Ylianst/MeshAgent

MeshAgent Service is getting stopped.

mdshoaibumer opened this issue · 6 comments

Dear @Ylianst @krayon007 ,

My MeshCentral version is : v1.0.0 ( Latest Stable Version).
My OS : Windows 10.
We are currently facing a issue where MeshAgent service is getting stopped. I have enabled "Restart the service" even if there is a failure in service properties but still service is not recovering. I have enabled coredump in MeshAgent msh file and we got the below line printed and service got stopped.
No CRASH is observed . kindly help us to resolve this issue.

[2022-07-15 01:53:51 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) AgentCore/MeshServer_ControlChannel_IdleTimeout(): Pong Received

[2022-07-15 01:55:51 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) AgentCore/MeshServer_ControlChannel_IdleTimeout(): Sending Ping

[2022-07-15 01:55:51 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) AgentCore/MeshServer_ControlChannel_IdleTimeout(): Pong Received

[2022-07-15 01:57:51 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) AgentCore/MeshServer_ControlChannel_IdleTimeout(): Sending Ping

[2022-07-15 01:57:51 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) AgentCore/MeshServer_ControlChannel_IdleTimeout(): Pong Received

[2022-07-15 01:59:51 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) AgentCore/MeshServer_ControlChannel_IdleTimeout(): Sending Ping

[2022-07-15 01:59:51 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) AgentCore/MeshServer_ControlChannel_IdleTimeout(): Pong Received

[2022-07-15 02:00:54 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Control Channel Disconnected [1256]...

What antivirus are you running? I know earlier there were reports that the AV was detecting the agent as potentially unwanted software, and was deliberately stopping the service.

Replying on behalf of @mdshoaibumer.

Hi @krayon007 , The antivirus used is Sophos.

Hi @krayon007 ,

As said by @knkumar93 , we are using Sophos Antivirus and we have added the MeshAgent installed path in AV exclusion list.
when we check the AV logs , there is no event which is blocking meshagent.exe.
We need help on this . Agent is not crashing hence we are unable to get the coredump too. Only service is getting stopped.

Hi @krayon007 @Ylianst ,

After posting below logs im meshagent.log file service is getting stopped automatically with no crash.
[2022-07-18 09:33:41 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) AgentCore/MeshServer_ControlChannel_IdleTimeout(): Sending Ping

[2022-07-18 09:33:41 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Control Channel Disconnected [1636]...
[2022-07-18 09:33:41 PM] [F34F56D2D284E386] ..\meshcore\agentcore.c:4130 (0,0) Attempting to connect to Server...
[2022-07-18 09:33:43 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Connecting to: wss://jsslupdate.jssl.in:8443/agent.ashx
[2022-07-18 09:33:43 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Control Channel Connection Established [1912]...
[2022-07-18 09:33:43 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) TLS Server Cert matches Mesh Server Cert [1912]...
[2022-07-18 09:33:43 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Sending Authentication Data...
[2022-07-18 09:33:45 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) ProcessCommand(1)...
[2022-07-18 09:33:45 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Processing Authentication Request...
[2022-07-18 09:33:46 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) ProcessCommand(4)...
[2022-07-18 09:33:46 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Authentication Complete...
[2022-07-18 09:33:46 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) AgentCore/MeshServer_ControlChannel_IdleTimeout(): PONG TIMEOUT

[2022-07-18 09:33:46 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Control Channel Disconnected [1912]...
[2022-07-18 09:33:46 PM] [F34F56D2D284E386] ..\meshcore\agentcore.c:4130 (0,0) Attempting to connect to Server...
[2022-07-18 09:33:46 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Connecting to: wss://jsslupdate.jssl.in:8443/agent.ashx
[2022-07-18 09:34:07 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Network Timeout Occurred...
[2022-07-18 09:34:07 PM] [F34F56D2D284E386] ..\microstack\ILibParsers.c:10805 (0,0) Control Channel Disconnected [0]...
[2022-07-18 09:34:07 PM] [F34F56D2D284E386] ..\meshcore\agentcore.c:4130 (0,0) Attempting to connect to Server...

Hi @Ylianst @krayon007

OS : Windows 10
AV : Sophos Endpoint
We have added exclusion.

This problem is happening during machine reboot itself.

If we manually start service, it is working.

Below is the eventvwr screenshot. And it is not happening in all systems, randomly some machines sometime it happens.
Screenshot (227)

After Digitally signing the exe. This Error has stopped and its working fine.

Thanks for the support @Ylianst @krayon007