logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: Applications Hang or Fail to Start with Agent 8.9.2

App Control: Applications Hang or Fail to Start with Agent 8.9.2

Environment

  • App Control Agent: 8.9.2
  • Microsoft Windows: All Supported Versions

Symptoms

  • After upgrading to Agent 8.9.2 some applications are encountering hung processes or other performance issues
  • High CPU usage by the Parity process
  • Systems that start lots of processes Ex: build machines, batch jobs, automation/orchestration servers, RDS servers are most likely to be affected
  • To confirm Agents are encountering the issue:
    1. Log in to the Console and navigate to: https://ServerAddress/Events.php?InternalEvents
    2. Change the Max Age accordingly
    3. Show Filters and add the following filters: 
      Agent Version > Contains: 8.9.2
Description > Contains: pParentProcess->IsForeRunnerOf
    4. If any events are returned then the Agents are affected

Cause

Additional kernel logging was added in version 8.9.2 to make it easier to solve rarely reproducible issues. However, that additional logging caused a deadlock on systems that generate large numbers of processes.

Resolution

This issue was tracked under EP-20098 and resolved with the release of Agent version 8.9.4. Upgrading will resolve the issue.

Additional Notes

  • Please open a Support case to obtain instructions to adjust these settings in bulk for Agents encountering this issue.
  • By default the Kernel Tracing level is 2, even when the Agent is in a Disabled Policy.
  • Agents will continue to generate Internal Events matching pParentProcess->IsForeRunnerOf even with Kernel Tracing set to 0. 
  • Setting the Kernel Tracing to 0 prevents the situation that causes the Agent to hold on to the process threads.
  • Previously the work around was:
    1. Find the relevant Host ID for the impacted machine(s)
    2. Log in to the application server hosting the Console as the Carbon Black Service Account
    3. Launch SQL Server Management Studio and execute the following query: 
      use das;
UPDATE hostmain SET kernel_debug_level=0, debug_level=0, debug_flags=debug_flags|2, refresh_flags=refresh_flags|4
WHERE host_id = <Host_ID>
EXEC dbo.ExpireHostSession <Host_ID>
    4. Reboot the endpoint(s) in question when convenient to terminate the existing hung processes
    5. After upgrading to an Agent version 8.9.4+ please reset the Kernel Trace to default with this SQL script: 
      use das;
UPDATE hostmain SET kernel_debug_level=2, debug_level=0, debug_flags=debug_flags|2, refresh_flags=refresh_flags|4
WHERE host_id = <Host_ID>
EXEC dbo.ExpireHostSession <Host_ID>

Related Content


Labels (1)
Labels:
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎01-10-2024
Views:
1371
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.