Agent starts then crashes on a 2008r2 server

edited October 2014 in EventSentry [General]
EventSentry 2.93.1, we can't get the agent to run on a specific Windows 2008r2 server. It runs fine on others in our environment. I have uninstalled, rebooted, reinstalled fresh in case there was a corrupted file.

In the App event log we get this event (eventid 10804, source EVentSentry, task category Compliance Tracking):

EventSentry determined that all audit policies required for compliance tracking are configured correctly, The following policies are currently configured to generate "Audit Success" events:

* Account Logon
* Account Management
* Detailed Tracking
* Logon/Logoff
* Policy Change

Then about 4 seconds later we get this (eventid 1000, source Application Error, task category (100)):

Faulting application name: EVENTSENTRY_SVC.EXE, version: 2.93.1.0, time stamp: 0x4fe8dba1
Faulting module name: EVENTSENTRY_SVC.EXE, version: 2.93.1.0, time stamp: 0x4fe8dba1
Exception code: 0xc0000005
Fault offset: 0x00291ed1
Faulting process id: 0xb5c
Faulting application start time: 0x01cfe1acd93d8428
Faulting application path: C:\Windows\SYSWOW64\EVENTSENTRY\EVENTSENTRY_SVC.EXE
Faulting module path: C:\Windows\SYSWOW64\EVENTSENTRY\EVENTSENTRY_SVC.EXE
Report Id: 1c217d62-4da0-11e4-a998-5a91280853be

There isn't anything special about the O/S on this box, although it is running a vendor financial package. I've excluded the service exe from DEP as well as antivirus, also excluded the windows\syswow64\eventsentry folder.

This was just a normal install, pushed from the central server like all the others. Is there something I'm overlooking? Some prereq I missed?

Comments

  • The first thing I'd recommend is that you update to the latest v2.93 build, which is 2.93.1.82. You should be able to get that from the account area. We fixed a number of issues from the initial 2.93 release, and chances are that this bug was resolved.

    If that doesn't work, then we would probably need a crash dump. You can email our support team to get this process started.

    If you are under an active maintenance agreement, then I would recommend upgrading to v3.0.1. There have been a lot of under-the-hood improvements to the agent as well as much better management and reporting interface.
Sign In or Register to comment.