Azure Service Fabric Installation with Sysmon Causes CPU Exhaustion RRS feed

  • Question

  • We are having issues installing and running Service Fabric on servers that are also running Sysmon. After installation or Reboot the server will become unusable and often Blue Screen.
    Steps to reproduce:
    1. New Server 2016 Install (No updates required)
    2. Install Latest Sysmon with the following config. This config is very minimal but the issue occurs with any config that includes a FileCreateStreamHash entry.
    <Sysmon schemaversion='4.22'>
    <RuleGroup name='' groupRelation='or'>
    <FileCreateStreamHash onmatch='include'>
    3. Download Service Fabric Installation Package to 2016 (
    4. Execute '.\\CreateServiceFabricCluster.ps1 -ClusterConfigFilePath .\\ClusterConfig.Unsecure.DevCluster.json -AcceptEULA' from Downloaded Microsoft.Azure.ServiceFabric.WindowsServer.* directory
    5. Wait approximately 5 minutes for c:\\ProgramData\\SF\\ReplicatorLog\\replicatorshared.log to be created and CPU will become exhausted.
    Tuesday, January 14, 2020 5:41 PM

All replies