6 Replies Latest reply on Mar 6, 2008 3:27 AM by Passmos

    Beginning to see DEP errors on servers with LDSM agent

    Rookie

       

      Hi,

       

       

      We are beginning to see a propogation of DEP alerts/errors on our systems with the LDSM agent installed. It began with one or two reported by our admins, but now I'm starting to see more and more of them on more and more systems.

       

       

       

       

       

      Does anyone have any insight on this issue or where we might be able to begin to look at the root of the problem? I don't think we can set DEP controls via GPO, but I also haven't doen a great deal of research on it. I'm hoping there is an LD fix for this as opposed to GPO since that will most likely require a reboot of the servers ... big no-no out of the outage windows for us ...

       

       

       

       

       

      HELP!!

       

       

       

       

       

      Thanks,

       

       

       

       

       

      -Bill

       

       

        • 1. Re: Beginning to see DEP errors on servers with LDSM agent
          phoffmann SupportEmployee

          Might help if you'd give us an idea as to what DEP is preventing from executing / blocking / error'ing about.

           

          At present there are no "generally" known issues regarding DEP that I'm aware of.

           

          Also - what version of LANDesk do you use? What patch-level are you on? Bit too much dark to take a stab at something here :).

           

          Paul Hoffmann

          LANDesk EMEA Technical Lead.

          • 2. Re: Beginning to see DEP errors on servers with LDSM agent
            Rookie

             

            Be glad to elaborate and thanks for the response ... We're on LD 8.7 SP5

             

             

            The scenario;

             

             

            Log in to a server via RDP and the DEP alert window is present with "..Name: Service Host Application    Publisher: LANDesk Software, Ltd."

             

             

            Close the message and you get a windows error report request referring to "..Service Host Application encountered a problem and needed to close.."

             

             

            The details of the data: "..EventType: BEX  P1:ServiceHost.exe  P2: 8.7.0.23  P3: 45a3d8a9  P4: unknown  P5: 0.0.0.0  P6: 0's  P7: 00000080  P8: c0000005  P9: 00000008

             

             

            Close that window and the DEP Service Host Application error comes up again and can repeat sometimes 5 times or more.

             

             

            -Bill

             

             

            PS: See attached screen shots. (sorry about the formatting, just fwded it how I got it)

             

             

            • 3. Re: Beginning to see DEP errors on servers with LDSM agent
              phoffmann SupportEmployee

              That's interesting - DEP bombs out SERVICEHOST.EXE ...? ?:|

               

              Huh - strange.

               

              SERVICEHOST.EXE is not a LDSM-specific part - you'll find it on any LANDesk client - default path would be "C:\Program Files\LANDesk\Shared Files\".

               

              It's normally the receiving end of what the Core tells the client to do. For instance, if you right-click on a client and say "shut down" or "restart", then the Core prods the SERVICEHOST, and tells it to run the necessary commands.

               

              You might want to look into the SERVICEHOST.LOG (same directory as above) - that might give some indication towards the problem ... but this should not be an LDSM issue per se, since this is a perfectly normal part of an agent. There's something else here ...

               

              Paul Hoffmann

              LANDesk EMEA Technical Lead.

              1 of 1 people found this helpful
              • 4. Re: Beginning to see DEP errors on servers with LDSM agent
                Rookie

                 

                Thanks for the tip to look at the log. It appears there were internal security scans being done yesterday and looking through the logs it looks like the system invoking the servicehost.exe was originating from that security system testing for vulnerabilities.

                 

                 

                I'll keep my eyes on it for now and post back the findings if that helps.

                 

                 

                Thanks again Paul.

                 

                 

                -Bill

                 

                 

                • 5. Re: Beginning to see DEP errors on servers with LDSM agent
                  Rookie

                   

                  Hi,

                   

                   

                  Was this error ever resolved?  We too are experiencing exactly the same error message with the servicehost executable? Can anyone point me in the direction of any information I can use to diagnose the issue?

                   

                   

                   

                   

                   

                  Thanks again

                   

                   

                  • 6. Re: Beginning to see DEP errors on servers with LDSM agent
                    Rookie

                     

                    okay, looking further into the error messages and comparing with the servicehost.exe logs found at c:\program files\Landesk\shared files\servicehost.log I was able to identify where the issues where coming from i.e what peer was causing the issue.

                     

                     

                    From there I tracked down the peer on our network and to cut a long story short the DEP messages are all historic.  They were all generated at the time of our recent vulnerability scan.  Several of the tests included in the scan were designed to cause buffer overflows in common services (landesk included), obviously DEP picked up these irregularities and halted the action.

                     

                     

                    After accepting the error messages they have now all successfully gone away, nothing logged in the Log file and a happy server once more..

                     

                     

                    Just thought I'd post this to highlight  the issue, should someone else experience the same prob.

                     

                     

                    THanks