Event ID 1014 and 1002 (Windows IIS Web Server)

KB ID 0000808 

Problem

Seen on Server 2003 running IIS 6, about once a week the website would fail, and the client had to reboot the server to bring things back up again. I took a look at the server and noticed that when the failure happened, we had five Event ID 1014 errors;

Source W3SVC
The World Wide Web Publishing Service encountered an internal error in its process management of worker process ‘<value>’ serving application pool ‘DefaultAppPool’. The data field contains the error number.

And finally we had an Event ID 1002;

Source W3SVC
Application pool ‘DefaultAppPool’ is being automatically disabled due to a series of failures in the process(es) serving that application pool

Solution

1. Before you proceed make sure this is not the problem.

2. Open the Internet Information Services (IIS) Manager > {Servername} > Application Pools > DefaultAppPool (unless your error is for another app pool) > Properties > Health.

3. Rapid-Fail Protection: You may wish to troubleshoot by simply increasing the thresholds, (the frequency of your 1002 events should give you a pointer). Though from what I’ve read this system tends to cause more problems than it cures, in the end I disabled it completely.

Warning: Disabling a system that is designed to protect you inherently has dangers.

If you suddenly get an unstable server, or memory leak problems you might want to reinstate this, and start checking the code in your website!

Related Articles, References, Credits, or External Links

NA

McAfee ePO – Client Firewall Exceptions to Allow Agent Deployment

KB ID 0000952 

Problem

It’s been a while, since I deployed ePO, and as I’ve got a big McAfee roll-out coming up I thought I’d better run it up on the test bench and see how much it’s changed since version 4. As the prospective client is going to use Server 2012 and Windows 8, that’s what I tested it with.

Despite my best efforts the the McAfee agent (8.6) refused to deploy to the clients as long as I had the windows firewall on. A quick Google turned up a myriad of suggestions for ports and services, and most of them were for older versions of ePO or were simply incorrect.

Solution

Basically you need to to do two things with the firewall;

  • Allow in ICMP echo requests
  • Allow in File and Printer sharing

Set Firewall to Allow McAfee Agent deployment via Group Policy

This is the simplest option, especially if you have a lot of client to deploy to.

1. On your Domain Controller > Launch the Group Policy Management Console > Create a new policy (or edit an existing one), that is linked either to the root of the domain, or the OU that your computers are in.

2. Edit The policy, and navigate to;

[box]Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows FirewallDomain ProfileWindows Firewall: Allow ICMP exceptions[/box]

3. Set to Enabled > Select ‘Allow inbound echo request’ > Apply > OK.

4. In the same location select ‘Windows Firewall: Allow inbound file and printer sharing exception’.

5. Enable this policy > Then enter the IP address of the ePO server > Apply > OK.

6. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them. Then Re-deploy your McAfee agent.

Set Firewall to Allow McAfee Agent deployment on an Individual Machine

1. Windows Key +R > cmd {Enter} > firewall.cpl {Enter}.

2. Allow an app or feature though Windows Firewall.

3. Locate ‘File and Printer Sharing’ and enable (Note: Here I’ve enabled for Domain, Public, and Private, you may only want to select Domain) > OK.

4. Advanced Settings > Inbound Rules > New Rule.

5. Custom > Next.

6. All Programs > Next.

7. Protocol Type = ICMPv4 > Customize > Echo Request > OK > Next.

8. Enter the IP address of your ePO server > Next.

9. Allow the connection > Next.

10. Select as appropriate > Next.

11. Give the rule a sensible name > Finish.

12. Re-deploy your McAfee agent.

Related Articles, References, Credits, or External Links

NA