We are facing this issue wherein the Windows server on which CA PIM is running is automatically restarting after 2-3 days. The case was opened with Microsoft and they found out that the server is moving into bugcheck state and then restarting. On further analysis, they have found out that the bug check is due to a Control Minder driver.

Please find below the analysis from Microsoft. Request your inputs.

----------------

The bugcheck was: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0x0000000000000000, 0x0000000000000000 Checked and found that the Driver belongs to CA ControlMinder Engine driver, which is non OS driver

• Suggestion would be to involve the vendor CA with the dump file to understand the reason for the crash
• Proactively, request you to check on the driver update for BXND60A.SYS

https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x133-dpc-watchdog-violation

Module[ 61] [C:\WINDOWS\SYSTEM32\DRIVERS\DRVENG.SYS]

CA Access Control

  File Description:  CA ControlMinder Engine driver

  Product Version:   (14.0:886.0)

  File Version:      (14.0:1.0)

  File Size (bytes): 106072

  File Date:         Thu Jun 01 08:46:14 2017

  Module[ 35] [C:\WINDOWS\SYSTEM32\DRIVERS\BXND60A.SYS]

  Company Name:      Broadcom Corporation

  File Description:  AMD64 BXND NDIS6.0 Driver

  Product Version:   (7.4:23.2)

  File Version:      (7.4:23.2)

  File Size (bytes): 130400

  File Date:         Thu Aug 22 18:13:40 2013

THREAD_SHA1_HASH_MOD_FUNC:  78574d927baf89ee48cf2f141dc4b393ed978282

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  076155b3bff09302c8d04843f1b2391d7dd7be26

THREAD_SHA1_HASH_MOD:  2351d795a8131ac90eac5e0fcd412fc682eb6f66

FOLLOWUP_IP:

drveng!DrvEngDetachPlugin+781f

fffff801`fb36a173 483bde          cmp     rbx,rsi

FAULT_INSTR_CODE:  74de3b48

SYMBOL_STACK_INDEX:  7

SYMBOL_NAME:  drveng!DrvEngDetachPlugin+781f

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: drveng

IMAGE_NAME:  drveng.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  59300c94

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  781f

FAILURE_BUCKET_ID:  0x133_ISR_drveng!DrvEngDetachPlugin

BUCKET_ID:  0x133_ISR_drveng!DrvEngDetachPlugin

PRIMARY_PROBLEM_CLASS:  0x133_ISR_drveng!DrvEngDetachPlugin

TARGET_TIME:  2021-10-21T19:38:47.000Z

OSBUILD:  9600

start             end                 module name

fffff801`fb35c000 fffff801`fb37e000   drveng     (export symbols)       drveng.sys

    Loaded symbol image file: drveng.sys

    Image path: \SystemRoot\system32\Drivers\drveng.sys

    Image name: drveng.sys

    Browse all global symbols  functions  data

   Timestamp:        Thu Jun  1 18:16:12 2017 (59300C94)

    CheckSum:         00023626

    ImageSize:        00022000

    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

    Information from resource tables:

Release : 14.0

Component : CA ControlMinder

The installation version at the customer environment is one that was released in the mid of 2017 and it's quite old. The problem could have been related to performance and DPC threads.

The problem faced is a known issue with the embedded endpoint and this is fixed in later releases. The solution is to upgrade the ENTM to the latest build of PAMSC and along with the endpoint application as well to resolve this problem. Tons of changes related to performance and DPC threads have gone into the product since then. The latest code has better hashing, a separate watchdog thread for discarded connection cleanup, Spinlock contention resolution flags based on priority (called "yield" in other words), no thread delay instructions, etc.. the list goes on