Error: cdm and processes probe deactivated or failing to start on new Windows robot install
search cancel

Error: cdm and processes probe deactivated or failing to start on new Windows robot install

book

Article ID: 128581

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

On newly onboarded Windows servers, the cdm probe remains in a deactivated state or fails to start with 'Max. restarts reached' after deployment. This issue often occurs on robots upgraded to version 23.4.x or environments utilizing endpoint security software.

Environment

  • DX Unified Infrastructure Management (UIM) 20.4 / 24.3
  • robot_update 23.4.0 through 23.4.5
  • Windows Server 2016/2019/2022

Cause

  • Security Blocking: Security software may block cdm.exe from calling NtReadVirtualMemory to read system performance data (e.g., from lsass.exe).

Resolution

Observed Errors When this issue occurs, you may notice the following symptoms in your logs:

  • Processes Probe Logs: Show errors such as "Unable to open process [PID]" or "Unable to read Instance from file".
    Mar 4 14:44:55:026 processes: Unable to open process 624 
    Mar 4 14:44:55:026 processes: Finding information about process no 8 pid=640... 
    Mar 4 14:45:10:760 processes: Unable to read Instance from file

  • Controller Logs: Display the error Controller: text_file_get: Unable to open probes/system/cdm/cdm.data for read.

  • Application/Security Logs: You may see an information message stating that cdm.exe attempted to read the memory of lsass.exe (potentially scraping memory) using the NtReadVirtualMemory function, and that the operation was blocked.

To resolve this issue, complete the following steps:

1. Apply Security Exclusions Because endpoint security software (such as CbDefense) is blocking the probe's operations, an exclusion must be added.

  • Request that your security team add a full exclusion for the Nimsoft installation directory.

    • Default path: C:\Program Files\Nimsoft

  • Continue to monitor the Windows Application logs for any further blocked event messages to ensure the exclusion was successful.

2. Rebuild Performance Counters After the security exclusions are in place, you need to rebuild the Windows performance counters.

  • Open an elevated Command Prompt (Run as Administrator).

  • Run the following command: lodctr /R

  • Restart the robot service to apply the changes.

Powered by Wolken Software