locked
MS ATA ModelCatalog initialization exception - Access to Procmon resources denied? RRS feed

  • Question

  • Hi,

    One of our MS ATA Gateways throws following error during initialization:

    2018-xx-yy 00:34:52.8959 6716 6   Debug [NetworkListener] Loaded cached module 'EPM_032874d04ce88eb14d34d28fa7a6f571_4_0_7587_0.mdb'
    
    2018-xx-yy 00:34:52.9271 6716 6   Error [NetworkListener] Exception thrown during ModelCatalog initialization: Microsoft.Protocols.Tools.Framework.PefException: ResourceCompiler: failed to compile resources for OPN modules - message: Access to the path '<C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Pef\Cache\Procmon.OpnStringResource\Procmon.OpnStringResource.resources>' is denied. - stack trace:    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
       at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
       at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share)
       at System.Resources.ResourceWriter..ctor(String fileName)
       at Microsoft.Protocols.Tools.Compiler.ResourceCompiler.CreateDefaultResourceWriter(String moduleName)
       at Microsoft.Protocols.Tools.Compiler.ResourceCompiler.Compile(Module module)
       at Microsoft.Protocols.Tools.Compiler.ResourceCompiler.Compile(Module[] modules)
       at Microsoft.Protocols.Tools.Framework.SimpleHost.FatalError(String message, Exception[] exceptions)
       at Microsoft.Protocols.Tools.Compiler.ResourceCompiler.Compile(Module[] modules)
       at Microsoft.Protocols.Tools.Compiler.Runtime.RuntimeCompiler.CompileModulesToResources(Action`1 errorReporter, Module[] modules)
       at Microsoft.Protocols.Tools.Utilities.ResourceLock.RunWithLock(String lockName, Action code)
       at Microsoft.Opn.Runtime.Metadata.ModelCatalog.EnsureAllModuleResourceCompiled()
       at Microsoft.Opn.Runtime.Metadata.ModelCatalog.Initialize(ModelCatalogSettings settings, Boolean shouldRegisterSourceChangeEvents)
    
       2018-xx-yy 00:34:52.9271 6716 14  Debug [NetworkListener] Created MDB files
    
    ..
    
    2018-xx-yy 00:34:54.4271 6716 11  Debug [NetworkListener] Compiling OPN files
    
    2018-xx-yy 00:34:54.4427 6716 6   Error [__Error] System.UnauthorizedAccessException: Access to the path '<C:\Program Files\Microsoft Advanced Threat Analytics\Gateway\Logs\Microsoft.Tri.Gateway.Updater-ExceptionStatistics-20181026090115.log>' is denied.
       at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
       at System.IO.File.InternalDelete(String path, Boolean checkHost)
       at Microsoft.Tri.Infrastructure.Utils.ExceptionHandler.SaveStatistics(String path)
       at Microsoft.Tri.Infrastructure.Extensions.ActionExtension.<>c__DisplayClass0_0.<ToAsync>b__0()
       at async Microsoft.Tri.Infrastructure.Framework.Module.<>c__DisplayClass30_0.<RegisterPeriodicTask>b__1(?)
       at async Microsoft.Tri.Infrastructure.Extensions.TaskExtension.<>c__DisplayClass33_0.<RunPeriodic>b__0(?)
    
    2018-xx-yy 00:34:54.5521 6716 11  Debug [NetworkListener] Loaded cached assembly 'InfrastructureResources_7c75097654754987c0b113cbdd5013df_4_0_7587_0.dll'

    This has happened mostly after ATA tries to recover from this error: hxxps://social.technet.microsoft.com/Forums/security/en-US/de95d338-731a-4604-8e66-2ae47c517c8c/ms-ata-gateway-crash-quotsystemdiagnosticseventingreadereventlogexception-the-handle-is?forum=mata.

    What could cause this?



    • Edited by Ukkö Monday, November 26, 2018 12:33 PM
    Monday, November 26, 2018 12:32 PM

All replies

  • Multiple causes might be relevant.

    If the process crashed for some reason while it tried to originally build the model,

    thus files on the disk might have gotten corrupted , of if there was no disk space, or permissions on the folder

    got screwed somehow.
    to revive from this, stop GW services, and delelte the "cache" subfolder from the deployment folder, 

    then when you start the services again, giving that what blocked it before is not blocking it any more,

    it should be able to recreate the model. (first startup would be much slower).

    Monday, November 26, 2018 1:05 PM