Hi All,
I'm running HostMonitor v8.32 on Windows 2008 R2 Standard (x64), and am seeing a strange, intermittent problem with Host Check tests.
Basically for a short period (<1min), Hostmonitor reports all Host Check tests as BAD (100% of 5 packets lost - 10k). When this occurs hostmonitor logs the below event for each failed host check.
Network connectivity is perfect with no errors on the host interfaces or dropped packets. I've confirmed that hostmonitor has full control of all folders, tests, ini and lst files, etc. Windows firewall is off, as is DEP. I have also tried this on multiple 2008 R2 physical servers with the same results.
I am aware that this is not an officially supported configuration, but I would appreciate any assistance as 2008 R2 is our standard platform going forward. Also, its an amazing improvement on 2008 R1 and market adoption will be pretty swift.
Thanks in advance,
Arun
Application Event Log:
--
Log Name: Application
Source: hostmon.exe
Date: 4/01/2010 7:19:45 AM
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxxxxx
Description:
The description for Event ID 0 from source hostmon.exe cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
Unable to write to hostmon.INI
Host Check Problems on Win 2008 R2
Ping? Then I think this problem is not related to Windows 2008. May be there is some network related problem, e.g. router drops ICMP traffic when its too busy serving TCP requests?
May be timeout is too short?
Regarding "Unable to write to hostmon.INI" error: are you running HostMonitor as service under domain admin account? Could you try to start it using local domain account?
Regards
Alex
May be timeout is too short?
Regarding "Unable to write to hostmon.INI" error: are you running HostMonitor as service under domain admin account? Could you try to start it using local domain account?
Regards
Alex
The problem occurs at random times, with failed ping checks occuring over 1GBps switched LAN as well as various WAN links. I have tried 2000ms timeouts but recieve the same results. When the ping tests are failing I can log on to the hostmonitor server and ping the failed hosts (<1ms replies).
Every time a ping test fails, I see the "unable to write to hostmon.ini" event written to the application event log. I do not see this error written at other times (for instance if I save smtp server changes via RCC).
Hostmonitor is running as a domain admin account, which is also a member of the local administrators group on the hostmonitor server. Additional local rights assigned are: "Replace a process level token" and "Log On as a Service"
Every time a ping test fails, I see the "unable to write to hostmon.ini" event written to the application event log. I do not see this error written at other times (for instance if I save smtp server changes via RCC).
Hostmonitor is running as a domain admin account, which is also a member of the local administrators group on the hostmonitor server. Additional local rights assigned are: "Replace a process level token" and "Log On as a Service"
Very strange 
We are testing HostMonitor and checking the code but cannot reproduce and explain such behaviour...
HostMonitor does not modify ini file after test execution. HostMonitor stores "global" options and some GUI settings in this file. So, it writes changes to the file when you modify mail settings and it is able to do this without problems, right?
On the other hand it should not write anything into ini file after test execution but it does? and this operation fails while it should not..
Do you have some actions assigned to this test? What exactly actions? Could you try to change test status manually using "Reverse alert" option? Just open Test Properties dialog, set "Reverse alert" option, close dialog, press space bar to refresh test item and check NT Event Log.
Regards
Alex
We are testing HostMonitor and checking the code but cannot reproduce and explain such behaviour...
HostMonitor does not modify ini file after test execution. HostMonitor stores "global" options and some GUI settings in this file. So, it writes changes to the file when you modify mail settings and it is able to do this without problems, right?
On the other hand it should not write anything into ini file after test execution but it does? and this operation fails while it should not..
Do you have some actions assigned to this test? What exactly actions? Could you try to change test status manually using "Reverse alert" option? Just open Test Properties dialog, set "Reverse alert" option, close dialog, press space bar to refresh test item and check NT Event Log.
Regards
Alex
That is correct. No problems at all updating the mail server. I started monitoring using sysinternals procmon.exe, and when updating global settings (smtp mailer for instance), hostmon.exe updates C:\Program Files (x86)\Hostmonitor\hostmon.ini as expected.
