
# Child-SP RetAddr Call Site
00 00000000`0028ece0 00000000`779579fc ntdll!RtlpAllocateHeap+0x30b
01 00000000`0028eec0 000007fe`feba164e ntdll!RtlAllocateHeap+0x16c
02 00000000`0028efd0 000007fe`fcf72e33 ws2_32!WPUModifyIFSHandle+0xde
03 00000000`0028f030 000007fe`febae594 PrxerDrv+0x2e33
04 00000000`0028f0c0 000007fe`febae4b5 ws2_32!WSAAccept+0xd4
05 00000000`0028f120 00000001`3f1aa9fc ws2_32!accept+0x15
06 00000000`0028f160 00000001`3f1380ff UCXJWX6!csInit+0xcfec
07 00000000`0028f1a0 00000001`3f1aa71e UCXJWX6!csTrace+0x1475f
08 00000000`0028f700 00000001`3f1aa854 UCXJWX6!csInit+0xcd0e
09 00000000`0028f970 00000001`3f1aa8cb UCXJWX6!csInit+0xce44
0a 00000000`0028f9a0 00000001`3f1b530a UCXJWX6!csInit+0xcebb
0b 00000000`0028f9d0 00000001`3f1af0b0 UCXJWX6!csInit+0x178fa
0c 00000000`0028fb40 00000001`3f1b2f48 UCXJWX6!csInit+0x116a0
0d 00000000`0028fb80 00000001`3f1b3000 UCXJWX6!csInit+0x15538
0e 00000000`0028fc50 00000000`773a9bbd UCXJWX6!csInit+0x155f0
0f 00000000`0028fc90 00000000`773a98c2 user32!UserCallWinProcCheckWow+0x1ad
10 00000000`0028fd50 00000001`3f1a7c42 user32!DispatchMessageWorker+0x3b5
11 00000000`0028fdd0 00000001`3f1a788f UCXJWX6!csInit+0xa232
12 00000000`0028fe00 00000001`3f302d33 UCXJWX6!csInit+0x9e7f
13 00000000`0028fe40 00000001`3f2e9f60 UCXJWX6!csInit+0x165323
14 00000000`0028fe80 00000000`778259cd UCXJWX6!csInit+0x14c550
15 00000000`0028ff30 00000000`7798383d kernel32!BaseThreadInitThunk+0xd
16 00000000`0028ff60 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
In the example, the application Proxifier is the cause of the Agent crash.
Environment
CA Automic Workload Automation version 11.2
Windows Agent version 11.2.7+build.955
Windows Agent version 11.2.7+build.955
Cause
The Agent crash is caused by a third application, which is aborting the Agent.
Resolution
If you have symptoms as described above, please fix or uninstall the application which is aborting Agent.
Feedback
Yes
No
Powered by
