Troubleshoot Terminated Data Connector Components

Symptoms: One or more deployed data connector components (listed in Admin Implementation) terminate mysteriously (status shows in red), without any useful information in the logs.

Root Cause: An external process, such as a security scanning tool, terminates Info360 Insight Data Connector components.

Solution:

Determine which processes are responsible for terminating the Data Connector components using a debugging tool called Global Flags.

Global Flags has a feature for monitoring processes and can send a message to the Event Manager indicating what was responsible for the termination signal.

Note: This tool has some limitations. It only identifies the responsible process if it is running in User mode, but some security applications may run in Kernel mode. Some security systems may also terminate the Global Flags monitor itself.

To download, install, and run Global Flags:

  1. Download the Windows SDK.
  2. When prompted, select 'Debugging Tools for Windows'. This is all you need to install.
  3. Once installed, open the Global Flags (X64) app (found in the Windows Kits folder).
    Note: Do not use the X86 version.
  4. Go to the Silent Process Exit tab and enter the name of the application you wish to monitor in the Image field. See list of applications further below.
  5. Press the TAB key to refresh the page and enable some other options.
  6. Ensure the 'Enable Silent Process Exit Monitoring' and 'Ignore Self Exits' checkboxes are selected. Only select these options; other options may crash the tool.
  7. Select Apply.
    Note:
    • You may need to unselect the checkbox and select it again to enable the Apply button.
    • When you select Apply, the Global Flags window should remain open. If it disappears, then it crashed and likely ignored your changes.

Repeat steps 4 to 7 above for each of the following applications:

Note: These Silent Process Exit Global Flag changes apply immediately; you do not need to restart greengrass for them to take effect. These settings are stored in the registry and persist across a reboot. The current settings can be observed with the following command line directive: 
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit" /s

The next time any of the specified applications are terminated, a message will be sent to the Event Viewer. The event can be seen in Windows Logs Application, with the Source name 'Process Exit Monitor'. The event will indicate how it was terminated and by which process.

Important: Once you have finished monitoring, you should disable the Silent Process Exit Monitor for each application you enabled it for, since continual monitoring may impact system performance.
Parent topic: Troubleshoot Installation