KS-HostMonitor v7.18 SysLog Errors

All questions related to installations, configurations and maintenance of Advanced Host Monitor (including additional tools such as RMA for Windows, RMA Manager, Web Servie, RCC).
Post Reply
Bulldog98
Posts: 23
Joined: Fri Sep 21, 2007 3:29 pm

KS-HostMonitor v7.18 SysLog Errors

Post by Bulldog98 »

Hi,

I keep seeing multiple instances of the following error in the SysLog for my KS-HostMonitor 7.18 install:

SMTP client error: Access violation at address 0042D520 in module 'hostmon.exe'. Read of address 3B8BF090

These occurr quite regulary and eventually cause HostMonitor to stop alerting for any errors (sound and visual alerts) and eventually leads to the HostMonitor service crashing.

Any ideas what could be causing this and what steps I would need to take to resolve this issue?

Many thanks
Top
KS-Soft Europe
Posts: 2832
Joined: Tue May 16, 2006 4:41 am
Contact:
Contact KS-Soft Europe

Post by KS-Soft Europe »

Do you have installed some antivirus monitors, personal firewall, content monitoring software? Non stanard winsock components?
Usually such a problems are caused by Symantec, McAfee, TrendMicro antivirus realtime monitors. If you are unable to disable antivirus, we recommend at least to disable real-time protection module or add HostMonitor to exclusions list.

Also, to workaround the problem, you may try the following trick. You should change SharedSection parameter, located at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\Windows registry key. By default, it is set as SharedSection=1024,3072,512. We recommend you to increase second and third values. So, you should specify SharedSection=1024,6144,1024

Please read following article for details: http://support.microsoft.com/kb/126962

Warning: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. we cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Regards,
Max
Top
Bulldog98
Posts: 23
Joined: Fri Sep 21, 2007 3:29 pm

Post by Bulldog98 »

I have tried the work around as suggested but this has not solved our problem. Here is an extract from our syslog.htm.

Code: Select all

2008-04-16 02:59:42   SMTP client error: Access violation at address 0042D520 in module 'hostmon.exe'. Read of address 3B8BF090  
 2008-04-16 02:59:44   SMTP client error: Access violation at address 0042D520 in module 'hostmon.exe'. Read of address 3B8BF090  
 2008-04-16 03:01:27   RCI enabled  
 2008-04-16 03:01:27   RMA Server enabled  
 2008-04-16 03:01:35   RCI connection established. Operator: Netops  
 2008-04-16 03:01:57   Monitor started  
 2008-04-16 19:03:45   SMTP client error: Error reading ResultsMemo.Lines.Strings: Access violation at address 0042D520 in module 'hostmon.exe'. Read of address 3B8BF090  
 2008-04-16 19:03:46   SMTP client error: Error reading ResultsMemo.Lines.Strings: Access violation at address 0042D520 in module 'hostmon.exe'. Read of address 3B8BF090  
 2008-04-16 23:03:48   SMTP client error: Access violation at address 0042D520 in module 'hostmon.exe'. Read of address 3B8BF090  
 2008-04-16 23:41:36   RCI enabled  
 2008-04-16 23:41:36   RMA Server enabled  
 2008-04-16 23:41:47   RCI connection established. Operator: Netops  
 2008-04-16 23:42:00   Monitor started  
 2008-04-17 01:03:47   SMTP client error: Access violation at address 0042D520 in module 'hostmon.exe'. Read of address 3B8BF090  
 2008-04-17 01:03:56   SMTP client error: Access violation at address 0042D520 in module 'hostmon.exe'. Read of address 3B8BF090
As you can see from the log restarting the service solves the issue for a short while and everything works as expected.

Everything was working fine up until a few days ago when I upgraded to v7.18 and also installed mySQL 5 on the server and configured hostmonitor to log to a database. They are the only changes that have been made on this server since the error started occuring.

Any ideas on how to resolve this issue? This exact same issue occurred when I upgraded from v6.80 to v6.82 and the only way I managed to overcome the issue last time was to install hostmonitor on its own dedicated box and it has been working fine without any issues up until now.
Top
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:
Contact KS-Soft

Post by KS-Soft »

Probably there is resource leakage in ODBC driver. Could you please disable ODBC logging? If this helps, then you need to use different ODBC driver.

Regards
Alex
Top
Bulldog98
Posts: 23
Joined: Fri Sep 21, 2007 3:29 pm

Post by Bulldog98 »

I disabled database logging and left it running for 4 days for testing and the errors still occurred.

I use SMTP to send email alerts and these errors appear whenever an attempt to send an email from hostmon is made. All this was working fine before I upgraded to version 7.18.
Top
KS-Soft Europe
Posts: 2832
Joined: Tue May 16, 2006 4:41 am
Contact:
Contact KS-Soft Europe

Post by KS-Soft Europe »

Could you send all *.hml, *.lst and *.ini files from HostMonitor's folder to support@ks-soft.net ? Please, compress files before sending, if possible.

Regards,
Max
Top
Bulldog98
Posts: 23
Joined: Fri Sep 21, 2007 3:29 pm

Post by Bulldog98 »

Done.
Top
KS-Soft
Posts: 13012
Joined: Wed Apr 03, 2002 6:00 pm
Location: USA
Contact:
Contact KS-Soft

Post by KS-Soft »

Thank you for the files.
It looks like errors were caused by lack of system resources.
When error appears again, can you please check resource usage for each process, especially for HostMonitor? You may use standard Windows Task Manager to check Handles, GDI and USER objects. What the total resource usage?

I think problem is caused by Performance Counter test items. Windows PDH.DLL lead to problems too often, even when system load is low. You have over 2400 Performance Counter tests (13 tests per second), I am sure this will lead to problems due to bad implementation of PDH.DLL.

Quote from the manual
Test mode
Windows implementation of performance counters has bugs. E.g., Windows 2000 (Professional, Server, and Advanced Server editions) can produce memory leak in PDH.DLL when user (application) querying performance counter that does not exist. This bug fixed in SP2. Also PDH.DLL does not work correctly with multithread applications.
That's why in HostMonitor we have implemented several different methods to work with pdh.dll:
- MultiThread mode: HostMonitor works almost according to Microsoft documentation with some workaround to avoid most likely problems. HM loads pdh.dll at once and uses it all the time. This method fast because HM can start several tests simultaneously. If everything will work correctly on your system, use this method (by default HostMonitor uses this method).
- OneByOne mode: Using this method HM will start Performance Counter tests one by one This method is slow (when you setup Performance Counter test using Test Properties dialog program even can hang for 1-2 min) but using this method you may avoid some problems due to a buggy pdh.dll
- Smart mode: With this method HM will try to detect when pdh.dll has to be reloaded.
- External mode: HostMonitor uses external (perfobj.exe) utility to perform the tests. This is fast and most reliable method.
I would recommend to try External mode.

Also you may setup RMA (Remote Monitoring Agent) on different (or the same) system and use this agent to perform Performance Counter tests. This will provide 2 benefits
1) This will help to understand what exactly tests lead to resource leakage.
2) You may setup HostMonitor or standard Windows scheduler to reboot that agent on regular basis. In such case Windows will release all resources used by PDH.DLL

Also I would recommend to use WMI test method instead of Performance Counter, WMI technology works much more reliable.

Regards
Alex
Top
Post Reply

Return to “Configuration, Maintenance, Troubleshooting”