I set a few tests to 'reverse alert', archived a bad status, but no error was logged in event log. However, during the reverse alert tests, I can see hostmon.exe is trying to read/write to C:\Windows\hostmon.ini many times. The hostmonitor account has full control rights to this file, and the last modified time indicates the file was changed OK. I can provide a procmon capture of this if it will assist.
This is also where hostmon.exe is trying to read/write when the ping tests methods are failing intermittently. I can provide a procmon capture as soon as it happens again (forgot to save the last capture unfortunately).
All ping test have 2 Bad Status Actions, both are "Send Email". On the first bad status I recieve an email alert, on the second consecutive bad status the rest of the support team receives an email alert.
I set a few tests to 'reverse alert', archived a bad status, but no error was logged in event log. However, during the reverse alert tests, I can see hostmon.exe is trying to read/write to C:\Windows\hostmon.ini many times. The hostmonitor account has full control rights to this file, and the last modified time indicates the file was changed OK. I can provide a procmon capture of this if it will assist.
This is also where hostmon.exe is trying to read/write when the ping tests methods are failing intermittently. I can provide a procmon capture as soon as it happens again (forgot to save the last capture unfortunately).
All ping test have 2 Bad Status Actions, both are "Send Email". On the first bad status I recieve an email alert, on the second consecutive bad status the rest of the support team receives an email alert.
Oh, this one. This is normal behavior when you use "Send e-mail" action. HostMonitor opens "Send e-mail" window and reads some parameters from this ini file.I set a few tests to 'reverse alert', archived a bad status, but no error was logged in event log. However, during the reverse alert tests, I can see hostmon.exe is trying to read/write to C:\Windows\hostmon.ini many times.
So, question is why this operation fails sometimes and why ping test fails sometimes. Regarding ping test I still think there is some network issue. May be your router drops ICMP traffic for some reason?
Regards
Alex
OK, that explains the event log messages. So the Ping tests fail, then I see this other error because reading and writing to c:\windows\hostmon.ini fails. I have since made the hostmonitor account owner of the file, and it seems the errors have now gone away (UAC)?
As regards the ping test failures this is still the real issue. When the issue occurs in hostmonitor, I can ping the hosts that are failing from the command prompt. I see ping test failures for hosts sitting on the same physical 1Gbps switch, as well as those that are sitting across the WAN, there is no pattern, it is simply the tests that hostmon is processing at the time that seem to fail. All other tests types work absolutely perfectly.
Hostmonitor had no problems previously on Windows 2003. We've also got some other monitoring apps like Cacti that don't drop pings on the same network.
Can u think of anything else I can try to resolve this intermittent ping test issue on Windows 2008 R2? I can roll back to Windows 2003, but then I lose support for all my Exchange 2010 Powershell monitoring scripts
As regards the ping test failures this is still the real issue. When the issue occurs in hostmonitor, I can ping the hosts that are failing from the command prompt. I see ping test failures for hosts sitting on the same physical 1Gbps switch, as well as those that are sitting across the WAN, there is no pattern, it is simply the tests that hostmon is processing at the time that seem to fail. All other tests types work absolutely perfectly.
Hostmonitor had no problems previously on Windows 2003. We've also got some other monitoring apps like Cacti that don't drop pings on the same network.
Can u think of anything else I can try to resolve this intermittent ping test issue on Windows 2008 R2? I can roll back to Windows 2003, but then I lose support for all my Exchange 2010 Powershell monitoring scripts
H'm...
May be Microsoft made some changes in latest version of iphlpapi.dll but we cannot find any information related to such problem
Could you try to setup test using IPv6 address? HostMonitor uses the same DLL for IPv6 pings but different API functions. If there is some bug in old IPv4 functions, this may help.
Regards
Alex
May be Microsoft made some changes in latest version of iphlpapi.dll but we cannot find any information related to such problem
Could you try to setup test using IPv6 address? HostMonitor uses the same DLL for IPv6 pings but different API functions. If there is some bug in old IPv4 functions, this may help.
Regards
Alex