It doesn't even get far enough to add an entry to the normal arerror.log (it does post to the arerror.log in \SysWOW64):
Wed Apr 13 13:03:51 2011 0 : AR System server terminated -- fatal error encountered (ARNOTE 21) Wed Apr 13 13:03:51 2011 The Server process terminated. All attempts to start the service manually fail with the pop-up error: "Windows could not start the BMC Remedy Action Request System Server on the Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 1064." Attempting to start arserver from the command prompt results in a different pop-up error: Application popup: arserver.exe - Application Error : The application failed to initialize properly (0xc0000005). Click on OK to terminate the application. Each attempt looks like this in the armonitor.log: Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 AR Monitor version 7.1.00 Patch 003 200805260630 started. Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 AR Monitor started. Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5860) started. "d:\program files (x86)\ar system\arsweb12\arserver.exe" Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5816) started. "d:\program files (x86)\ar system\arsweb12\arplugin.exe" Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5872) started. "d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe" Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 ARMonitor child process (pid:5868) started. "c:\program files (x86)\java\jre6\bin\java" Wed Apr 13 10:15:57 2011 (ARNOTE 0) Wed Apr 13 10:15:57 2011 Pausing for max 900 seconds or until server up. Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 The Server process terminated. Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5816). "d:\program files (x86)\ar system\arsweb12\arplugin.exe" Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5872). "d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe" Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5868). "c:\program files (x86)\java\jre6\bin\java" Wed Apr 13 10:15:58 2011 (ARNOTE 0) Wed Apr 13 10:15:58 2011 Attempting to terminate ARMonitor child process (pid:5860). "d:\program files (x86)\ar system\arsweb12\arserver.exe" Wed Apr 13 10:15:58 2011 Failure occurred during execl() (ARERR 33) Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5860) died with 128. "d:\program files (x86)\ar system\arsweb12\arserver.exe" Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5816) died with 0. "d:\program files (x86)\ar system\arsweb12\arplugin.exe" Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5872) died with 0. "d:\program files (x86)\ar system\arsweb12\arsvcdsp.exe" Wed Apr 13 10:15:59 2011 (ARNOTE 0) Wed Apr 13 10:15:59 2011 ARMonitor child process (pid:5868) died with 0. "c:\program files (x86)\java\jre6\bin\java" Wed Apr 13 10:15:59 2011 AR System server terminated normally (ARERR 32) Wed Apr 13 10:15:59 2011 AR Monitor stopped. Probably more information than you needed... I resolved it by going to Control Panel - Add or Remove Programs (Show updates selected) and selecting "Security Update for Windows Server 2003 (KB2509553) and clicking on "Remove." It warns you about other related security updates that might not work, but I clicked Yes anyway, removed it, then rebooted. ARS started right up after that. I no longer have ARS on any 2008 R2 hardware due to its incompatibility with alarmpoint, but I can test this patch later on my 2008 R2 VMs, where the 7.6.04 server also connects to a remote db on another vm; I'll bet that doesn't work either! Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center http://itsm.unt.edu/ -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of LJ LongWing Sent: Thursday, April 14, 2011 11:16 AM To: arslist@ARSLIST.ORG Subject: Re: WARNING on Microsoft MS11-030 KB2509553 Christopher, What are the errors in arerror.log, what symptoms should we look out for other than armonitor not starting? -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of strauss Sent: Thursday, April 14, 2011 9:49 AM To: arslist@ARSLIST.ORG Subject: WARNING on Microsoft MS11-030 KB2509553 After applying this patch to my Reference Server for the 7.6.04 upgrade: Windows 2003 R2 x64 with ARS 7.1.00.003 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc., SQL Server 2005 on remote server), the AR Service immediately and absolutely refuses to start. On reboot from the security patches (there were 15 total) the AR Server would not start automatically, and all subsequent attempts to start it manually saw the armonitor start, then crash. While troubleshooting with BMC support, it could not even be started from the command line. Removing the KB2509553 security update and rebooting solved the problem immediately, with the ARS service starting normally. The only other AR server that I had applied this patch (and all of the others) to was the Staging Server (Windows 2003 R2 x64 with ARS 7.6.04 CMDB 2.1.00.02 and ITSM 7.0.03.009 etc.), and it has a local SQL Server hosting the db so it was not affected. Note that on the problem AR Server, it was still possible to run the SQL Server Management Studio client (2008) and connect to the remote db normally, even though the ARS service could not. Security Bulletin MS11-030 KB2509553 is a Critical patch for a vulnerability in DNS resolution that could allow remote code execution; it slammed the door shut on something that ARS depends on. Until BMC comes up with a solution for this, I will not be applying this patch to any other AR Server, especially my 7.1 production system with a remote db. Christopher Strauss, Ph.D. Call Tracking Administration Manager University of North Texas Computing & IT Center _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
