Windows Server 2012 R2, fully updated, physical server. Installed AMP connector version 188.8.131.5248 last night. Since then the server has crashed/rebooted twice. Seeing several event ID 36887 Schannel errors since the install - "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.". I have since stopped and disabled the AMP service. Any help with this would be appreciated.
I recommend getting the DMP file from the crash, an AMP Diagnostic File and opening a TAC case so we can look into this issue. I haven't heard of any crashes on 6.2.5 so I don't have any suggestions without the data aside from potentially disabling various services to see if you can figure out which one is causing the crashes.
The dump is typically in %SystemRoot%\Memory.dmp
The diagnostic file generation directions are here:
Two more servers have crashed now. Looks like AMP may be causing high CPU usage and eventual crash. Seeing lots of these log entries right before the server shuts down:
: ERROR: Event::SlowProcessor unable to calculate hash using handle (file path)
As I mentioned earlier, I suggest opening a TAC case with the associated support files so an Engineer can take a closer look. This could just be an issue of adding proper exclusions.
I'm having the exact same issue since upgrading to 6.2.5. Not just server OS though. I've had both servers and workstations BSOD. It seems random. I have opened a TAC case, but no real luck yet. I've had to uninstall AMP from the servers as the crash happens, because the BSOD comes back, and these are production servers. Hopefully a fix is found soon...
Thanks, Matt! I've added the mini dump files to the case, hopefully that will help. I couldn't upload the full memory dump files because they range between 300MB-1GB...
You should be able to upload files up to 250GB through the Support Case Manager.
If you have issues with that, please try the Case File Uploader (250GB).
Uploading via email only allows for 20MB attachments. Hope that helps.
tonynray, have you found any correlation between your machines that are crashing? I have not. Server 2008 r2, 2012 r2, 2016, physical, VM - all are effected. The majority of my servers with AMP installed are not having problems, but the ones that do crash quite often.
I have not. 4 total machines - 2 VMs, 2 physical, 2 Server 2012 R2, 1 Server 2008 R2, 1 Windows 7 Pro... So far it's just these 4 that I've found (out of 2500 machines). But just in case, I have uninstalled AMP from my core production servers just to prevent crashes.
Correct. The issues have only started after upgrading to 6.2.5. Although, one of the servers has crashed again after doing a clean uninstall/reboot/reinstall, not upgrade.
A bug has been opened for this issue. Should be visible within the next 24 hours. I suggest monitoring it for updates if you don't have a case open.
Is there a way to force a downgrade? I assume if I select a 6.1.x version it would downgrade the clients accordingly? This issue is reported on all 6.2.x versions so I don't want them running any version of 6.2.