PIM(EP) r12.8 SP1 CR01: unexpected reboot on drveng.sys

book

Article ID: 140620

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

OS Rebooted unexpectaly. 

OS vender find it caused by drveng.sys.

 

Bugcheck show as following:

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0 = read operation, 1 = write operation
Arg4: fffff80115fa410d, address which referenced memory

Cause

It has bug at network interception function.

It may cause another bugcheck code as following:


SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff800b7667b4d, The address that the exception occurred at
Arg3: ffffd000208f4fc8, Exception Record Address
Arg4: ffffd000208f47e0, Context Record Address

Environment

Release : 12.8

Component : CA ControlMinder - NT

Resolution

This is known problem and it fixed in r12.8 SP1 CP2.
Please apply PIM r12.8 SP1 CP2.

Additional Information

The problem has workaround which is network interception disable.

Please set following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drveng\Parameters

  DisableNetworkInterception : 1 (REG_DWORD)