We have users reporting that their sessions crash randomly during use, and I believe this has been happening ever since the Windows 11 24H2 update. I haven't seen many other threads or discussions regarding this issue.

Here's what we've tried so far:

Updated ACS client to the latest version
Updated Semeru to the latest version
Updated RVI to the latest version
Disabled and added exclusions for these apps in SentinelOne via hash and file path
Disabled OneDrive
Ran a memory test
Updated Windows (currently on the February 11, 2025-KB5051987 update)
Completely replaced PC

Looking at the dump logs in SentinelOne, it seems like SentinelOne is injecting its modules into almost every application.

We've attempted multiple troubleshooting steps, including completely replacing the workstation, but the sessions still crash.

Here's what the Event Viewer application logs show. There aren't any related hardware or system logs that correlate with this event-only application logs:

Faulting application name: acslaunch_win-64.exe, version: 9.64.7.0, time stamp: 0x6734c166
Faulting module name: ntdll.dll, version: 10.0.26100.2454, time stamp: 0x7cb6b6a8
Exception code: 0xc00000fd
Fault offset: 0x0000000000163df7
Faulting process id: 0x3C48
Faulting application start time: 0x1DB7D696D509026
Faulting application path: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64\acslaunch_win-64.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: eca110cb-ca19-4ae4-b7b6-17dcac73c1ce
Faulting package full name: 
Faulting package-relative application ID: 

Some have mentioned that the ntdll.dll error is related to memory/stack overflow issues, but I haven't seen any updates or announcements from the affected companies addressing this.

Has anyone else experienced this? Last week, we thought adding SentinelOne exclusions fixed the issue, but this week, the crashes have returned.

------------------------------
Manny Perez
------------------------------

We have users reporting that their sessions crash randomly during use, and I believe this has been happening ever since the Windows 11 24H2 update. I haven't seen many other threads or discussions regarding this issue.

Here's what we've tried so far:

Updated ACS client to the latest version
Updated Semeru to the latest version
Updated RVI to the latest version
Disabled and added exclusions for these apps in SentinelOne via hash and file path
Disabled OneDrive
Ran a memory test
Updated Windows (currently on the February 11, 2025-KB5051987 update)
Completely replaced PC

Looking at the dump logs in SentinelOne, it seems like SentinelOne is injecting its modules into almost every application.

We've attempted multiple troubleshooting steps, including completely replacing the workstation, but the sessions still crash.

Here's what the Event Viewer application logs show. There aren't any related hardware or system logs that correlate with this event-only application logs:

Faulting application name: acslaunch_win-64.exe, version: 9.64.7.0, time stamp: 0x6734c166
Faulting module name: ntdll.dll, version: 10.0.26100.2454, time stamp: 0x7cb6b6a8
Exception code: 0xc00000fd
Fault offset: 0x0000000000163df7
Faulting process id: 0x3C48
Faulting application start time: 0x1DB7D696D509026
Faulting application path: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64\acslaunch_win-64.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: eca110cb-ca19-4ae4-b7b6-17dcac73c1ce
Faulting package full name: 
Faulting package-relative application ID: 

Some have mentioned that the ntdll.dll error is related to memory/stack overflow issues, but I haven't seen any updates or announcements from the affected companies addressing this.

Has anyone else experienced this? Last week, we thought adding SentinelOne exclusions fixed the issue, but this week, the crashes have returned.

Not saying this will work, but..have you tried starting ACS with a defined set of memory for it to run in for its java env. By default, the amount of memory allocated to it is miniscule if you one to have a lot of ACS windows open...This also assumes you have "plenty" of memory installed on your machine. For instance, I have mine starting with 4GB of memory, since doing this, ACS doesn't crash on me like it used to. If you want to try, right click on the main ACS icon and choose properties.  In the target path , add the -Xmx4g syntax to the end like : 
C:\Windows\System32\conhost.exe C:\Users\RMALLOY1\IBM\ClientSolutions\Start_Programs\Windows_x86-64\acslaunch_win-64.exe -Xmx4g
(Depending on the java version you have, that syntax might be a little different.)

Also - even if ACS crashes, you can always generate a set of logs from ACS that you can look at / send to IBM for analysis. Once you reopen ACS, go to the main window like shown below to generate the logs. 


Once its done, you can go to the directory where the dumps were put, you can try to look at what was generated or simply send them to IBM to analyze them. 


Good luck, hope the above helps in some way
Rich

We have users reporting that their sessions crash randomly during use, and I believe this has been happening ever since the Windows 11 24H2 update. I haven't seen many other threads or discussions regarding this issue.

