Menu

DynaTrace OneAgent causing dbFront WebApp failure with FastFail

0 votes

The dbFront web application is being shut down hard by DynaTrace OneAgent. The application fails with a FastFail. Debugged using instructions at Debugging IIS FastFail

The eventlog appears to point to w3wp.exe terminating on a FastFail. Triggering a memory dump using WER and examining the content shows that the w3wp.exe process called into dbFront.dll!Unknown.. and was terminated with a FastFail. The final portion of the faulting thread is below.

  • clr!SystemNative::GenericFailFast+156
  • clr!SystemNative::FailFast+8e
  • 0x263a68d2 <= Unknown
  • 0x263a04a9 <= Unknown
  • clr!CallDescrWorkerInternal+34
  • clr!CallDescrWorkerWithHandler+6b

There was no indication on the server that DynaTrace OneAgent was involved. The only clue was that it was recently updated. Once we uninstalled DynaTrace then the issue was resolved.

in Errors by (7.4k points)
edited by
Share on
share on gp share on fb share on tw share on li

1 Answer

0 votes

Yes, DynaTrace OneAgent will crash the dbFront WebApplication if DynaTrace is configured with Process Injection enabled.

One of the ways that DynaTrace OneAgent works is by injecting monitoring logic into processes:

The DynaTrace OneAgent fails when it attempts to gain Debug Access to dbFront and inject its monitoring logic. This failure triggers an unrecoverable FastFail error. The FastFail error kills the dbFront IIS AppPool, blocking any access to dbFront. After multiple failures the IIS Rapid-Fail protection may stop the application completely. (IIS Rapid-Fail Protection)

Although DynaTrace's purposes are good, it should be noted that Debug Access is dangerous if abused because it allows runtime Memory Inspection, Code Injection and much more...

  • Memory Inspection allows hackers to capture passwords and other high-value information,
  • Code Injection gives hackers complete application control for their own malicious ends.

Because of this, gaining Debug Access is a very tempting exploit vector on web servers. The dbFront executables and libraries are purposely configured and signed to block debugging and code injection.

The solution is to disable Process Injection within DynaTrace. See: DynaTrace Configure Automatic Injection

Likely due to the way it raises the error (FastFail), DynaTrace OneAgent does not create any local log of the failure so there is no way to tie the application crash to DynaTrace. The only way to verify that DynaTrace OneAgent was the source of the issue, is to disable the Code Injection within DynaTrace or Uninstall DynaTrace OneAgent.

by (65.5k points)
edited by
Welcome to the dbFront Q&A site, where you can ask questions and receive answers from other members of the community.

Categories

Most popular tags

table-view error lookup-field security action-button table-grid advanced-search form-fields css user-interface stored-procedure reporting customizing installing tables authentication import url export attachments single-sign-on user-help active-directory login search sqlserver performance database-connection foreign-key license field-preferences custom-visibility email iis pdf-form cascading-lookup duplicates themes mysql date-field backup upgrading table-relationships quick-search drop-down-list logo table-preferences refresh excel printing connector notifications primary-key azure connection database webrequest costed sidebar-help user-profile multi-select main-menu attachment-properties iframe numeric-field access-control record-locks timeout sorting multilingual header audit support csv oracle display hosting link help html-fields whitelisting child-tables session-key-failure wildcard-search font-size caching save-button fastfail row-style row-security default-value barcode network-file local-file integrations logout custom-sorting validation custom-caption debugging
 | Minimalist Answer Theme by Digitizor Media
 |
Powered by Question2Answer
...