DynaTrace OneAgent causing dbFront WebApp failure with FastFail

Question

The dbFront web application is being shut down hard by DynaTrace OneAgent. The application fails with a FastFail. Debugged using instructions at Debugging IIS FastFail

The eventlog appears to point to w3wp.exe terminating on a FastFail. Triggering a memory dump using WER and examining the content shows that the w3wp.exe process called into dbFront.dll!Unknown.. and was terminated with a FastFail. The final portion of the faulting thread is below.

• clr!SystemNative::GenericFailFast+156
• clr!SystemNative::FailFast+8e
• 0x263a68d2 <= Unknown
• 0x263a04a9 <= Unknown
• clr!CallDescrWorkerInternal+34
• clr!CallDescrWorkerWithHandler+6b

There was no indication on the server that DynaTrace OneAgent was involved. The only clue was that it was recently updated. Once we uninstalled DynaTrace then the issue was resolved.

Answer 1

Yes, DynaTrace OneAgent will crash the dbFront WebApplication if DynaTrace is configured with Process Injection enabled.

One of the ways that DynaTrace OneAgent works is by injecting monitoring logic into processes:

• OneAgent auto injection in Infrastructure Monitoring
• DynaTrace Dynamic injection of agents...

The DynaTrace OneAgent fails when it attempts to inject the monitoring code into dbFront and triggers a FastFail error. The FastFail error kills the dbFront IIS AppPool blocking any access to dbFront. After multiple failures the IIS Rapid-Fail protection may stop the application completely. (IIS Rapid-Fail Protection)

The dbFront code and libraries are purposely signed and configured to block code injection. Although DynaTrace's purposes are good, it should be noted that code injection is also something that malicious software will attempt in order to capture passwords or other high value information.

The solution is to disable Process Injection within DynaTrace. See: DynaTrace Configure Automatic Injection