Here's what we've tried so far:

Updated ACS client to the latest version
Updated Semeru to the latest version
Updated RVI to the latest version
Disabled and added exclusions for these apps in SentinelOne via hash and file path
Disabled OneDrive
Ran a memory test
Updated Windows (currently on the February 11, 2025-KB5051987 update)
Completely replaced PC

Looking at the dump logs in SentinelOne, it seems like SentinelOne is injecting its modules into almost every application.

We've attempted multiple troubleshooting steps, including completely replacing the workstation, but the sessions still crash.

Here's what the Event Viewer application logs show. There aren't any related hardware or system logs that correlate with this event-only application logs:

Faulting application name: acslaunch_win-64.exe, version: 9.64.7.0, time stamp: 0x6734c166
Faulting module name: ntdll.dll, version: 10.0.26100.2454, time stamp: 0x7cb6b6a8
Exception code: 0xc00000fd
Fault offset: 0x0000000000163df7
Faulting process id: 0x3C48
Faulting application start time: 0x1DB7D696D509026
Faulting application path: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64\acslaunch_win-64.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: eca110cb-ca19-4ae4-b7b6-17dcac73c1ce
Faulting package full name: 
Faulting package-relative application ID: 

Some have mentioned that the ntdll.dll error is related to memory/stack overflow issues, but I haven't seen any updates or announcements from the affected companies addressing this.

Has anyone else experienced this? Last week, we thought adding SentinelOne exclusions fixed the issue, but this week, the crashes have returned.

We have users reporting that their sessions crash randomly during use, and I believe this has been happening ever since the Windows 11 24H2 update. I haven't seen many other threads or discussions regarding this issue.

Here's what we've tried so far:

Updated ACS client to the latest version
Updated Semeru to the latest version
Updated RVI to the latest version
Disabled and added exclusions for these apps in SentinelOne via hash and file path
Disabled OneDrive
Ran a memory test
Updated Windows (currently on the February 11, 2025-KB5051987 update)
Completely replaced PC

Looking at the dump logs in SentinelOne, it seems like SentinelOne is injecting its modules into almost every application.

We've attempted multiple troubleshooting steps, including completely replacing the workstation, but the sessions still crash.

Here's what the Event Viewer application logs show. There aren't any related hardware or system logs that correlate with this event-only application logs:

Faulting application name: acslaunch_win-64.exe, version: 9.64.7.0, time stamp: 0x6734c166
Faulting module name: ntdll.dll, version: 10.0.26100.2454, time stamp: 0x7cb6b6a8
Exception code: 0xc00000fd
Fault offset: 0x0000000000163df7
Faulting process id: 0x3C48
Faulting application start time: 0x1DB7D696D509026
Faulting application path: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64\acslaunch_win-64.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: eca110cb-ca19-4ae4-b7b6-17dcac73c1ce
Faulting package full name: 
Faulting package-relative application ID: 

Some have mentioned that the ntdll.dll error is related to memory/stack overflow issues, but I haven't seen any updates or announcements from the affected companies addressing this.

Has anyone else experienced this? Last week, we thought adding SentinelOne exclusions fixed the issue, but this week, the crashes have returned.

------------------------------
Manny Perez
------------------------------

Hi Manny, 

Yes, its a pain that the update caused quite a few things. 

Another person had quite some success (see this link ) RDI Java Problems 

This could help you as well if you would like to give it a go by also using Amazon Coretto instead of Semeru as runtime for ACS?

This SentinelOne is quite concerning that it injects into the actual running system (suppose there are more attack vectors possible than one could imagine). 

I would really though suggest you engage with your CyberSec team to perhaps isolate your ACS / JVM (runtime which ever you use) outside of that as best with extensive exclusions.

Let us know how it goes? 

------------------------------
Marius le Roux, theIBMiGuy
Owner , IBM i Consultant & Technology Strategist, Enterprise Integration Consultant (IBM i Focus)
MLR Consulting
South Africa

Original Message:
Sent: Wed February 12, 2025 01:00 PM
From: Manny Perez
Subject: i Access Client Solutions Crash

We have users reporting that their sessions crash randomly during use, and I believe this has been happening ever since the Windows 11 24H2 update. I haven't seen many other threads or discussions regarding this issue.

