SNA Base / SNA Manage Agent - 624 - Process ended abnormally, creating a dump file

Microsoft.HostIntegrationServer.2016.SNABase_WarningEvent_624 (Rule)

Captures warning events and generates a warning alert

Knowledge Base article:

Summary

A process (value) ended abnormally due to a protection violation or internal unrecoverable error condition. Diagnostic information about this has been automatically created by Host Integration Server.

Causes

If a serious error is logged at the same time as the Event 624, then this likely was the cause of this Event 624.

Resolutions

Provide support personnel with the following:

- Windows NT Application and System event log file(s) from the Host Integration Server

- \system\traces\snadump.log

- \system\config\com.cfg

- \system32\drwtsn32.log

If there is no drwtsn32.log entry created, then drwtsn32.exe may not be the default Windows NT debugger on the machine. If Host Integration Server or SNA application failed due to an access violation, and no drwtsn32.log entry is created, then it is not possible for support personnel to diagnose the cause of the failure.

To reset drwtsn32.exe as the default debugger, run the following command from a Windows NT command line:

drwtsn32.exe -i

This change is implemented immediately. There is no need to restart Windows NT.

Also, for the drwtsn32.log entry to be useful, Host Integration Server "symbol" files installed into the \symbols directory tree must match the version of Host Integration Server modules being used. Host Integration Server automatically installs matching symbol files when installing Host Integration Server or when applying Host Integration Server service packs, so there is no administrator action needed.

However, if a hotfix to Host Integration Server has been applied to the system, the matching symbol file must also be installed into the \symbols\dll or \symbols\exe directory as directed by the readme file accompanying the hotfix.

Element properties:

Target

Microsoft.HostIntegrationServer.2016.SNAGateway

Category

EventCollection

Enabled

False

Event_ID

624

Alert Generate

True

Alert Severity

Warning

Alert Priority

Normal

Remotable

True

Alert Message

SNABase alert for Event 624

Server: {0}
Event ID:{1}
Event Description: {2}

Event Log

Application

Member Modules:

ID	Module Type	TypeId	RunAs
DS	DataSource	Microsoft.Windows.EventProvider	Default
Alert	WriteAction	System.Health.GenerateAlert	Default
WriteToDB	WriteAction	Microsoft.SystemCenter.CollectEvent	Default
WriteToDW	WriteAction	Microsoft.SystemCenter.DataWarehouse.PublishEventData	Default

Source Code:

<Rule ID="Microsoft.HostIntegrationServer.2016.SNABase_WarningEvent_624" Enabled="false" Target="Microsoft.HostIntegrationServer.2016.SNAGateway" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">Channel</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="String">Application</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value Type="UnsignedInteger">624</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <RegExExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>MatchesRegularExpression</Operator>

              <Pattern>^(SNA.Base.Service|SNA.Manage.Agent)$</Pattern>

            </RegExExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="WriteToDW" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

    <WriteAction ID="Alert" TypeID="Health!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertMessageId>$MPElement[Name="AlertMessageID85c606d73aba419c889a981ed5640d5b"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/LoggingComputer$</AlertParameter1>

        <AlertParameter2>$Data/EventDisplayNumber$</AlertParameter2>

        <AlertParameter3>$Data/EventDescription$</AlertParameter3>

      </AlertParameters>

    </WriteAction>

  </WriteActions>

</Rule>