locked
NAP Shv fails RRS feed

  • Question

  • Hi all!

    I have been experiencing a very concerning problem and found very little on this topic as how to resolve it. I have built a custom Shv and Sha for NAP. When I register the Shv in the NPS everything goes well. It shows up in the NPS configuration snap-in and the solution works well. The Sha and Shv can communicate with eachother (through NAP interfaces) and restrict access depending on client conditions.

    But all of a sudden the communication stops (it can take up to severel hours) and in the NPS server logs I see just an error message saying

    "SHV Id : 96119 can not create validator."

      < Event xmlns =" http://schemas.microsoft.com/win/2004/08/events/event " >
    - < System >
      < Provider Name =" NPS " />
      < EventID Qualifiers =" 49152 " > 10001 </ EventID >
      < Level > 2 </ Level >
      < Task > 0 </ Task >
      < Keywords > 0x80000000000000 </ Keywords >
      < TimeCreated SystemTime =" 2009-09-08T10:00:24.000000000Z " />
      < EventRecordID > 10414 </ EventRecordID >
      < Channel > System </ Channel >
      < Computer > CORPAPP02.corp.com </ Computer >
      < Security />
      </ System >
    - < EventData >
      < Data > 96119 </ Data >
      < Binary > 1A400080 </ Binary >
    </ EventData >
    </ Event >

    and the shv is out the game. It doesn't do anything, it still shows in the NPS configuration snap-in but doesn't communicate with the Sha anymore. What helps it to unregister the dll and register it again or to restart the NPS-service. Obviously something that it out of the question as a permanent solution


    The NPS server is running on a x64 Windows Server 2008 R2 Enterprise (no Service Pack installed) and the custom Shv is practically the NAP SDK sample with small modifications.


    At first I thought that this problem was only related to my Shv component but then I saw in another post that someone running the FCS Shv had the same problem, which lead me to believe that it just might had something to do with the NPS server itself!

    Here's a link to that posting

    http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/23ec6d43-4de8-4e25-88a2-93750724480e

    Since I haven't found much at all on this topic, whether people have gotten it to work or not, it would be great if you could enlighten me as to you did to make it work and on what platform so that I can replicate it or if you have had the problem and solved it!

    Anyone with any ideas what I could try or point me in any direction will do though?!

    Thanks a lot for your help!

    Wednesday, September 9, 2009 9:22 AM

Answers

  • Hi,

    It’s more of a development issue, it’s suggested to submit a new post in the MSDN forum to get more suggestions. They are the best resource for this kind of problem.

    MSDN Forum
    http://forums.microsoft.com/MSDN/default.aspx?SiteID=1

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, November 6, 2009 1:19 AM

All replies

  • Hi

    Try placing the SHV dll inside  %windir%/system32  and then register the  dll. Do you still see the same problem?

    Thanks
    Ravi 
    Wednesday, September 9, 2009 8:25 PM
  • Hi!

    Okey, now I put it in %windir%/SysWoW64 since I couldn't register it in %windir%/system32, although I compiled it for x64.. weird. I got some error that the file could not be found.


    Anyways it didn't work! I got the same message after an hour and then after a re-register the error came back again after a few hours!

    Why do you think it should help by putting the shv.dll in system32?

    Any more tips! Anything, point me in some direction!

    Thanks a lot!
    Friday, September 11, 2009 6:54 AM
  • Hi

    Sorry about not following up on this.

    Few questions:
    1. Did you try it on windows 2k8 server? Do you see the same problem there too?
    2. Can you please run SHV with app verifier on? This will help us catch any leaks assuming they are leading to this problem. You can download app verifier from http://www.microsoft.com/downloads/details.aspx?FamilyID=C4A25AB9-649D-4A1B-B4A7-C9D8B095DF18&displaylang=en

    Thanks
    Ravi
    Wednesday, October 28, 2009 3:27 AM
  • Hi!

    Thanks a lot for the assistance on this! To answer your questions:

    1. I haven't run it on windows 2k8 server, only on windows 2k8 r2 beta and the final release in two different environments. The exact same error occured on both.
    2. I will run the app verifier and report my findings as soon as possible.

    Thanks again!
    Thursday, October 29, 2009 7:05 AM
  • Hi

    I tried to repro your problem but couldnt succeed.

    Here is what I did.

    1. Deployed SdkSha.exe. Made one small change in the code so that it periodically sends SoH forever
    2. Deployed SdkShv.dll unmodified.

    I ran this setup for a few hours but didnt hit the problem that you reported. Do you think I missed something in my repro steps?

    I will be travelling for the next 12 days so wont be able to respond to this thread. I'll look at it once again on coming back.

    Thanks
    Ravi

    Friday, October 30, 2009 1:51 AM
  • Hi!

    Your reproduction sounds similiar to my scenario (I guess you're running w2k8 r2 and windows 7 rtm), except that I didn't just send SoHs automatically (not that it should matter), but I changed the SoHs from healthy to unhealthy back and forth setting the client in restricted mode and full access mode. Also, for me it could take up to 5-6 hours until the error appeared. Last time I tested it took 4 hours.

    So if you give it another go add some random health change in the SoHs and let is chew for a good 8 hours or so (I know it's a loong time to wait :)) and after that scan the Network Policies and Access Services-log in (Event Viewer->Custom Views->Server Roles) for "can not create validator"-string.

    I am going to run the app verifier and get back with that information.

    Again, thanks a lot the help! Really appreciated.

    Hinjo
    Friday, October 30, 2009 9:00 AM
  • Hello again!

    So here are my finding from running the sdkshv.dll with appverifier on and monitoring the dll:

    I run the shv four days straight and testing it during the day time just a couple of hours (at least 3) straight and didn't see any logs in the appverifier, and suprisingly enough the error (can not create validator) didn't occur. The only thing I've noticed is that from time to time it would hang from 10 seconds to 1 minute until i changed my state to unrestricted or limited, when I changed the health of the client. I didn't get this at all, so I unhooked the appverifier and closed it down and within ten minutes I got the error.

    I don't know if the conditions change when we hook on the appverifier, cause I read somewhere that it injects code in the dll, so we could be actually changing the behaviour of memory leek.

    (I run my extended shv with the appverifier and the same thing occurs, the error doesn't appear, but when I shut down the appverifier, I get the error within ten minutes)

    What do you think?

    Have you had the time to test the shv on your side yet (without the appverifier :) )?

    Thanks again!
    Thursday, November 5, 2009 7:32 AM
  • Hi,

    It’s more of a development issue, it’s suggested to submit a new post in the MSDN forum to get more suggestions. They are the best resource for this kind of problem.

    MSDN Forum
    http://forums.microsoft.com/MSDN/default.aspx?SiteID=1

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, November 6, 2009 1:19 AM
  • Hi!

    I feel that the problem or the possible bug is in the sdk itself in which case people that built it or are connected to the ones that built it have the best chance of solving the problem.

    Now I have posted this on the MSDN forum aswell. I got no answers though, probably because this is a very specific scenario that triggers the bug that the NAP team most easily can reproduce!

    /Hinjo
    Wednesday, November 25, 2009 1:56 PM