Microsoft KB Archive/891604

= Event ID 9015 and Event ID 9014 are logged in the Windows application event log on computers that are running the Microsoft Operations Manager 2000 agent =

Article ID: 891604

Article Last Modified on 6/11/2007

-

APPLIES TO


 * Microsoft Operations Manager 2000 Service Pack 1

-



Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.



SYMPTOMS
The following event messages are logged in the Microsoft Windows application event log on computers that are running the Microsoft Operations Manager (MOM) 2000 agent: Event ID: 9015

Source: OnePoint Operations

Description: The Microsoft Operations Manager 2000 service (OnePointService.exe) received an unexpected exception.

Thread Id: 0xnnnn

Thread Name: :AgentResp

Exception code: 0x00000000c00000005

Exception description: Access Violation

Exception address: 00000000 Exception flags: 0x0

Event ID: 9014

Source: OnePoint Operations

Description: The Microsoft Operations Manager 2000 service (OnePointService.exe) terminated due to an unhandled exception. It will attempt to restart itself.



CAUSE
This problem is typically caused by McAfee VirusScan Enterprise 8.0i. This problem may occur when the McAfee ScriptScan component (Scriptscan.dll) scans a script that calls a Microsoft ActiveX control. Scriptscan.dll replaces the Windows Script Host component with its own proxy component. The McAfee ScriptScan proxy component (Scriptproxy.dll) scans JavaScript-based scripts and Microsoft Visual Basic Scripting Edition (VBScript)-based scripts to look for viruses. When a script runs and then passes through the scan as clean, Scriptproxy.dll passes the script to the appropriate Windows Script Host.

However, Scriptproxy.dll may cause an access violation when it parses the MOM Active Directory Management Pack scripts that call ActiveX controls during the OnePointService.exe process. Scriptproxy.dll may stop responding and may cause the OnePointService.exe process that hosts the component to stop responding. The OnePointService.exe process tries to restart itself. This behavior may repeatedly occur.



WORKAROUND
Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

To work around this problem, unregister Scriptproxy.dll. To do this, follow these steps.

Important When you unregister Scriptproxy.dll, McAfee does not scan any scripts to look for viruses.  Log on to the computer that is running the MOM 2000 agent by using an account that has domain administrator permissions. Click Start, click Run, type cmd, and then click OK. At the command prompt, locate the %ProgramFiles%\Network Associates\VirusScan folder. At the command prompt, type regsvr32 /u scriptproxy.dll . Restart the OnePointService.exe process to apply the changes. To do this, follow these steps:  Click Start, point to Administrative Tools, and then click Services.</li> In the Services snap-in, right-click OnePoint, and then click Restart.</li> Close the Services snap-in.</li></ol> </li></ol>

<div class="references_section">