Jump to content

ERROR Boomeranghandler Could not sync Newtonsoft.Json.JsonReaderException


Recommended Posts

One of my agents is throwing the following:

2017-09-21 15:37:07,850-04:00 [26] ERROR BoomerangHandler Could not sync
Newtonsoft.Json.JsonReaderException: Unexpected character encountered while parsing value: <. Path '', line 0, position 0.
   at Newtonsoft.Json.JsonTextReader.ParseValue()
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ReadForType(JsonReader reader, JsonContract contract, Boolean hasConverter)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
   at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
   at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
   at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
   at EAEngine.Boomerang.BoomerangHandler.<Sync>d__34.MoveNext()

This particular machine seems to be problematic.  I'm not gathering its asset info like I am my other clients, and I'm unable to execute any tasks on it.  Yes, I have ensured the .NET requirements are met, yes, it has been moved to a non-default policy that includes endpoint protection, and yes, it has been rebooted since the move to another group.  I have also uninstalled/reinstalled and run through toggling its groups with no avail either with multiple restarts in between.  SEP was running on it previously, but I did have it uninstalled first.  Also, I do have the firewall requirements met and am able to reach *.malwarebytes.com, *.mwbsys.com, *.mbamupdates.com, *.mb-cosmos.com over SSL/443.  This client is running Windows 7 Pro with the latest and greatest MS patches...

Errors that succeed the aforementioned include:

...
2017-09-21 15:37:08,957-04:00 [22] ERROR TrayModule System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at EAEngine.UserModules.TrayModule.EnforceEndpointInterfacePolicy()
...
2017-09-21 15:37:16,461-04:00 [29] ERROR EAEngine Error posting to Nebula. Url:/api/v1/machine/results
System.AggregateException: One or more errors occurred. ---> System.Web.HttpException: HTTP Request failed to /api/v1/machine/results. Http Code: 400 Reason:Bad Request
	Body Response: <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidArgument</Code><Message>Unsupported Authorization Type</Message><ArgumentName>Authorization</ArgumentName><ArgumentValue>Bearer scrubbed</ArgumentValue><RequestId>scrubbed</RequestId><HostId>scrubbed=</HostId></Error>
   at EAEngine.Http.EAWebClient.<EnsureSuccessStatusCode>d__21.MoveNext()
...

Thanks for any input or advice you can throw my way in the meantime...

Edited by Happyfox
Typo
Link to post
Share on other sites

Hey Happyfox,

Yep - every PC in our domain is full of those exact same errors as well.

In addition to those three errors you mention -  we also get these as well...

Quote

2017-09-28 06:33:47,435+01:00 [67] ERROR MBAMPlugin Error scheduling ac343baa-4270-4dd4-b677-2a98577d20a2
System.NullReferenceException: Object reference not set to an instance of an object.
   at EAMB3.Commands.ScanCmd.CreateScanParamters(ScanController scanController)
   at EAMBAMPlugin.MBAMPlugin.SchedulesChanged()

Quote

2017-09-28 06:33:50,519+01:00 [92] WARN  MBAMPlugin Unable to get anti-exploit advanced techniques from mbam

 

Would like to get to the bottom of this as something doesn't feel right, even though the PC's in the cloud portal are showing 'green'

cheers,

 

Link to post
Share on other sites

@rm304

I may not be Malwarebytes support, but I did find that it's crucial to have other endpoint protection software removed completely with a restart prior to installing MEP.  I too would love to know some of the details around these exceptions.

 

 @wiggy

Your exceptions look worse than mine!  For a reason still unknown, the functionality appears to work just fine after so long.  I'm still seeing the exceptions though as well, which is unsettling indeed.

Thanks for affirming that I'm not the only one experiencing the issue at least... and even if it's benign, I'd like to see some better exception handling that yields better informational logging.  If I'm misconfiguring something, not adhering to best practice, or screwing something up, I'd like to know about it through logs rather than assume it's a Malwarebytes bug.

Link to post
Share on other sites

Yeah  - all those errors especially the...

2017-09-28 06:33:50,519+01:00 [92] WARN  MBAMPlugin Unable to get anti-exploit advanced techniques from mbam

...makes me wonder if the agents are actually updating at all - how can you tell?

The cloud console shows all agents green, but those errors must mean something isn't quite right.

Link to post
Share on other sites

Heard back from MB tech support today after sending them examples of these error logs...

Quote

... there is nothing wrong with the client machines and they are working fine and you are protected. We are aware of this issue and are working to fix this and hide these from the event logs. 

 

Link to post
Share on other sites

It would be nice to have some sort of verification that something other than the endpoint agent is running though.

 

I have these errors on every machine as well, and if you look into the event history these usually lead up to a Kernel Power Failure (Blue screen) followed up by a side-by-side problem with the agent not wanting to start anymore and the machine showing as inactive from the cloud console despite all the services running and everything looking fine.

Edited by IT_Guy
Link to post
Share on other sites
  • 2 weeks later...
  • Staff

We are still currently investigating the side by side errors, we have re-enabled boomerang with a fix.

If you are experiencing offline clients please use our clean tool below:

https://downloads.malwarebytes.com/file/mb_clean

From an administrator command prompt run the .exe with a /cloud switch please allow the restart.

Once cleaned please re-install with the prerequisites exe from your cloud console Endpoints > Add

 

If the clients still has any issues or you get a side-by-side error please let me know, or update your current service case.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.