Faulting application name: ePIP.exe, version: 3.1.0.144

Technical Articles ID: KB91589
Last Modified: 2023-07-28 11:01:59 Etc/GMT

Environment

ePolicy Orchestrator (ePO) 5.x
ePO Pre-Installation Auditor (PIA) 3.1.0.144

NOTE: The PIA tool was previously known as the Installation and Upgrade Precheck tool.

Problem

When you try to run the checks with the ePO PIA tool, PIA crashes with the following error in the event logs:

Faulting application name: ePIP.exe, version: 3.1.0.144, time stamp: 0x5bf2a91f
Faulting module name: ePIP.exe, version: 3.1.0.144, time stamp: 0x5bf2a91f
Exception code: 0xc0000409
Fault offset: 0x0017828c
Faulting process ID: 0x22a4
Faulting application start time: 0x01d4f17b3c32c140
Faulting application path: C:\Users\lsard-a\Desktop\ePOIP310_144R3\ePIP.exe
Faulting module path: C:\Users\lsard-a\Desktop\ePOIP310_144R3\ePIP.exe
Report ID: 8a6c0802-5d6e-11e9-8173-00215a9b5458
Faulting package full name:
Faulting package-relative application ID:

The ePIPAPI.log records the last activity during the database disk space check:

I Database <database_name> in drive l with type ROWS current size 20763.00 MB space and extra required is 0.00.
I Database <database_name> in drive n with type LOG current size 14336.00 MB space and extra required is 0.00.

A basic analysis of the process dump shows a FAST_FAIL_INVALID_ARG exception:

CONTEXT: (.ecxr)
eax=00000001 ebx=00e6b518 ecx=00000005 edx=00000000 esi=00000000 edi=00e6b5a0
eip=0051828c esp=04d0f134 ebp=04d0f154 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
ePIP+0x17828c:
0051828c cd29 int 29h
Resetting default scope

FAULTING_IP:
ePIP+17828c
0051828c cd29 int 29h

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 0051828c (ePIP+0x0017828c)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 00000005
Subcode: 0x5 FAST_FAIL_INVALID_ARG

DEFAULT_BUCKET_ID: FAIL_FAST_INVALID_ARG

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

PROBLEM_CLASSES:

ID: [0n282]
Type: [FAIL_FAST]
...

ID: [0n269]
Type: [INVALID_ARG]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]

LAST_CONTROL_TRANSFER: from 0051825d to 0051828c

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
...

FOLLOWUP_IP:
ePIP+17828c
0051828c cd29 int 29h

FAULT_INSTR_CODE: 6a5629cd
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: ePIP+17828c
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ePIP
IMAGE_NAME: ePIP.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 5bf2a91f
STACK_COMMAND: ~8s ; .ecxr ; kb
BUCKET_ID: FAIL_FAST_INVALID_ARG_ePIP+17828c
FAILURE_EXCEPTION_CODE: c0000409
FAILURE_IMAGE_NAME: ePIP.exe

Cause

This issue occurs when both of the following occur:

PIA tries to load the database name during the SQL disk-size check.
The name of the database exceeds a 32-character limit.

Or, in this case, the PIA check referenced the name that would be assigned to the Events database.

When the main database name is 26 characters in length, the name of the Events database exceeds 32 characters, because this name is appended with Events.

Example:

The name of the ePO database is ePolicyOrchestrator_Server.
The Events database will then be ePolicyOrchestrator_Server_Events. So, the name exceeds 32 characters.

Solution

This issue is resolved in PIA 3.1.0.189, which was released on July 22, 2019.

Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.

NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Faulting application name: ePIP.exe, version: 3.1.0.144

Environment

Problem

Cause

Solution

Affected Products

Languages:

Title

Title

Knowledge Center

Faulting application name: ePIP.exe, version: 3.1.0.144

Environment

Problem

Cause

Solution

Affected Products

Languages:

Choose your region

Title

Title