Here's what we've tried so far:

Updated ACS client to the latest version
Updated Semeru to the latest version
Updated RVI to the latest version
Disabled and added exclusions for these apps in SentinelOne via hash and file path
Disabled OneDrive
Ran a memory test
Updated Windows (currently on the February 11, 2025-KB5051987 update)
Completely replaced PC

Looking at the dump logs in SentinelOne, it seems like SentinelOne is injecting its modules into almost every application.

We've attempted multiple troubleshooting steps, including completely replacing the workstation, but the sessions still crash.

Here's what the Event Viewer application logs show. There aren't any related hardware or system logs that correlate with this event-only application logs:

Faulting application name: acslaunch_win-64.exe, version: 9.64.7.0, time stamp: 0x6734c166
Faulting module name: ntdll.dll, version: 10.0.26100.2454, time stamp: 0x7cb6b6a8
Exception code: 0xc00000fd
Fault offset: 0x0000000000163df7
Faulting process id: 0x3C48
Faulting application start time: 0x1DB7D696D509026
Faulting application path: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64\acslaunch_win-64.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: eca110cb-ca19-4ae4-b7b6-17dcac73c1ce
Faulting package full name: 
Faulting package-relative application ID: 

Some have mentioned that the ntdll.dll error is related to memory/stack overflow issues, but I haven't seen any updates or announcements from the affected companies addressing this.

Has anyone else experienced this? Last week, we thought adding SentinelOne exclusions fixed the issue, but this week, the crashes have returned.

------------------------------
Manny Perez
------------------------------

#IBMiAccessClientSolutions

FYI, I found a reference to SentinelOne in a Reddit post from 8 months ago: Issues with RDI and Windows 11 (24H2 update)

Entry below:

"Currently the only work-arounds at this time are to either roll back to 23H2 or to whitelist RDI in the SentinelOne config."

I located the RDi.exe file on my PC, copied the path, and sent it to our network administrator. He whitelisted it, and boom. I'm back.

Hi Manny, 

Yes, its a pain that the update caused quite a few things. 

Another person had quite some success (see this link ) RDI Java Problems 

This could help you as well if you would like to give it a go by also using Amazon Coretto instead of Semeru as runtime for ACS?

This SentinelOne is quite concerning that it injects into the actual running system (suppose there are more attack vectors possible than one could imagine). 

I would really though suggest you engage with your CyberSec team to perhaps isolate your ACS / JVM (runtime which ever you use) outside of that as best with extensive exclusions.

Let us know how it goes? 

------------------------------
Marius le Roux, theIBMiGuy
Owner , IBM i Consultant & Technology Strategist, Enterprise Integration Consultant (IBM i Focus)
MLR Consulting
South Africa

Original Message:
Sent: Wed February 12, 2025 01:00 PM
From: Manny Perez
Subject: i Access Client Solutions Crash

We have users reporting that their sessions crash randomly during use, and I believe this has been happening ever since the Windows 11 24H2 update. I haven't seen many other threads or discussions regarding this issue.

Here's what we've tried so far:

Updated ACS client to the latest version
Updated Semeru to the latest version
Updated RVI to the latest version
Disabled and added exclusions for these apps in SentinelOne via hash and file path
Disabled OneDrive
Ran a memory test
Updated Windows (currently on the February 11, 2025-KB5051987 update)
Completely replaced PC

Looking at the dump logs in SentinelOne, it seems like SentinelOne is injecting its modules into almost every application.

We've attempted multiple troubleshooting steps, including completely replacing the workstation, but the sessions still crash.

Here's what the Event Viewer application logs show. There aren't any related hardware or system logs that correlate with this event-only application logs:

Faulting application name: acslaunch_win-64.exe, version: 9.64.7.0, time stamp: 0x6734c166
Faulting module name: ntdll.dll, version: 10.0.26100.2454, time stamp: 0x7cb6b6a8
Exception code: 0xc00000fd
Fault offset: 0x0000000000163df7
Faulting process id: 0x3C48
Faulting application start time: 0x1DB7D696D509026
Faulting application path: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64\acslaunch_win-64.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: eca110cb-ca19-4ae4-b7b6-17dcac73c1ce
Faulting package full name: 
Faulting package-relative application ID: 

Some have mentioned that the ntdll.dll error is related to memory/stack overflow issues, but I haven't seen any updates or announcements from the affected companies addressing this.

Has anyone else experienced this? Last week, we thought adding SentinelOne exclusions fixed the issue, but this week, the crashes have returned.

------------------------------
Manny Perez
------------------------------

Scott, 

Might want to recheck that link : 

FYI, I found a reference to SentinelOne in a Reddit post from 8 months ago: Issues with RDI and Windows 11 (24H2 update)

Entry below:

"Currently the only work-arounds at this time are to either roll back to 23H2 or to whitelist RDI in the SentinelOne config."

