Customer upgraded PIM from r12.8 (r12.80.1432) to r12.8 SP1 CR1. But after upgrade, system is reboot unexpected sometimes. It occurred 2 server in his environment.
OS: Windows 2012 R2 Prod: CA Privileged Identity Manager r12.8 SP1 CR1 for Endpoint
crashed driver is afd.sys and MS support claimed it is caused by update network data to NULL. But SE cannot find any involved PIM function at stack or so in crash dump.
When customer set DisableNetworkInterception = 1 and monitoring problem, the problem seems to be solved. We suggest this setting is provided as workaround the problem.
Microsoft support said about the crash dump as following:
In this dump, RouterNT.exe process is working with incoming data in socket. And then, afd.sys which is kernel driver for socket function was free buffer which was using at incoming communication. But a part of data is NULL. so, it went crash.
Stored pool area seems to be correct. And it is correct around the area. So, I doubt it is not memory corruption or override but some application is stored NULL as completed information.