Hi all,

While analyzing an issue we had, we encountered the following in the
remote loader log file (running on Windows server).

DirXML: [04/07/15 08:42:38.84]: TRACE: Remote Loader: Document sent.
DirXML: [04/09/15 11:07:14.12]:
DirXML Log Event -------------------
Level = fatal
Message = JVM exited unexpectedly (exit code=143)
DirXML: [04/09/15 11:08:03.62]: Loader: Loading JVM

In summary:

- About two days no trace (while the heartbeat is set at once a
minute)
- JVM exit, code 143
- Remote loader restarts


Before and after this section, all seems fine. Heartbeat is generated,
events are sent and received,...

Exit code 143 seems to indicate that the JVM was killed by an external
process. This can be the dirxml_remote.exe process that started the
JVM.

I found one forum user reporting something simular
(https://forums.netiq.com/archive/index.php/t-8722.html).

In the Windows Event Log, we do find the following at the time of JVM
exit (9/04/2015 11:07:11), twice:

- Windows detected your registry file is still in use by other
applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function
properly afterwards.

DETAIL -
1 user registry handles leaked from
\Registry\User\S-1-5-21-3675852479-2980802970-892884109-2528709:
Process 7196 (\Device\HarddiskVolume1\Windows\System32\winlogon .exe)
has opened key
\REGISTRY\USER\S-1-5-21-3675852479-2980802970-892884109-2528709

- Windows detected your registry file is still in use by other
applications or services. The file will be unloaded now. The
applications or services that hold your registry file may not function
properly afterwards.

DETAIL -
1 user registry handles leaked from
\Registry\User\S-1-5-21-3675852479-2980802970-892884109-182677:
Process 7968 (\Device\HarddiskVolume1\Windows\System32\winlogon .exe)
has opened key
\REGISTRY\USER\S-1-5-21-3675852479-2980802970-892884109-182677


I can only assume that the Windows event and the kill of the JVM are
related.

Note: The service account running the remote loader is not SYSTEM, but
an AD domain account.

We only did see this once, for a remote loader running for more than a
year. Anyone has seen this before? What might be the cause of this? What
killed the JVM?



Thanks,

Stefaan


--
scauwe
------------------------------------------------------------------------
scauwe's Profile: https://forums.netiq.com/member.php?userid=1273
View this thread: https://forums.netiq.com/showthread.php?t=53607