search cancel

PIM(EP) r12.8 SP1 CR1: Unexpected reboot after version up from r12.8 GA to r12.8 SP1 CR1.


Article ID: 113300


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


Customer upgraded PIM from r12.8 (r12.80.1432) to r12.8 SP1 CR1. But after upgrade, system is reboot unexpected sometimes. It occurred 2 server in his environment.


OS: Windows 2012 R2
Prod: CA Privileged Identity Manager r12.8 SP1 CR1 for Endpoint


crashed driver is afd.sys and MS support claimed it is caused by update network data to NULL.
But SE cannot find any involved PIM function at stack or so in crash dump.

When customer set DisableNetworkInterception = 1 and monitoring problem,
the problem seems to be solved.
We suggest this setting is provided as workaround the problem.

Additional Information

Microsoft support said about the crash dump as following:

In this dump, RouterNT.exe process is working with incoming data in socket.
And then, afd.sys which is kernel driver for socket function was free buffer
 which was using at incoming communication.
But a part of data is NULL. so, it went crash.

Stored pool area seems to be correct.
And it is correct around the area.
So, I doubt it is not memory corruption or override but some application is 
stored NULL as completed information.