I located the RDi.exe file on my PC, copied the path, and sent it to our network administrator. He whitelisted it, and boom. I'm back.

Hi Manny, 

Yes, its a pain that the update caused quite a few things. 

Another person had quite some success (see this link ) RDI Java Problems 

This could help you as well if you would like to give it a go by also using Amazon Coretto instead of Semeru as runtime for ACS?

This SentinelOne is quite concerning that it injects into the actual running system (suppose there are more attack vectors possible than one could imagine). 

I would really though suggest you engage with your CyberSec team to perhaps isolate your ACS / JVM (runtime which ever you use) outside of that as best with extensive exclusions.

Let us know how it goes? 

------------------------------
Marius le Roux, theIBMiGuy
Owner , IBM i Consultant & Technology Strategist, Enterprise Integration Consultant (IBM i Focus)
MLR Consulting
South Africa

Original Message:
Sent: Wed February 12, 2025 01:00 PM
From: Manny Perez
Subject: i Access Client Solutions Crash

We have users reporting that their sessions crash randomly during use, and I believe this has been happening ever since the Windows 11 24H2 update. I haven't seen many other threads or discussions regarding this issue.

Here's what we've tried so far:

Updated ACS client to the latest version
Updated Semeru to the latest version
Updated RVI to the latest version
Disabled and added exclusions for these apps in SentinelOne via hash and file path
Disabled OneDrive
Ran a memory test
Updated Windows (currently on the February 11, 2025-KB5051987 update)
Completely replaced PC

Looking at the dump logs in SentinelOne, it seems like SentinelOne is injecting its modules into almost every application.

We've attempted multiple troubleshooting steps, including completely replacing the workstation, but the sessions still crash.

Here's what the Event Viewer application logs show. There aren't any related hardware or system logs that correlate with this event-only application logs:

Faulting application name: acslaunch_win-64.exe, version: 9.64.7.0, time stamp: 0x6734c166
Faulting module name: ntdll.dll, version: 10.0.26100.2454, time stamp: 0x7cb6b6a8
Exception code: 0xc00000fd
Fault offset: 0x0000000000163df7
Faulting process id: 0x3C48
Faulting application start time: 0x1DB7D696D509026
Faulting application path: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64\acslaunch_win-64.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: eca110cb-ca19-4ae4-b7b6-17dcac73c1ce
Faulting package full name: 
Faulting package-relative application ID: 

Some have mentioned that the ntdll.dll error is related to memory/stack overflow issues, but I haven't seen any updates or announcements from the affected companies addressing this.

Has anyone else experienced this? Last week, we thought adding SentinelOne exclusions fixed the issue, but this week, the crashes have returned.

------------------------------
Manny Perez
------------------------------

We have users reporting that their sessions crash randomly during use, and I believe this has been happening ever since the Windows 11 24H2 update. I haven't seen many other threads or discussions regarding this issue.

Here's what we've tried so far:

Updated ACS client to the latest version
Updated Semeru to the latest version
Updated RVI to the latest version
Disabled and added exclusions for these apps in SentinelOne via hash and file path
Disabled OneDrive
Ran a memory test
Updated Windows (currently on the February 11, 2025-KB5051987 update)
Completely replaced PC

Looking at the dump logs in SentinelOne, it seems like SentinelOne is injecting its modules into almost every application.

We've attempted multiple troubleshooting steps, including completely replacing the workstation, but the sessions still crash.

Here's what the Event Viewer application logs show. There aren't any related hardware or system logs that correlate with this event-only application logs:

Faulting application name: acslaunch_win-64.exe, version: 9.64.7.0, time stamp: 0x6734c166
Faulting module name: ntdll.dll, version: 10.0.26100.2454, time stamp: 0x7cb6b6a8
Exception code: 0xc00000fd
Fault offset: 0x0000000000163df7
Faulting process id: 0x3C48
Faulting application start time: 0x1DB7D696D509026
Faulting application path: C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64\acslaunch_win-64.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: eca110cb-ca19-4ae4-b7b6-17dcac73c1ce
Faulting package full name: 
Faulting package-relative application ID: 

Some have mentioned that the ntdll.dll error is related to memory/stack overflow issues, but I haven't seen any updates or announcements from the affected companies addressing this.

Has anyone else experienced this? Last week, we thought adding SentinelOne exclusions fixed the issue, but this week, the crashes have returned.